Cyber Defense Emagazine - 2018 Global Annual Edition PDF

CYBER DEFENSE MAGAZINE
2018
GLOBAL
ANNUAL
EDITION
Sponsored By
CYBER DEFENSE MAGAZINE – ANNUAL GLOBAL PRINT EDITION 2018 – SPONSORED BY TREND MICRO 1
WELCOME ABOARD
In my sixth year since we founded CDM as Editor-in-Chief, I am delighted to welcome our readers to the 2018
Global Print Edition of Cyber Defense Magazine (CDM), which is now exclusively in print at IPEXPO Europe
2018. Every aspect of IPEXPO Europe touches upon something related to cybersecurity – whether its writing
better code, as developers, to rolling out internet of things (IoT) devices to blockchain or artificial intelligence
– we see the need for more cybersecurity professionals who can respond to and plan for the next wave of
threats and exploitations by cyber criminals.
It’s now projected that there will be some 2 million new jobs created in the cyber security industry over the
next 3-5 years. Indeed, some reports even project greater growth than that. In any case, what’s clear is that
the threats of cyber attacks are not going away; if anything, they will grow in intensity and pervasiveness as
the potential payoffs get richer.
Although the three principal reasons for cyber criminals to operate remain the same, their relative growth
may become skewed toward financial and political gain. Only the thrill-seekers with little to gain other than
some warped sense of power appear to have leveled off. Rich targets of financial assets in the billions have
come into play with the proliferation of cryptocurrencies and exchanges. The use of cyber means to penetrate
and influence political processes is only beginning to be fully investigated. The challenges for the defenders
of cyber integrity continue to grow.
Nonetheless, the “good guys” are in the hunt, with new and creative technological developments to counter
the spread of cyber attacks. AI, ML, IAM, and Cyber Risk Management as a Service (too new for its own
acronym) are among the coming techniques of cyber defense. Without attacking the attackers, there are new
deception-based techniques to at least slow them down and try to document their attacks in more detail.
Therefore, only by keeping up to date with the broad array of developments is it possible for the cyber defense
professional to operate effectively. That’s the job of Cyber Defense Magazine – to be the principal repository
and distribution channel for the vital information flow to keep us all informed and ready to respond to the
threats as they emerge.
On behalf of our entire team, we thank you for being a part of the CDM community, and for supporting our
mission – to help you get one step ahead of the next threat.
Respectfully,
Pierluigi Paganini
Editor-in-Chief
2 CYBER DEFENSE MAGAZINE – ANNUAL GLOBAL PRINT EDITION 2018 – SPONSORED BY TREND MICRO
CYBER DEFENSE MAGAZINE is a Cyber Defense
Media Group (CDMG) publication distributed
electronically via opt-in GDPR compliant
CONTENTS e-Mail, HTML, PDF, mobile and online flipbook

forwards. All electronic editions are available
for free, always. No strings attached. Annual
print editions of CDM are distributed exclusi-
vely at the RSA Conference each year for our
USA editions and at IP EXPO EUROPE in the UK
for our Global editions. Key contacts:
04 Welcome Letter – IP EXPO Europe 2018

Linda Gray Martin PUBLISHER
Gary S. Miliefsky
garym@cyberdefensemagazine.com
06 Firefighter or Bricklayer?The Right Approachto InfoSec
Rik Ferguson
PRESIDENT
4 Encryption Technologies You Should Use Stevin V. Miliefsky
10 Dan Freeman stevinv@cyberdefensemagazine.com
Defend against Cloud-based Data Theft with Identity VICE PRESIDENT OF BIZ DEV & STRATEGY
13 Access Management (IAM) Tom Hunter
Lewie Dunsworth tom@cyberdefensemediagroup.com
17 This Company Stopped a Phishing Attack in 19 Minutes EDITOR-IN-CHIEF

Aaron Higbee Pierluigi Paganini
Pierluigi.paganini@cyberdefensemagazine.com
20 How AI and Automation Can Solve Your Security
Hiring Problem MARKETING, ADVERTISING & INQUIRIES
Aarij Khan marketing@cyberdefensemagazine.com
23 Proactive Security Is the Key to Mitigating Future Interested in writing for us:
Threats marketing@cyberdefensemagazine.com
Branko Primetica
CONTACT US:
26 Threat Intelligence: 5 Applications of Connected Cyber Defense Magazine
Domains Toll Free: +1-833-844-9468
Jonathan Zhang International: +1-603-280-4451
New York (USA/HQ): +1-646-586-9545
London (UK/EU): +44-203-695-2952
29 Breaches, Defenses, Countermeasures, Attack Hong Kong (Asia): +852-580-89020
Methodologies Skype: cyber.defense
Jane Melia E-mail: marketing@cyberdefensemagazine.com
Web: www.cyberdefensemagazine.com
TV: www.cyberdefense.tv
33 How SOAR Can Help You Get Amazing Results from Your
Security Analysts
Stan Engelbrecht Copyright © 2018, Cyber Defense Magazi-
ne (CDM), a Cyber Defense Media Group
(CDMG) publication of the Steven G. Samuels
Industry Newsflash: CYSIV, the new “cyber risk LLC media corporation.
36 management as a service” company, formed by
TrendMicro and HITRUST
To Reach Us Via US Mail:
Tom Hunter Cyber Defense Magazine
PO Box 8224
38 Cyber Defense Global Awards Nashua, NH 03060-8224
EIN: 454-18-8465
DUNS# 078358935
Welcome to IP EXPO Europe 2018
By
Bradley Maule-ffinch,
EMEA Portfolio Director
Imago Techmedia
O
ur umbrella event theme this year is Digital IP EXPO Europe has evolved alongside the modern
Transformation. In the race to become more agile, enterprise IT department for over 10 years, uniquely
people-oriented, innovative, customer-centric, covering the entire IT stack. Regardless of your role or
streamlined and efficient, Digital Transformation is responsibility within your organization, if you are into any
profoundly transforming technology strategies for all types aspect of IT, this is the event for you, and we appreciate
of institutions. your active participation.
With new opportunities presented by cutting edge You will learn about the latest Cyber Security developments
technologies such as Blockchain, AI and Internet of Things, in expert-led sessions, inspiring keynotes and in-depth
IT teams are increasingly challenged to work together seminars. At the exhibit hall, you can demo innovative
efficiently and keep the lights on, whilst innovating to products and solutions, network with information security
deliver cost and operational efficiencies and competitive insiders and peers, and help move the industry forward as
advantages. Across all these innovative and engaging part of an engaged and empowered global community.
technologies, we have Cyber Security as something that
We’re thrilled that you are joining us here on 3-4 October
must be considered, up front – in code, in design, and in
2018 at ExCeL London, as IP EXPO Europe is Europe’s
our investments.
number ONE IT event for those looking to find out how the
This year, IP EXPO Europe rises to the proverbial challenge to latest IT innovations can drive their business forward. We’re
“be all things to all people” in the context of six key aspects expecting a record attendance of over 16,000, and every
of IT practice. With six top IT events under a single roof, participant has something of value to share with others
including 300+ exhibitors and 300+ free to attend seminar and also to take away and put into practice.
sessions, the Digital Transformation taking place in the IT
IP EXPO Europe is the must-attend IT event of the year
world is fully captured in our multi-disciplinary structure.
for CIOs, heads of IT, security specialists, heads of insight
The event showcases brand new exclusive content and and tech experts. The Digital Transformation EXPO brings
senior level insights from across the industry, as well as together the full range of technologies needed for a
unveiling the latest developments in IT. IP EXPO Europe business to successfully embrace digital change.
now incorporates:
Arrive with challenges, leave with solutions!
• IP EXPO
In partnership with the Cyber Defense Media Group – you’ll
• Cyber Security X find opportunities within this Cyber Defense Magazine, or
to be interviewed or watch Cyber Defense TV and see many
• Developer X
winners on the show floor of the prestigious Cyber Defense
• AI-Analytics X Awards and with a big thanks to you, to all of our sponsors
• Internet of Things X and exhibitors, welcome to IP EXPO Europe 2018!
• Blockchain X. The IP EXPO Europe Team
Firefighter or
Bricklayer?
The Right Approach
to InfoSec
by Rik Ferguson, Vice President Security Research at Trend Micro
T
he professional life of a security practitioner is a fast-paced one. Con-
stantly having to respond to the shifting tactics of the adversary, hav-
ing to understand and secure new infrastructural implementations
and delivery platforms, and both facilitating and yes, mitigating the
changes in user behaviour over time. All too often the enterprise still thinks
of the security function as a bolt-on one. The business is structured, the archi-
tecture implemented, and the employees are hired. The fires are started and
then someone calls the security team; “Secure this”.
“Firefighting” for many years has been the default operational mode of an
information security department. To borrow from Bono, we are running
to stand still. Securing infrastructure as it is implemented, responding to
breaches after they happen, patching vulnerabilities once the exploit is al-
ready in the wild, auditing inventory already in use is barely workable now,
what of the enterprise of the future?
The single biggest infrastructure change just over the horizon is the advent
of 5G in 2020. 5G promises a wealth of benefits (many of which we have ex-
perienced more than once before) much greater bandwidth, faster connec-
tivity with lower latency over a wider geographic area to many more devices,
in the same way achieved by previous iterations (2G, 2.5G (GPRS & EDGE), 3G,
4G/LTE). While standards are still being finalised, what is important to note
with 5G is that it follows the same KPI trend as those previous iterations, so
we can expect an order of magnitude improvement over 4G in things like
data rate, and critically in latency.
What 5G promises is a scaled-up “things”, devices, sensors, actuators, you will systematically end up with
infrastructure that in itself will drive vehicles, factories each with its own fewer trees to burn in the long run. In
change in many other areas, just as unique use case, environment and our field of information security, it’s so
the advent of 3G drove the advance of vulnerabilities. IT solutions are tied much better to be a brick layer than a
the smartphone, and 4G the streaming directly to business requirements, firefighter. Measure twice, even three
services that are steadily replacing stripped to the essentials required for times if you have to, and then lay the
conventional media. Except this time the job, no more “IT for IT’s sake”. bricks once.
5G with its really low latency and high
Of course, an inevitable outcome of this
bandwidth has caught the attention
is a continued exponential growth in
of industry and not just the consumer.
We will be connecting not only the
data generation. Consider that 90% of all About the Author
the data ever generated by the human
traditional “fixed internet”, today’s
race has been generated in the last two
“mobile internet” but also every sensor Rik Ferguson
years and extrapolate from there…
and actuator, every vehicle, traffic Vice President
management system, smart city, smart Our future business will rely on the scale Security Research
home and factory on the planet. 5G will and speed of Artificial Intelligence and
be the foundation of a truly immersive
at Trend Micro,
Machine Learning to cope with these
is one of the
leading experts
in information
security. He is
also a Special
Advisor to
Europol’s
European Cyber
Crime Centre (EC3),. In April 2011 Rik was
inducted into the Infosecurity Hall of Fame.
As a presenter at global industry events

