Cloud security is overrated unless important information is being stored in the cloud or operationally important functions have been outsourced to a cloud provider. Forgetting about security, cloud applications could also be against policy because of productivity or HR reasons. The questions is, do you have the visibility to understand your risks and the controls to enforce your policies?
The chart below shows a very basic workflow for investigation of security events – an activity carried out typically by the Security Operations Center (SOC). Every organization needs to have the capabilities to collect, analyze, investigate, and respond to security events. Whether it’s a designated person in the IT team or a 24X7 global operation, the basic requirements don’t change.
We often get asked by our clients for an easy way to demonstrate to other people outside of security the reason for many of the security controls put in place. The majority of cyber-attacks begin with a phishing email or drive-by/watering hole website. The chain of events for these attacks is very predictable, as are the controls you can put in place to mitigate these attacks.
To quote Brad Arkin, Chief Security Officer of Adobe:
Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.
RSA recently updated NetWitness and changed the product name to Security Analytics. NetWitness used a Windows-based client for investigation of network sessions. Security Analytics adds the ability to conduct investigations via a new web interface. Many other security tools (SIEM, IPS, threat feeds, etc.) use a web interface. Critical Start just released version 2 of our Threat Analytics Search extension for Chrome that allows integration of 3rd party (web GUI) security tools with RSA Security Analytics. It’s only available in Chrome because we think that is the most secure browser. The Chrome Extension can be added from the Google Chrome Store at https://chrome.google.com/webstore/detail/threat-analytics-search/eliokoocofjemjjohafbmhmgjmedomko.
The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version 2.0 was released in February 1995 but contained a number of security flaws which ultimately led to the design of SSL version 3.0 in 1996. Transport Layer Security (TLS) has replaced SSL and has several different versions (1.0, 1.1, and 1.2). SSL/TLS provides us: