Experts gather at GISEC to discuss advanced threats

Largest regional cybersecurity event held in the shadow of Wannacry attack

Tags: Carbon Black (https://www.carbonblack.com/)Conference
  • E-Mail
Experts gather at GISEC to discuss advanced threats How to protect critical infrastructure against advanced threats was at the heart of major discussions at GISEC.
By  David Ndichu Published  July 18, 2017

The Middle East’s largest cybersecurity event, GISEC, gathered more than 6000 global cybersecurity experts and business leaders to discuss the latest cybersecurity issues and threats.

The 2017 edition was held with the ‘Wannacry’ ransomware attack as a backdrop, which affected hundreds of thousands of computers in over 150 countries.

SearchInform, was showcasing its latest data loss protection (DLP) solution at GISEC.
Sergey Ozhegoy, CEO of SearchInform says well publicised external attacks such as WannaCry direct disproportionate attention on external attacks. However, most of the most damaging cyberattacks emanate from inside the organisation.

“Inside jobs are responsible for about 70-80% of the damage to businesses. Besides, most of the external attacks happen because someone from the inside left a loophole or was in cahoots with an outside attacker and left a backdoor for the attackers to come in and exfiltrate data,” says Ozhegoy.

Ozhegoy takes note of recent cases such as leaks of politicians’ emails and government data obtained by WikiLeaks, which are the cause of much consternation in the US, were all inside jobs.

Since there’s not much of a perimeter to protect, Ozhegoy says guarding against insider attacks has to take a different approach.

First, the organisation needs to understand who the internal insider threats are. This means people who have access to certain information and who have potential to take that information for their own purposes, Ozhegoy says. This could be in the form of leaking the information to the competition, the media or capitalise on that information somehow.

“IT security managers need to understand the flows of information that are outbound and analyse this information and capture the pieces of data that don’t need to be shared with the outside world. They need to both understand where it comes from, whose fault it is and block it.” Ozhegoy says.

Many organisations’ strategy for protecting corporate data from leakage is to block means of sharing data such as use of USB or cloud platforms.

However, Ozhegoy says SearchInform advice to companies is to leave all the information channels open but keep them under control. “Our solution is to control all the communication channels and make sure that we capture all the traffic and analyse it. It’s better to find out who is sending information out of the company so one can understand the potential threat to the organisation.”

With remote work now a major part many organisations’ operations, one of SearchInform controllers can protect data in PCs that are outside of the network. “We install an agent on the PC that records everything that happens on that PC while it’s outside the network. And then it communicates with the server either when it’s back in the network or through the internet when there’s enough broadband,” explains Ozhegoy.

The company’s latest product SearchInform DLP does more than data leak prevention, says Ozhegoy. It delivers users privileged user management as well as monitoring behaviours of employees so organisations can identify the people who pose threats to the company. Organisations can also manage efficiency of employees by recording attendance for instance and identifying what applications employees use while at work.

Carbon Black was at GISEC to unveil its proprietary “Streaming Prevention,” a cybersecurity technology targeting the next-generation antivirus (NGAV) market that combines a new prevention model with detection and response, to help stop both malware and non-malware attacks.

“Streaming Prevention” is the core technology powering Cb Defense, Carbon Black’s NGAV solution, designed to prevent, detect and respond to advanced cyberattacks, including non-malware attacks.

Non-malware attacks gain control of computers without downloading malicious software. Instead, they use trusted, native operating system tools, such as PowerShell, and exploit running applications, such as browsers, to “live off the land.” These attacks pose a bigger risk than malware attacks because they are harder to detect and cause more damage.

Virtually every organisation was targeted by such an attack in 2016, according to Carbon Black research.

In protecting against non-malware attacks, “Streaming Prevention” takes a fundamentally different approach to endpoint prevention than taken by other AV providers.

Brian Hazzard, vice president of product marketing at Carbon Black explains that the technology behind Streaming Prevention-called defence stream processing-has been around for decades and utilised in industries such as high frequency trading, fraud detection among others.

“We have taken that same technology applied it to security. Cb Defense’s streaming prevention stops attacks by intercepting malicious activity before it causes harm,” explains Hazzard.

Non malware attacks pose a new threat to organisations. Traditional malware compromise systems by executing a malicious payload. To protect networks, signature-based software would be written for to stop them, Hazzard explains. Non malware attacks are designed without files. “The attacks might be completely file-less, using PowerShell or living in a good software already deployed. They render traditional defences totally useless because there’s no executable,” Hazzard observes.
A mind shift is therefore required, shifting from trying to track an executables to start tracing attack behaviours, says Hazzard. “Instead of looking for an executable, IT security teams need to start identifying actions that an attacker must execute to accomplish their mission. They need to keep an eye on things like process invocations, network connections, registry touches and cross process communications, then overlay the attack behaviours in their algorithms and their prevention mechanisms, realising that a file may or may not have an executable.”

At GISEC, GBM released a whitepaper analysing the way different generations interact with the current state of information security and mobility, and whether GCC enterprises are ready for the next generation of workers.

Hani Nofal, VP of intelligent network solutions, security and mobility at GBM explains the research scanned three generations of employees; generation X or those born between early to mid-1960 to 1979; generation Y or those born between 1980 and 1995 (also known as the Millennials); and generation Z, those born in between 1996 to early 2000’s.

These scans enabled GBM to draw a conclusion determining the demographics of these generations and how that dictates their views and interactions with the digital revolutions.

Results showed that in the digital transformation era, GCC enterprises are still setting IT policies that don’t meet the new generation’s expectations. “We believe that companies need to change their policies to be able to be more attractive for these workers,” says Nofal.

By studying the results and noticing new priorities of Gen Y and Z versus the traditional ways of Gen X, the way forward would integrate a variety of new operating systems as well as considering device ownership program preferences. Nofal observers that generation X prefers to work more on Microsoft while generation Y and Z prefer Apple and IOS devices.

Gen X prefers to keep things under their control with 64.82% chosing corporate owned personally enabled (COPE) as their preferred program for the work related device ownership program. On the contrary, Gen Y (Millennials) prefers to keep using their personal device for work, the reason why bring your own device (BYOD) was selected by 57% of respondents as their preferred device ownership program. “This imposes some challenges on the enterprise, not least cyber security,” says Nofal.

“While generation X is more comfortable with corporate provided devices that are personally configured for their needs, we found that millennials are demanding to bring their own personal devices to the workplace,” says Nofal.

In social media, Generation X social media apps are more traditional and are more aware of their privacy. This generation will use on average five apps, notes Nofal. Millennials will regularly use about 10 and it was about 15 apps for generation Z.
“This is also a challenge because majority of companies restrict social media. More than 75% either restrict fully or semi-strictly.” Nofal says.

Not surprisingly, the younger generations have more appetite for risk and less concerned by privacy. The general attitude among millennials and gen Z is that security is the prerogative of their company.

“If you want to be competitive in this era of digital transformation, managers need to understand that this new talent coming onto the workplace will have different expectations, and need to cater to it. That’s why you need to review your IT policy when it comes to social media and the restrictions you place as this might limit innovation of the new generation,” says Nofal.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code