such as RSA, Mobile World Congress, Milken
Institute, Virus Bulletin, RUSI and the e-Crime
interconnected experience. mountains of data and the Security Congress, Rik addresses the challenges
Operations Centre will be no exception. posed by emerging technology and online
From a security perspective, therein lies
Integration of Machine Learning into the
the real challenge. crime. He is frequently interviewed by the
SOC of the future is critical for a number
A greater volume of traffic, a greater of reasons, not only related to the BBC, CNN, CNBC, Channel 4, Sky News and
number of endpoints (many with no volumes of data, but also to address the Al-Jazeera English and is quoted by national
user interface at all) and an ongoing so-called “cyber skills gap” (a concept I’d newspapers and trade publications around
explosion of data means not only that we love to dissect in a future article maybe). the world.
have more to secure, but more to secure We need to leverage the power of
it from. This is already driving a huge machine learning to collect and correlate
shift in the way we do business, driving data from across the enterprise, carry Rik is actively engaged in research into
adoption of IPv6 (to accommodate all out triage of generated events, forensic online threats and the underground
these new devices), Software Defined investigation and evidence capture, economy. He also researches the wider
Networks, big data and cloud services and yes even mitigation; surfacing only implications of new developments in the
to store and process the volume of data, those urgent or high-priority event to Information Technology arena and their
and Artificial Intelligence and Network
Function Virtualisation to provide scale impact on security, both in the enterprise
and speed of response and an ability and for society as a whole, publishing
to integrate security functions at carrier papers, articles, videos and participating in
level, rather than relying on an ability to thought-leadership initiatives. With twenty-
enforce at every endpoint in this new five years’ experience in information security,
interconnected world.
Rik has been with Trend Micro since 2007.
One vision of the enterprise of the Prior to assuming his current role, he served
future looks like this. Your organisation as Security & Privacy Infrastructure Specialist
ignores the network infrastructure from
a security perspective, all infrastructure
at EDS where he led the security design work
is considered as hostile and a zero-trust for government projects related to justice
model is applied. You have multiple and law enforcement and as Senior Product
thousands of end-users spread across Engineer at McAfee focused on network
the humans who remain at the top of
the globe and every user has multiple security, intrusion prevention, encryption
the security tree.
profiles that need to be automagically and content filtering. Learn more about Rik
applied in the correct circumstances Firefighting as means of maintaining
(where are they, what are they using, a secure enterprise is not a workable and the latest security technologies from his
what task are they working on, what model for the future, or even the team at http://www.trendmicro.com
time of day is it?). On top of that you present. No one can deny, that even if
have hundreds of millions of connected your firefighting is of the highest calibre,
SECURE
YOUR
DIGITAL
BUSINESS
Applications are the business in this digital age.
Securing the applications that drive your
business is essential to providing safe digital
experiences to your entire business ecosystem.
The WhiteHat Application Security Platform is a

cloud service that allows organizations to
bridge the gap between security and
development to deliver secure applications at
the speed of business.
www.whitehatsec.com
4 Encryption Technologies
You Should Use
by Dan Freeman, Senior Solutions Consultant, HelpSystems
How are you encrypting data in data: usernames, passwords, social in the clear (with an FTP server or
your organization? security numbers, birth dates, credit client) just isn’t satisfactory or secure
T
card information…. The list of what’s anymore. Cyber crime is evolving.
he number of users, clients,
shared on the internet is lengthy and Without proper encryption for your
and organizations who
complex. file transfers, it’s only a matter of time
access the internet to share
until vulnerable organizations are hit
data is growing. In the last As people submit, transfer, and store
with a data breach that costs them
year, it’s been estimated that sensitive data online, it’s imperative
money or potentially puts them out
over 3.8 billion people use the for organizations who handle this
of business forever.
internet to shop online, check their information to protect it using strong
banking information, continue encryption practices. This especially Finding the right method of
their education, access test reports applies to businesses who need encryption for your organization
from their healthcare providers, to meet state, federal, or industry can be overwhelming, but the
apply for jobs, and submit annual compliance regulations. Using alternative—compromising your
tax documents. These activities all homegrown encryption methods customers’ or employees’ personal
require the submission of personal or, worse, sending communication information—isn’t acceptable. Don’t
let a data breach happen to you. version of TLS organizations sensitive files are stored in.
Take the time to find an encryption should use to remain compliant. If Some secure file transfer solutions
technology that works in your you follow PCI DSS requirements, automate this process by
environment and protects your file as of June 2018 you should encrypting the data as it’s written
servers from vulnerabilities. use TLS 1.1 or higher for your to files within a designated folder.
encryption needs. (TLS 1.2 is Files can be decrypted whenever
To get you started, here are four strongly encouraged.)
modern encryption technologies we they’re accessed by an authorized
user, so the user doesn’t have to
recommend using:
3. SSH provide a special password or key.
Secure Shell (SSH) is a Helpful Tip: Are you FISMA

1. OpenPGP compliant? The Federal
cryptographic network protocol
OpenPGP is an encryption that encrypts file transfers over Information System
protocol that uses key pairs (a industry standard file transfer Modernization Act of 2014 calls
public and private key) to secure protocols like SFTP and SCP. upon the National Institute of
your files. If you need to use For organizations who need Standards and Technology as
public and private keys in your a bit more flexibility in their its security and risk approached
organization to give your data a authentication methods, SSH framework to ensure proper file
high level of protection, this may uses a combination of asymmetric and systems protection. AES is
be the protocol you want to use. and symmetric cryptology to the de facto standard and widely
OpenPGP also allows you to verify provide strong protection. Files accepted encryption method.
the authenticity of received data that are transferred using SSH No matter which encryption
by requiring files to be signed can be set up to authenticate option you choose for your
with the digital signature of the using passwords, SSH keys, or a organization, always ensure
message creator. combination of both. your data is protected in transit
Helpful Tip: Some secure file and at rest. With the amount
2. TLS transfer solutions support of personal information shared
SSH with an integrated Key and stored online, data breaches
Transport Layer Security (TLS) are becoming more and more
Management System (KMS). This
is a cryptographic encryption common. Don’t let one happen
KMS can be used to create and
protocol that allows users to to you!
maintain SSH keys, OpenPGP
encrypt their file transfers over
keys, and SSL certificates that
industry standard protocols like
are then associated with a TLS
AS2, FTPS, and HTTPS (to secure
client connection. It is highly
web browser connections). TLS
recommended that you use a About the Author
uses x.509 certificates to allow
solution that offers this benefit, Dan Freeman is
TLS-enabled servers and clients
as it reduces the need to create a Senior Solutions
to securely connect to and Consultant at
manual keys and certificates in
authenticate each other. HelpSystems for
your organization, thus promoting the GoAnywhere
Since these certificates contain centralized management. Managed File
information about the entity they Transfer product
line. Dan has spent
represent, TLS provides a high the last 10 years
level of protection by requiring 4. AES of his career in
various security
specific certificate details (e.g.
The Advanced Encryption roles ranging from
the entity that signed the Standard (AES) is a symmetric systems engineer to security officer. As a CISSP,
certificate, the expiration date, Dan has designed networks, systems, and
form of encryption cipher that procedures to ensure regulatory compliance
the certificate’s public key, and
organizations can use to protect using the NIST risk management framework
the entity’s digital signature).
their files when stored in transit and HIPAA standards. Dan can be reached online
at Dan.Freeman@helpsystems.com and at our
Helpful Tip: The Payment Card or at rest. AES-256 encryption is company website: www.helpsystems.com
Industry Security Standards often employed to secure data
Council recently increased the at rest by encrypting the folders
REAL-TIME CONTINUOUS
DIAGNOSTICS & MONITORING
SHINE A LIGHT ON THE DARKEST CORNERS OF YOUR NETWORK
STIGs & Threats & Asset User &

Configurations Vulnerabilities Discovery Entity Behavior
Continuous audit of Real-time discovery Automatic inventory & Monitoring of risky &
policies & controls. of Threats & Risk. tracking of assets. unsanctioned activity.
Looking for the information you need to Identify Risk, Direct Remediation, and
Document Results?
Look no further...
Get meaningful, actionable, and repeatable data, in real-time. AristotleInsight® is

the world’s first Continuous Diagnostics & Monitoring (CDM) Platform to bridge the
gap between security frameworks and real-world IT Technologies.
Get the information you need, when you need it, with AristotleInsight.
AristotleInsight ®
Identify | Remediate | Document AristotleInsight.com | 866.748.5227
Defend against Cloud-
based Data Theft
with Identity Access
Management (IAM)
by Lewie Dunsworth, CISSP, CISO & SVP, Herjavec Group
P
hishing attacks will soon Statistics show that the great to the sensitive information sought
become ‘so last year’ in majority of data breaches and other by cyber criminals. Because the
comparison to cloud-based events of unauthorized access to cloud is easy to use, and simple
data theft. Whether you, as a sensitive information come from to scale, not only do you have the
business, have begun to leverage human vulnerabilities and the proliferation of company assets
SaaS based cloud applications or access they possess. Beyond that, being spun up in cloud based
have started the arduous task of the value of information stolen from environments but now you have
migrating your entire data center, cloud-based sources tends to be to worry about who has access to
leveraging IaaS solutions, the cloud far greater than from other storage the data in those environments,
has become a greater target for your locations, partly due to the size ensure that the external API’s are
organizations data and opened a and scope of the data bases and locked down and you have the
new door for exploitation. because of the dependence and appropriate monitoring in place
complexity of integrating additional to identify suspicious/malicious
It’s no wonder that an internet layers of security in cloud-based behavior. So, not only do you have
search for Identity and Access environments. to worry about infrastructure and
Management (IAM) returns so many application vulnerabilities in those
results. In a relatively short time, As information security practice shifts environments (specifically in IaaS)
security practitioners have quickly toward AI, ML, and other means of but there is concern about who is
realized how important an identity protection, a strong identity posture now accessing that information,
is in protecting an organization. It’s starts with understanding what data from where and what they are doing
become a central theme to the point you are trying to protect, who has with it. Strong identity practices and
where organizations are adopting access to the data and understand programs ensure that you have the
“identity centric” programs and whether that access is being used in appropriate processes in places to
put pressure on the cyber defense a legitimate or illegitimate manner. define roles appropriately for cloud
community to develop better Once that is understood, baseline based systems.
solutions that balance usability and identity techniques start with
security. restricting the access of organization
employees, based on least privilege,
They also monitor the access and location, deprovision access I’m proud of the holistic and dynamic approach we take to
when it’s not needed and govern other changes in the access Identity Services. Our “Pillars of Identity” perspective is more
of your users. The key is visibility and governance An oft- than a slogan. We offer a set of services that apply across each
cited example is the well-meaning but dangerous employee pillar:
behavior of provisioning and running unknown applications
in the cloud; while they may be trying to be innovative, create
• Assessment
o Process Review
shortcuts or add functionality to the company’s operations,
o Business Requirements
they may in fact introduce incompatible programs, new
o Strategy & Roadmap Planning
vulnerabilities, and unnecessary access to systems. By
creating a culture around access, its importance, least
privilege and identity controls, you can create a well-rounded
• Design
o Identity Solution Architecture
identity program.
o Access Governance Framework
o Single Sign On (SSO) Framework
Professionals engaged in Identity & Access Management
o Role Mining, Modeling & Engineering
programs have recognized that the one of the fastest
o Cloud Identity Security
growing unmanaged risks to the integrity and confidentiality
o Privileged Access Framework
of sensitive company information is excessive employee
access. Beyond the internal storage of such data, such
facilities as mobile devices, cloud storage, growth of the
• Deployment
o Solution Install & Configuration
Internet of Things, and IT consumerization offer rich targets
o Solution Deployment Supporting
for increasingly sophisticated cyber-attacks.
o Testing & Validation
o Production Migration
Following the instincts of our CEO, Robert Herjavec,
o Integration opportunities to maximize technology
the visionary founder of Herjavec Group (HG) (link to
o investment – SIEM, DLP, endpoint
herjavecgroup.com), the company took the lead in addressing
the challenges posed by developments in the world of
Identity. Since its acquisition of Aikya Security Solutions in
• Managed Identity Services
o 24x7 IAM Platform Monitoring
2016, HG has built on this base of experience and expertise to
o Basic and enhanced configuration support
become a leading provider of Identity services.
o Onboarding services to automate and
o operationalize provisioning & de-provisioning
At Herjavec Group we believe in supporting what we view as
the 4 pillars of identity (link to https://www.herjavecgroup.
If you haven’t begun to consider Identity Services as part of
com/services/identity-services/):
your security framework, know this – your business may be
scalable and running more efficiently through the cloud but
1. Identity Governance & Administration
you’ve opened the door to a new world of exploitation and
2. Privileged Access Management
data theft. Isn’t it time you considered Identity?
3. Access Controls
4. Identity Managed Services
Identity programs are highly complex and traditionally

difficult to implement at scale. We’re here to relieve the
burden of integrating this layer of protection into your overall
About the Author
company security posture. The net effect of HG’s Identity Lewie Dunsworth is Senior
approach is to lead a client through the identity, access Vice President of Professional
and management journey. It starts with defining a custom Services & CISO at Herjavec
Group, bringing more than 17
strategy based on your specific needs, designing a solution years of information security
that marries together people, process, technology, and of experience to the role. Prior
course the deployment of technical solutions that meet your to Herjavec Group, Lewie held
executive roles as the CISO
specific requirements. You’ve also got to ensure in house or at H&R Block and the SVP of
external expertise and scale to manage the environment. The Advisory Services & Managed
objective is to streamline your processes, improve end-user Services at Optiv. His business-
forward approach helps
experience, enhance security and enable compliance. companies create a balanced
strategy and effective security program, to adequately protect their most
critical assets. He earned his Bachelor of Science degree in Network and
Communications Management from DeVry University and a Master of
Business Administration, Executive from the University of Missouri in
Kansas City. He is also a Certified Information Systems Security Professional
(CISSP). Learn more about Lewie at https://www.herjavecgroup.com/
about-us/executive-team/
5 Steps to Keeping Your About the Author
Company Compliant in Clearwater and Thielová

work on the OneTrust privacy
team. They provide counsel,
the GDPR Era leadership, and guidance on

data protection. The OneTrust
privacy team is also responsible
By Andrew Clearwater, Director of Privacy and Linda Thielová, for providing public policy
Data Privacy Counsel, OneTrust analysis in the areas of privacy,
data security, information
W
ith the Global Data beyond merely addressing privacy as
policy and technology
Protection Regulation an afterthought. Privacy by default,
transactions. Clearwater is a
(GDPR) effective and its important element, seeks to Certified Information Privacy
inevitably becoming deliver maximum degree of privacy Professional (CIPP/US), holds
a part of the European legal by ensuring that personal data are an LLM in Global Law and
automatically protected by any Technology and is a licensed
landscape, a new stage comes
system or business practice. These attorney. Thielová is also a
for everyone, prompting a
principles can only be achieved by Certified Information Privacy
question: what now? Here are becoming an everyday part of your Professional (CIPP/E, CIPM)
a few tips to help you keep up- company’s operations. holds a degree in Law and
to-date with the development Legal Science and has a four
of data privacy requirements. 4. Keep up with Codes of Conduct years’ professional experience
in privacy.
1. Look out for domestic GDPR foresees the approval of codes
legislation and EDPB guidelines of conduct and accreditation of
certifications to help organizations
The GDPR is still young legislation, so demonstrate compliance with
many EU laws containing additional data privacy requirements and
specific privacy requirements still best practice. Codes of Conduct
await their effective date. We can may even be binding for certain
also expect the newly established professional associations and as
European Data Protection Board such may potentially apply to
(“EDPB”) to gradually fill in the blanks your organization by virtue of
and clarify certain issues regarding membership(s).
the interpretation and enforcement
5. Get Ready for ePrivacy Andrew Clearwater
of the GDPR.
The main concern of the not-yet Director of Privacy, One-
2. Keep your GDPR compliance finalised ePrivacy Regulation will Trust
framework up-to-date be the online tracking and use of
cookies. A good practice is to keep
GDPR compliance should be an
an eye on what cookies are being
ongoing exercise, not a means to
used on your company’s websites
an end. Schedule regular privacy
and be clear about whether these
check-ups and audits to ensure
are 1st party or 3rd party, what sort
your organisation’s compliance
of data is being collected and who is
framework remains operational.
the data controller in each case.
3. Make Privacy by Design a For more tips about privacy
constant effort regulations and how to tackle the
GDPR, visit onetrust.com. Linda Thielová
Privacy by Design gained major
traction through GDPR as a concept Data Privacy Counsel,
OneTrust
aiming for more in-depth approach
Cyber-Defense-Magazine -A4_pr.pdf 1 9/3/2018 10:53:39 AM
CM
MY
CY
CMY
This Company
Stopped a Phishing
Attack in 19 Minutes
by Cofense, Inc.
I
t was an ordinary day for Cofense combined employee- electronic transfers himself.
employees of a national sourced intel and automated 11:49 a.m. Employees begin
healthcare company. Lots of analysis to work with company’s reporting the email as suspicious.
emails on the usual subjects: security team and mitigate in less The email was quite convincing.
meeting invites, questions from than 20 minutes. For security Many employees clicked.
colleagues. Nothing really special. reasons, the company will remain Fortunately, enough well-trained
But when employees received a unnamed. users looked at the message
message from their CEO, they 11.48 a.m. The spear phishing carefully. The company uses
snapped to attention. campaign launches. Cofense PhishMeTM for phishing
The email asked them to read and The email showed the attacker awareness training. It also equips
agree to a company policy. Simple. “had really done his homework,” users with the Cofense ReporterTM
Just click on a link, which took according to the company’s Vice plug-in to report suspicious emails
them to a login page—from there, President of Information Security. with a single click.
they’d enter their credentials and “The email looked and sounded One of the simulated phishes the
go to the policy page. exactly as though our CEO had company had used in training
But the sender wasn’t the CEO. sent it.” spoofed the HR department—like
He was a talented fraudster. It was a sophisticated twist on the email the real attacker sent, the
The attacker aimed to harvest business email compromise simulation asked users to click an
passwords, gain file system (BEC), which according to the embedded link to agree to a policy.
access, and reroute electronic FBI defrauds businesses of over When they encountered the real
payroll deposits. And he almost $12 billion annually.1 Most BEC deal, alert employees reported it a
succeeded. scams ask their targets to wire minute after the attack began.
Let’s take a minute-by-minute look funds. In this case, the attacker
at the phishing attack—and how used credential phishing to reroute
11:49 a.m. Reported emails go to of both worlds. Automation greatly lateral movement.
Cofense TriageTM for machine accelerates email analysis at “We removed the email quickly,”
and human analysis. scale, while human vetting makes said the VP of Information
The company relies on Cofense use of insights machines can’t Security, “though in the space
Managed Triage for phishing deliver. of a few minutes a lot of people
response. Reported emails first 12:07 p.m. Cofense completes clicked. Once we contained the
undergo automated analysis. the investigation and alerts the threat, we started on repair and
Then human analysts at the company. recovery work, seeing who clicked
Cofense Phishing Defense Center Upon wrapping up the investigation, and mitigating problems linked to
(PDC) investigate further to verify the PDC called the company’s VP their accounts.”
whether an email is malicious. of Information Security. Cofense “All of this was the result of a single
PDC research shows that Triage automation and human well-crafted phishing email.”
crimeware as a percentage of expertise enables the company The VP of Information Security
reported emails can range from to respond to the threat in real adds, “If we hadn’t been prepared,
practically nothing to over 90% time. The possibility of a breach is the damage would have been
monthly. From one month to the detected in minutes, not months. worse. We were able to retract the
next, it’s not unusual for a company Not bad, when you consider that email in under 20 minutes.”
to see dramatic swings. IBM Security and the Ponemon Good thing this company had built
12:00 p.m. The investigation Institute report the average a complete, collective phishing
escalates. business detects a breach in 196 defense, protecting against
As users reported more emails and days2—and that most breaches phishing attacks from the inbox
more evidence emerged, the PDC begin as phishing emails. to the SOC. By striking a balance
escalated the initial investigation. 12:07 p.m. The healthcare between automation and human
The threat analyst conferred with company responds. intuition, the company was
his manager on duty. Cofense After consulting with Cofense, the ready when trouble loomed—and
Triage groups malicious emails company blocked the phishing site equipped to prevent a disaster.
into common clusters. Further, and began to mitigate the attack. By Cofense CTO and Co-Founder
the PDC team applies human Incident responders retracted the Aaron Higbee
intelligence to confirm a phishing bad email from inboxes, monitored
campaign. behavior from affected Office365
The approach combines the best accounts, and disrupted any
Aaron Higbee,
Chief Technology Officer and Co-Founder
Aaron is the Co-Founder and CTO of Cofense (formerly PhishMe), Inc. directing all aspects of development and
research that drives the feature set of this market leading solution. The Cofense method for awareness training was
incubated from consulting services provided by Intrepidus Group, a company that Aaron Co-Founded with Rohyt
Belani in 2007.
Aaron remains on the board of directors for Intrepidus Group to ensure it focuses on forging new service lines and
attracting motivated researchers and consultants.
Before Cofense and Intrepidus Group, Aaron served as Principal Consultant for McAfee’s Foundstone division where he was a lead instructor and known for his ability
to mentor and develop junior consultants into expert penetration testers. Prior to his seven years of consulting experience, Aaron worked for large Internet Service
Providers handling security and abuse incidents, subpoena compliance, and datacenter security. Aaron’s biggest achievement is building industry recognized
Intrepidus Group and incubating Cofense out of it.He enjoys the diverse personalities in the information security community and is known for building creative
environments needed to promote rich personal and professional development. His creative touch is evident in the unique way he recruits and retains talent and
his style further extends itself into his leadership role at Cofense. Aaron is a speaker at regional conferences and associations as well as large conferences such as
BlackHat, DefCon, Shmoocon, etc. His expert opinion is a valuable resource for many media outlets interested in security.
IS NOW
How AI and
Automation Can Solve
Your Security Hiring
Problem
by Aarij Khan, VP Marketing, Securonix
C
yber attacks are increasing security incidents they face,” says
in volume and complexity, Tanuj Gulati, CTO and co-founder
and affecting more people of Securonix. “Securonix’s Res-
and costing more money. ponseBot arms junior security
Last year 1,579 breaches were re- analysts with the information and
ported (source: ITRC), costing an expertise of a highly advanced
average of $3.62 million per bre- SOC analyst, enabling them to
ach (source: Ponemon Institute). address complex cybersecurity
alerts right away.”
Security teams simply can’t keep
up. Organizations struggle to ma- Leveraging machine learning
nage the deluge of security alerts. with security analytics can relie-
Existing CSIRT and SOC teams are ve the stress on cybersecurity
stretched. Meanwhile thousands analysts and help reduce incident
of security job openings go unfil- response time by up to 95 per-
led. According to ESG, two-thirds cent. Junior analysts can increase
of security professionals claim efficiency by following AI-based
they are too busy to keep up with guidelines, essentially operating
skill training and development. like more experienced staff. Se-
Enterprises are left to tackle secu- nior analysts are then freed up
rity with entry-level analysts and to tackle the truly challenging
hope for the best. cybersecurity issues, resulting in
a 300-500 percent improvement
One answer to this problem is to in threat detection and remedia-
incorporate AI and automation, tion times.
with innovations like Securonix
ResponseBot. ResponseBot is a
new capability within Securo-
About the Author
nix Security Analytics, and uses Aarij brings a deep
machine learning to learn the understanding
of the security
responses of highly experienced
market and buyer
security experts. Once the beha- combined with
vior is learned, ResponseBot can over 15 years
automatically execute response of marketing
leadership at high
actions for specific cybersecurity
growth, innovative
alerts. Automation executes rou- security vendors.
tine tasks, such as quarantine, fo- Previously, Aarij led
rensic data collection, etc., redu- marketing efforts
at RiskIQ where he was responsible for product
cing the overall level of manual
marketing, analyst and public relations strategy,
effort required. channel marketing, field marketing, and growth.
He also led product and solution marketing at
“We constantly hear that cyber- Tenable Network Security, ThreatMetrix and had
spent over 4 years at ArcSight/HP where he was
security experts are in extremely
instrumental in the rapid adoption of ArcSight
high demand and organizations SIEM products.
do not have enough trained per-
sonnel to address the flood of
I
n today’s increasingly
dangerous digital
environment, reactive security
is not enough to effectively
protect an organization from
cyber threats. Reactive security
includes things like securing
your systems through an
Assessment and Authorization
process, installing firewalls,
and implementing antivirus
software. However, digital
modernization, the expansion
of cloud computing, and the
Internet of Things (IoT) are
resulting in a rapidly growing
attack surface. In addition,
humans are becoming more
sophisticated when it comes
to developing ways to attack
networks, with Advanced
Proactive Evasion Techniques becoming

more common.
Security Is the Proactive security, on the other

hand, includes all the reactive
Key to Mitigating security measures but expands

them to encompass items
Future Threats
such as actively seeking out
vulnerabilities and hunting for
threats to mitigate issues before
they become reality. The simple
by Branko Primetica, The President and Chief Strategy Officer of eGlobalTech (eGT)
objective is to enhance visibility
to thwart suspicious activity and
contain attacks.
Practical initial steps for enterprise monitoring and
transitioning to a more response operation to hunt
proactive security posture for and respond to threats
include: and breaches across a
network is a cornerstone of
1. Consolidate Your a proactive security program.
IT Security Programs. This operation can achieve
Federated organizations, the visibility required to slow
at times, have multiple down and stop suspicious
IT security programs. By activity in its early stages.
consolidating into a single
program (to the maximum 5. C o n t i n u o u s
extent possible), adoption Penetration Testing. Many
of common standards and organizations test their
enterprise-wide detection systems once or twice a
and monitoring of intrusions year. However, their network
becomes more possible. and infrastructure evolve
constantly. This means
2. Perform Regular they have little to no visibility
C o m p r e h e n s i v e into new vulnerabilities and
Assessments. This includes attacks until it’s too late.
performing assessments of Once the basics are taken
IT Controls and Risks to help care of, organizations should
identify where the highest move on to conducting Red
risk impact lies and where Team-Blue Team exercises
control gaps exist. These and carrying out simulated
analyses will also help to phishing campaigns.
drive investment in controls
to close those gaps efficiently A proactive security posture
and cost-effectively. is based upon maintaining
up-to-date situational
3. Raise Cybersecurity awareness at all times. By
Awareness. The human following the steps described About the Author
factor of proactive security above, organizations can Branko Primetica
cannot be ignored. start to develop and maintain serves as the
President and Chief
Employees must be taught a comprehensive view of their Strategy Officer of
how to identify threats and security landscape, mitigate eGlobalTech (eGT), a
leading cybersecurity
malware, and what they must risk before a cyber threat and IT solutions firm
do in response. becomes reality, and identify primarily supporting
the U.S. Federal
what needs to be done to Government. Find
4. Establish a Program improve overall enterprise out more at www.
eglobaltech.com.
to Identify and Respond to security.
Threats. Establishing an
THREAT INTELLIGENCE:
5 APPLICATIONS OF
CONNECTED DOMAINS
by Jonathan Zhang, Founder and CEO, Threat Intelligence Platform
M
any organizations are turning connect exactly? Roughly speaking, it look at five situations in which you
towards threat intelligence can happen through infrastructure in probably want to check for connected
to reduce the occurrence of the form of shared hosting, IP addresses, domains names and the reasons why.
cyber attacks. Sure enough, and name servers, as well as common
the practice can help security specialists registrant details — names, physical
1. Phished Well-Known
prevent scams and hacks in various location, emails addresses — and Organizations
ways. One of them, quite inevident at confusingly similar names. Hackers, like all criminals, have a
first sight yet effective in practice, lies knack for forgery. And reputable
in taking a closer look at connected There is a lot to learn from these organizations are the perfect means
domains. connections as they may be at the basis to conduct social engineering
of vulnerabilities in your or somebody attacks since they are trusted by
But first thing first. How do domains else’s cyber defense. In this article, let’s customers, employees, and people
at large. When an email is received notably for variations of your
from such an entity asking to confirm domain and subdomain names,
or update personal or confidential will help you evaluate whether
details, the temptation to comply the risk of impersonation is high. If
without doubting the origins of the this is the case, you can take timely
sender is high. precautionary measures and alert
customers and everybody else.
But what does all this have to do with
connected domains? Well, fraudsters
typically register confusingly similar 4. Malicious Domains Detected
names to make their phishing In an effort to maximize gains,
attacks even more credible and less cybercriminals typically use different
noticeable. So when you hear that a websites simultaneously to execute
famous brand is being impersonated cyber attacks at scale. While this
through phishy emails, you can sounds intimidating, your security
protect your staff with threat
team can actually leverage that
intelligence by creating a list of all
approach to uncover networks of
domains that are too close to be
legit and block those by putting fraudulent names.
corresponding mail servers and IP
addresses on a blacklist. For instance, once they have
identified a malicious domain, they
2. Dangerous Neighboring Hosts can use threat intelligence to start
Sharing hosting resources including looking for answers to questions such
IP addresses is like sharing a flat or as: Are domain registration details
office. Whatever your housemates including names and addresses,
or coworkers do can disrupt your regardless of whether these are
well-being and ability to live or work fake or not, uncoincidentally close?
normally. Similarly, neighboring Is the same cheap hosting provider
hosts’ bad practices such as spammy and infrastructure being used over
behaviors and fraudulent activities and over? Even hackers have limited
are likely to impact your online imagination and resources.
reputation and SEO. Worse, internet
service providers may even decide
to over-block your website warning 5. Suppliers and Vendors
visitors against it because others Last but not least, your cybersecurity
have misused and abused shared team can run a threat intelligence
infrastructure. analysis to keep track of the name
variations and registrant information
of close business partners. This
Checking connected domains here is About the Author
necessary to ensure you do not end matters because if your staff is already
up associated with cybercriminals or unlikely to question the legitimacy Jonathan Zhang
of famous organizations, imagine is the founder
illicit content providers by mistake, and CEO of Threat
and therefore protect your integrity what data might be in danger when
Intelligence
and reliability in the eyes of your fraudsters impersonate trusted long- Platform (TIP). He
customers, suppliers, and the press. term suppliers and vendors. has vast experience
in building tools,
--- solutions, and
3. Variations of Your Domain systems for
CIOs, security
Names Bottom line: Monitoring connected
professionals, and
It’s not just about protecting domains and the infrastructure third-party vendors and enjoys giving practical
yourself from external parties. behind them is a good example tips for better threat detection and prevention.
Security professionals also need of how threat intelligence enables Jonathan can be reached online at jonathan@
to make sure that the name of organizations to protect their threatintelligenceplatform.com and at our
their organization is not used for online reputation, customers, and company website
employees. https://threatintelligenceplatform.com/
malicious ends. A thorough check
of all domains connected to yours,
Breaches, Defenses,
Countermeasures, Attack
Methodologies
Preparing for a Future with Quantum Computers
by Jane Melia, Vice President of Strategic Business Development, QuintessenceLabs
Q
uantum computing is progressing the sheer speed and power of quantum A Look at Quantum – What’s All
fast. Google and IBM are making will render today’s public-key encryption
notable developments in the standards obsolete. the Fuss About?
space, as are other firms. On the But it’s not all doom and gloom. Quantum There is a growing awareness that
government side, bills recently proposed is also being leveraged to create conventio nal cybersecurity won’t be
in the U.S. House and Senate are stronger cybersecurity solutions that able to stand up to the processing
looking to put more than $1 billion into address the needs of companies today capabilities of quantum computers. The
furthering quantum technology. The and safeguard for a future with quantum current strategies for sharing encryption
age of quantum computing is textbook computers. After all, protecting our most keys rely on methods commonly known
transformative, and it’s worth getting valuable resource -- information -- has as “asymmetric encryption,” involving
excited about. But with that excitement never been more critical. factoring a large multiplication back into
comes a reminder that for cybersecurity, its prime constituents; a problem that
is beyond the reach of classic quantum tunneling, wherein the important data. Ensure your key
computers in a reasonable time activity of electrons travelling management infrastructure enables
frame. Quantum computers will (“tunnel”) unpredictably through a replication of keys between nodes.
be able to crack this math easily, semiconductor barrier, is measured Losing keys or not being able to
hampering one of the foundations and turned into streams of numbers. decrypt them can be disastrous!
of our current security structures. Given that this is a quantum physical
Alongside is symmetric encryption, phenomenon, not every electron
commonly used to protect data at passes the barrier, resulting in full- What’s Next
rest, but which will also be at risk entropy random numbers from The third step is to keep an eye
if the keys are not of a significant which form the strongest possible on the development of new
length and don’t have high enough keys. quantum resistant tools and
entropy (randomness). Secondly, symmetric encryption techniques, including quantum
It’s not just large IT enterprises are will retain its strength as long as the
resistant encryption algorithms
concerned about their proprietary keys are at least doubled in length
and quantum key distribution for
information -- financial institutions, and generated from a high-entropy
government agencies and other source like a QRNG. Making these exchanging keys.
organizations who value security are changes to your encryption keys
all looking for ways to prepare for and deploying a quantum random Today’s reliance on asymmetric
the future challenges of quantum number generator are good steps to protocols for key exchange such
before the technology breaks into protecting data at rest from quantum as RSA and ECC has brought us far.
the mainstream. attacks. The resilience of symmetric However, they use mathematical
“Safety First” – Prepping for Quantum encryption can be further leveraged formulas that are demonstrably
Perhaps the brightest side to to build up quantum resistance weak against quantum
this new world is that there are within an organization; for example, computers, so alternatives are
ways to “prepare” for quantum- by wrapping data as it is transferred being sought. NIST started
powered cyber attacks today, with between replication nodes. This a post-quantum algorithm
existing encryption approaches approach can successfully secure
standardization process in 2017,
and methods – even some that use data exchanges between two
quantum-based tech. You’ll hear
with recommendations expected
internal nodes using TLS, which is
them called “quantum resistant,” a common mutually-authenticated to be published in 2022 or later.
“quantum resilient” or “quantum-
safe,” but they all have the same
goal of getting your infrastructure
suitably protected against what may
come.
An important first step to quantum

resilience involves the generation
of encryption keys from the
ground up using quantum random
number generation. Simply put,
strong encryption, whatever its
type, depends on using strong
random numbers to generate keys.
Some pseudo-random number
(or algorithmic) generators have
resulted in vulnerabilities and
breaches even before the threat of
quantum computers.
secure transfer protocol (along
High-entropy random numbers with RSA/ECC/AES encryption), Quantum key distribution (QKD)
protect you from this risk enabling that will otherwise be vulnerable to takes a different approach to
encryption to be delivered at its quantum attacks. In practice, a high- exchanging cryptographic keys
full strength. The best way to get entropy symmetric key can wrap securing this exchange using
high entropy is through a quantum the TLS transfer payload, providing
physics, so parties can share keys
random number generator (QRNG). another layer of quantum-resilient
in a way that’s invulnerable to
It’s not a quantum computer, protection.
but does use quantum physics As an aside, replication is a priority the typical cyber threats of today
to generate keys, for example practice to implement for all and ones we can anticipate in the
future. It is based on a fundamental Fighting Quantum with
characteristic of quantum About the Author
mechanics: the act of measuring Quantum
There’s no doubt that quantum
a quantum system disturbs the Jane Melia is the
computers are coming, but as Vice President of
system, so an “eavesdropper” quantum-based cybersecurity Strategic Business
trying to intercept a quantum demonstrates its capability to Development at
exchange will inevitably leave improve security, it’s only a matter QuintessenceLabs,
traces, allowing the legitimate of time before we see its greater where she leads
exchanging parties to get rid adoption, allaying at least in part those all market and
of the corrupted information. concerns about our quantum future. product strategy
Quantum computers will not be The solutions above – high-entropy activities. Prior
keys; symmetric key wrapping; new to joining
able to compromise keys shared
advanced algorithms, and the onset QuintessenceLabs,
using QKD, making it the ultimate Jane held
quantum-safe solution. of QKD – serve as great examples of
leadership roles in several Silicon Valley start-
how industries are preparing. Our
ups, including solar firm SolFocus, where she
quantum resilient future will likely
QKD is still a developing headed the Technical and Product Marketing
contain hybrid solutions blending team for 5 years. Jane’s 20 years’ experience
technology with challenges
quantum resistant algorithms and in technology industries includes 8 years at
to overcome, but commercial QKD for key exchange, and even HP, including as Senior Business Consultant in
implementations are beginning now symmetric encryption using the Strategic Planning and Modelling group.
to roll out to some degree, longer and stronger keys for data Jane holds a degree in Engineering from
and further development will storage and wrapping and quantum Imperial College, London, and Ph.D. in Fluid
transform QKD’s capabilities random number generators can start Mechanics from Cambridge University. Jane
beyond point-to-point fiber to shore up security for the quantum can be reached via Twitter (@Jane_QLabs),
and QuintessenceLabs can be found at www.
connections to free space. threat.
quintessencelabs.com
How SOAR Can Help You
Get Amazing Results
from Your Security
Analysts
by Stan Engelbrecht, Director of Cybersecurity Practice, D3 Security
S
ecurity orchestration, but leaders in the sector are personnel working outside the
automation, and response expanding SOAR across the SOC SOC. Because SOAR can act as
(SOAR) platforms are with numerous modules and the a central hub within the SOC, it
becoming increasingly ability to orchestrate across the helps coordinate efforts through
prevalent security operations entire security stack. automating escalations and task
tools, emerging out of the The best SOAR solutions are assignments, eliminating data
categories of incident response, valuable for everyone on a siloes, and enforcing adherence
security automation, and threat security team, from people on to policies in workflows. These
intelligence platforms in the the front lines to managers and unique capabilities have allowed
last few years. Some SOAR executives tracking reports and SOAR to become the heart of the
platforms are narrowly focused metrics from a birds-eye view, SOC for many organizations. Of
on automating simple tasks, or even compliance and legal all the roles that SOAR supports,
security analysts see the most alerts and increasing complexity with the wisdom of their most
direct benefits, because SOAR of targeted cyberattacks. experienced analysts—past or
automates and simplifies Fortunately, with a SOAR present.
repetitive manual tasks like event platform, when an analyst
escalation, intelligence gathering, opens up an incident record,
contextualization, scripting, the grunt work has already been Happier
collaboration, and reporting. done. With an incident already
It may seem trivial, but the
To illustrate how significant this confirmed, contextualized, and
happiness of analysts can have
impact can be, let’s take a look at prioritized, an analyst simply
a significant impact on the
how a SOAR platform can make needs to oversee the response—
functioning of a SOC. Without
an analyst smarter, faster, wiser, and approve, when necessary—
the right systems in place,
and even happier. any security actions, such as
analysts often get frustrated
Smarter blocking a website, closing a
with the relentless pace of
port, or disabling a compromised
A large part of the role of an account. Compared to a manual menial, repetitive tasks. With the
analyst in an enterprise SOC is response to a typical phishing growing cybersecurity skills gap,
evaluating what alerts pose real incident, which might take an high turnover can be crippling
threats and how best to handle hour, a SOAR-powered response for a security team, because it is
them. An analyst with a few years should only take 45 to 90 seconds. hard to hire and retain talented
of experience may have built up employees
their ability to effectively assess Put simply, SOAR platforms reduce
alerts, but with a SOAR platform Wiser burnout. With automation and
in place, their decisions can be orchestration, analysts spend less
Security teams accumulate tribal
augmented with contextual time on tedious tasks like copying
information aggregated via knowledge over time about the and pasting hashes, looking up
integrations with the security history and patterns of incidents, reputation data in third-party
systems and threat intelligence plus the intricacies of their IT apps, and chasing after false
sources on which they rely. and security infrastructure. positives. This lets them focus
Analysts can also use tools like link Senior analysts can build up this on meaningful tasks that require
analysis and incident timelines, wisdom over time, but without a skill and protect the company
which ease investigations way of documenting the lessons from genuine threats. With SOAR,
by visualizing patterns and they have learned, their wisdom analysts get more done, feel less
relationships. Even bi-directional is lost when they leave the overwhelmed, and have much
SIEM integrations help analysts higher job satisfaction.
organization—or simply go on
“be smarter”, because the SOAR
tool can dynamically grab vacation. About the Author
additional relevant data—from With the right SOAR platform, Stan Engelbrecht
a prior event, for example—and senior colleagues can codify is the Director
present it to the analyst as part of
their knowledge into playbooks,
of Cybersecurity
the incident record’s contextual Practice at D3
guided workflows, and reports, Security and an
element. No matter how skilled accredited CISSP.
and share their experience
your analysts are, having the full Stan is involved
with the team, including in the throughout the
story of each alert drastically product delivery
reduces human error while critical onboarding phase for and customer
boosting alert management and new analysts. Junior analysts success lifecycle,
and takes particular interest in working with
decision-making capabilities. can also access historical data customers to configure solutions. You can find
from every previous incident Stan speaking about cybersecurity issues at
conferences, in the media, and as the chapter
Faster to see how comparable cases president for a security special interest group.
You can find more writing from Stan on the D3
have been handled in the past. website http://www.d3security.com/
The need for speed is real—
This empowers the entire team
especially given the volume of
Industry Newsflash:
CYSIV, the new “cyber risk
management as a service”
company, formed by
TrendMicro and HITRUST
by Tom Hunter, Vice President for Business Development & Strategy, Cyber Defense Media Group
wo cyber security development, accreditation we’ve gained in conducting
T
titans have entered the and information risk assessments, in managing
newly-conceived “cyber management organization. a threat sharing platform
risk management as a Statements from the leading and ultimately helping
service” market. TrendMicro executives of the two customers manage their
and HITRUST have formed companies illustrate how cyber risks.”
Cysiv, a company with a their individual capabilities
unique new way to help will complement each other Cysiv has begun operations
select U.S. enterprises in supporting the operations and offers a unique
defend themselves from of Cysiv. combination of expertise,
cyberattacks. cyber intelligence, and
“The AI-powered security technology, all deliverable as
The concept of “cyber risk operations and analytics a service, to U. S. companies
management as a service” is a platform that’s at the heart needing to access cyber risk
completely new formulation, of this new service is part management services on an
never before brought of our on-going efforts to integrated basis.
together as an integrated enable the SOC with greater
means of responding to visibility, and to add more For further details on Cysiv,
cyber threats and attacks. actionable intelligence and including its leadership
The intersection of the three automation to enterprise team and services, please
elements reflects a creative security,” said Eva Chen, co- visit www.cysiv.com
approach melding powerful founder and chief executive
responses to “cyber” and “risk officer of Trend Micro. “We’re
management” with the “as a excited by its immediate
About the Author
service” delivery platform. value to Cysiv customers,
and more broadly by its Tom is our
Vice President
Only participants with the longer-term potential for for Business
strengths and experience Trend Micro customers and Development &
Strategy. He is
of TrendMicro and HITRUST partners.” currently based in
our London office
could have perceived this “Insights from both our and has been with
gap in the market and come risk management and Cyber Defense
Media Group for
together to offer such an information sharing service, two years. Prior
to joining Cyber
integrated and seamless clearly demonstrate that Defense Media Group, Tom held key roles at
solution. That is why Cysiv organizations of all sizes Rothschild Investment Bank focused on M&A
and finance raising, a global commodities
has burst onto the cyber are struggling to effectively firm as a Senior Trader and various high
security scene with a implement and operate impact freelance business consulting roles.
He graduated in law (honours) from the
paradigm shift for potential their cyber defenses in University of Aberdeen and Advanced Project
Management at the University of Oxford.
client organizations. today’s escalating threat He is originally from the North of Scotland
TrendMicro is a global environment,” said Daniel and his hobbies include martial arts and
travelling. Visit Tom online at http://www.
leader in cybersecurity Nutkis, chief executive cyberdefensemagazine.com
solutions, and HITRUST officer of HITRUST. “This
is a leading security new venture leverages the
and privacy standards tremendous experience
2018
Cyber Defense
Global Awards
W
elcome to the Cyber such as GDPR. They have been
Defense Global leveraging new techniques
Awards for 2018. including machine learning,
It’s been six months artificial intelligence, cloud-
in the making – our annual based security, new
review of the hottest, most forms of encryption and so much
innovative, best, market more. After reaching out to thousands
leaders, next-generation and of these companies around the
cutting edge INFOSEC globe, we narrowed our list down
companies offering incredible to a much smaller group of finalists
products and services. While we’re in and only 100 companies around
our sixth year of delivering awards the Globe who will all share in the
to innovators in the USA, which we spotlight – winners of our prestigious
will continue to do during the RSAC award. These companies have
conference in San Francisco, CA gone through much scrutiny by
in early 2019, you’re looking at our our judges and we share this
Global Awards where we scoured outcome with you, here
the globe of the nearly 3,000 for your review
InfoSec players from the USA to and consideration.
Israel to Japan to Germany to China Please join us in
and back here to the United congratulating
Kingdom. Some were started in these winners –
little villages in Greece and others in many of whom you
big cities like Tel Aviv or Tokyo or will see at IP
Beijing. Some of them you have never EXPO EUROPE as
heard about until today and that you make your way
makes us very proud. Some are around the show
startups, and some are early stage. floor. Let them
Some of them are bigger and well- know you found
known players. One thing you them, here in
will see that they all have in common Cyber Defense
– their products, services, solutions M a g a z i n e .
and technologies stand out
from the crowd. Their mission is the All the best,
same as ours – to help you get one
Gary Miliefsky
step ahead of the next breach.
Publisher
They are on a mission to help you
document regulatory compliance
Adaptiva
Cutting Edge Endpoint Security
AlienVault
Leader Threat Intelligence
AlienVault
Editor’s Choice Unified Threat
Management (UTM)
Anomali
Best Product Threat Intelligence
APCON Inc.
Most Innovative Network Packet
Broker
ATARLABS
Cutting Edge Security Orchestra-
tion, Automation and Response
Attivo Networks®
Most Innovative Deception Based
Security
buguroo
Best Product Fraud Prevention
ThreatQ
ThreatQuotient
Cavirin
Best Product Cloud Security
Cloud Security Alliance
Leader Cybersecurity Training
Cofense
Next Gen Anti-phishing
Contrast Security
Editor’s Choice Cybersecurity
Company of the Year
Cynash, Inc.
Editor’s Choice ICS/SCADA Security
D3 Security
Most Innovative Incident
Response
D3 Security
Hot Company Security
Investigation Platform
Demisto
Hot Company Incident Response
EclecticIQ
Editor’s Choice Threat
Intelligence
EdgeWave
Best Product Anti-phishing
EdgeWave
Best Product Email Security and
Management
First Nation Group

Chief Risk Officer of the Year,
Chris Maier
ForeScout
Leader Internet of Things (IoT)
Security
ForeScout
Best Product Network Access
Control (NAC)
Fortanix
Next Gen Encryption
GTB Technologies
Leader Data Loss Prevention and
Data Protection
HelpSystems
Best Product Managed File
Transfer
Herjavec Group
Most Innovative Identity and
Access Management
Herjavec Group
Leader Managed Security
Services
HID Global
Most Innovative Cybersecurity
Discovery
iboss
Leader Cloud Security
Illumio
Next Gen Micro-segmentation
Product of the Year
Illumio
Editor’s Choice Security Company
of the Year
Illusive Networks
Cutting Edge Advanced
Persistent Threat (APT) Detection
and Response
Inky
Editor’s Choice Anti-phishing
Intezer
Cutting Edge Malware Analysis
IP Technology Labs
Next Gen IoT Trunking Gateways
Ixia, a Keysight
Business
Hot Company Cloud Security
Ixia, a Keysight
Business
Leader Enterprise Security
Jumio
Best Product Biometrics
Jumio
Next Gen InfoSec Startup of the
Year
Kingston Technology
Most Innovative Encryption
Kingston Technology
Editor’s Choice Bring Your Own
Device (BYOD)
Kingston Technology
Hot Company Data Loss
Prevention
Kingston Technology
Most Innovative Data Loss
Prevention
Kingston Technology
Best Product Security Hardware
Kingston Technology
Next Gen Security Hardware
KnowBe4
Leader Security Training
Logsign Inc
Hot Company Security
Information Event Management
(SIEM)
Nehemiah Security
Cutting Edge Risk Management
Netlok
Most Innovative Multi, Single and
Two Factor Authentication
Neustar
Cutting Edge Cloud Security
Neustar
Most Innovative Web Application
Security
NightDragon Security
Leader Security Advisory and
Investment
Panaseer Limited
Cutting Edge Cyber Security
Intelligence Platform
Nuspire Networks
Hot Company Managed Detection
and Response (MDR)
Obrela Security
Industries
Editor’s Choice Managed
Detection and Response (MDR)
ObserveIT
Cutting Edge Insider Threat
Detection
ObserveIT
Best Product Insider Threat
Prevention
OneTrust
Privacy Management Expert of
the Year, Kabir Barday
OneTrust
Best Product Privacy
Management Software
Overseas
Infrastructure Alliance
Chief Information Officer of the
Year, Sourabh Tiwari
PC Pitstop
Editor’s Choice Anti-Malware
Portnox
Editor’s Choice Network Access
Control (NAC)
Proficio
Most Innovative Managed
Detection and Response
Proficio
Hot Company Managed Security
Services Provider
Proficio
Most Innovative Security
Company of the Year
GEOACL LLC
Editor’s Choice Authentication
Solution for Rainbow Password
Recorded Future
Most Innovative Threat
Intelligence
® Resecurity, Inc.
Best Product Digital Footprint
Security
®
Resecurity, Inc.
Hot Company Forensics
RiskLens
Most Innovative Risk
Management
SecPod Technologies
Cutting Edge Vulnerability
Assessment, Remediation, Patch
and Configuration Management
Endpoint Security
Secure Channels Inc.

Editor’s Choice Encryption
Securonix
Best Product Cybersecurity
Analytics
Sergeant Laboratories
Analytics for AristotleInsight
Shanghai Moule
Network Technology
Co. Ltd
Editor’s Choice Vulnerability
Discovery and Intelligent Defense
Siemplify
Cutting Edge Incident Response
SKD Labs
Editor’s Choice Independent
Information Security Test Labs
SlashNext
Cutting Edge Anti-phishing
Succeed Technologies
Pvt Ltd
Editor’s Choice Security Training
ThreatQuotient
Most Innovative Advanced
Persistent Threat (APT) Detection
and Response
ThreatQuotient
Next Gen Security Investigation
Platform
ThreatQuotient
Hot Company Threat Intelligence
Thycotic
Cutting Edge Privileged Account
Security
Titania
Leader Vulnerability Assessment,
Remediation and Management
Ttec
Chief Information Security Officer
of the Year, Paul (Kip) James
Unbound Tech
Next Gen Cryptography
Untangle
Leader Firewalls
Untangle
Hot Company Network Security &
Management
Untangle
Best Product Unified Threat
Management (UTM)
Veridium
Next Gen Product Biometrics
WatchGuard
Technologies
Leader Multi-Factor
Authentication
WatchGuard
Technologies
Leader Unified Threat
Management (UTM)
WhiteHat Security
Leader Application Security
WhiteSource
Leader Open Source Security
XM Cyber
Cutting-Edge Breach and Attack
Simulation
XTN Cognitive Security

Best Product Mobile Endpoint
Security
Hot Company Application Security

Next Gen Fraud Prevention
Zimperium
Leader Wireless, Mobile, and
Portable Device Security
Hacker.House
Training
Congratulations to this year’s

Cyber Defense 2018 Global Awards
Winners!
www.cyberdefenseawards.com
InfoSec Knowledge is Power
Free Cybersecurity Resources
www.cyberdefense.tv
www.cyberdefensemagazine.com

Cyber Defense Emagazine - 2018 Global Annual Edition PDF

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cyber Defense Emagazine - 2018 Global Annual Edition PDF

Încărcat de

Drepturi de autor:

Formate disponibile

CYBER DEFENSE MAGAZINE

CONTENTS e-Mail, HTML, PDF, mobile and online flipbook

04 Welcome Letter – IP EXPO Europe 2018

17 This Company Stopped a Phishing Attack in 19 Minutes EDITOR-IN-CHIEF

• Blockchain X. The IP EXPO Europe Team

As a presenter at global industry events

The WhiteHat Application Security Platform is a

Secure Shell (SSH) is a Helpful Tip: Are you FISMA

STIGs & Threats & Asset User &

Get meaningful, actionable, and repeatable data, in real-time. AristotleInsight® is

Identity programs are highly complex and traditionally

Company Compliant in Clearwater and Thielová

the GDPR Era leadership, and guidance on

Proactive Evasion Techniques becoming

Security Is the Proactive security, on the other

Key to Mitigating security measures but expands

by Jane Melia, Vice President of Strategic Business Development, QuintessenceLabs

An important first step to quantum

First Nation Group

Secure Channels Inc.

XTN Cognitive Security

XTN Cognitive Security

Congratulations to this year’s

S-ar putea să vă placă și