The CISO Imperative: Taking Control of SAP Cyber Attacks
It is impossible to overestimate the importance of SAP system security for modern enterprises. SAP solutions are widely used in all industries to store sensitive information and run critical business processes: from Enterprise Resource Planning and Human Resources systems to Business Intelligence to Customer Relationship and Supply Chain Management. Constant availability and protection of SAP systems is critical for over 250,000 enterprises around the world, as is their continued visibility and auditability to ensure compliance.
Nov 17, 2015: The Seven Keys to a Successful Privileged Account Management Strategy
How can IT professionals successfully walk the thin line between protecting their organization's critical data and at the same time enable users and administrators to work productively? First of all, it is absolutely important to control, monitor, and audit privileged access in order to mitigate the risks posed by insider threats, prevent data breaches, and meet compliance requirements.
The Glorious Return of the Albanian Virus
by Alexei Balaganski
When I first read about the newly discovered kind of OS X and iOS malware called XcodeGhost, quite frankly, the first thing that came to my mind was: “That’s the Albanian virus!” In case you don’t remember the original reference, here’s what it looks like:
I can vividly imagine a conversation among hackers, which would go like this:
- Why do we have to spend so much effort on planting our malware on user devices? Wouldn’t it be great if someone would do it for us?
- Ha-ha, do you mean the Albanian virus? Wait a second, I’ve got an idea!
Unfortunately, it turns out that the situation isn’t quite that funny and in fact poses a few far-reaching questions regarding the current state of iOS security.
What is XcodeGhost anyway? In short, it’s Apple’s official developer platform Xcode for creating OS X and iOS software, repackaged by yet unknown hackers to include malicious code. Any developer, who would download this installer and use it to compile an iOS app, would automatically include this code into their app, which is then submitted to the App Store and distributed to all users automatically as a usual update. According to Palo Alto Networks, which published a series of reports on XcodeGhost, this malware is able to collect information from mobile devices and send them to a command and control server. It would also try to phish for user’s credentials or steal their passwords from the clipboard.
Still, the most remarkable is that quite a few legitimate and popular iOS apps from well-known developers (mostly based in China) became infected and were successfully published in the App Store. Although it baffles me why a seasoned developer would download Xcode from a file-sharing site instead of getting it for free directly from Apple, the list of victims includes Tencent, creators of the hugely popular app WeChat that has over 600 million users. In total, around 40 apps in the App Store have been found to contain the malicious code. Update: another report by FireEye identifies over 4000 affected apps.
Unfortunately, there is practically nothing that iOS users can do at the moment to prevent this kind of attack. Surely, they should uninstall any of the apps that are known to contain this malicious code, but how many have not yet been discovered? We can also safely assume that other hackers will follow with their own implementations of this new concept or concentrate on attacking other components of the development chain.
Apple’s position on antivirus apps for iOS has been consistent for years: they are unnecessary and create a wrong impression. In fact, none of the apps remaining in the App Store under a name “Antivirus” is actually capable of detecting malware: there are no interfaces in iOS, which would allow them to function. In this regard, user’s safety is entirely in Apple’s hands. Even if they upgrade the App Store to include better malware detection in submitted apps and incorporate stronger integrity checks into Xcode, can we be sure that there will be no new outbreaks of this kind of malware? After several major security bugs like Heartbleed or Poodle in core infrastructures discovered recently (and yes, I do consider Apple Store a critical infrastructure, too), how many more times does the industry have to fall on its face to finally start thinking “security first”?
Access Governance in a Cloudy Environment
Organizations are increasingly using the new technologies of smart devices, cloud computing and social media to connect with their customers, improve service and reduce costs. To successfully exploit these new technologies organizations need to understand and manage the risks that these bring.
Cloud Security: IBM not only protects but detects, connects, and responds
by Martin Kuppinger
With the announcement of the IBM Cloud Security Enforcer, IBM continues its journey towards integrated solutions. What had started a while ago in the IBM Security division with integrating identity and analytical capabilities, both from the former IBM Tivoli division and the CrossIdeas acquisition, as well as from the Q1 Labs acquisition, now reaches a new level with the IBM Cloud Security Enforcer.
IBM combines capabilities such as mobile security management, identity and access management, behavioral analytics, and threat intelligence (X-Force) to build a comprehensive cloud security solution that raises the bar in this market.
Running as a cloud solution, IBM Cloud Security Enforcer can sit between the users and their devices on the one hand and the ever-increasing number of cloud applications in use on the other hand. It integrates with Microsoft Active Directory and other on-premise services for user management. While access of enterprise users can be controlled via common edge components, routing traffic to the cloud service, mobile users can access a mobile proxy (World Wide Mobile Cloud Proxy), including support for VPN connections.
The IBM Cloud Security Enforcer then provides services such as application management, a launchpad and an application catalog, entitlement management and policy enforcement, and a variety of analytical capabilities that focus on risks and current threats. It then can federate out to the cloud services.
Cloud security services are nothing new. There are cloud security gateways; there is Cloud IAM and Cloud SSO; there is increasing support for mobile security in that context; and there are Threat Intelligence solutions. IBM’s approach differs in integrating a variety of capabilities. When looking at the initial release (IBM plans to provide regular updates and extensions in short intervals) of IBM Cloud Security Enforcer, there are several vendors which are stronger in single areas, but IBM’s integrated approach is among the leading-edge solutions. Thus we recommend evaluating that solution when looking at improving cloud security for employees.
Executive View: Waterfall Unidirectional Security Gateway - 71291
by Alexei Balaganski
Waterfall Unidirectional Security Gateway technology combines specialized security hardware with a broad range of supported industrial protocols and applications to provide a level of network security unattainable by traditional firewalls.
Leadership Brief: Breach and Incident Response & Employee Training - 71415
by Bruce Hughes
From 2013 to 2014 data breaches nearly doubled. Well known consumer brands, financial institutions, retail chains and government agencies have all been affected. Organisations need to rethink or strengthen their data privacy strategies to cope with this rising threat. Lack of action and well thought out risk management and stakeholder management plans may subject your organisation to material, reputational or regulatory risk.
Advisory Note: Identity Information Quality - 70996
by Matthias Reinwarth
Today’s diverse and rich identities are major assets for virtually every organization. Maintaining and ensuring an adequate level of Identity Information Quality is essential for leveraging identity information as the basis of operational and business processes.
Executive View: BalaBit Blindspotter - 71202
by Alexei Balaganski
Blindspotter is a real-time analytics solution, which identifies external and internal security threats by detecting anomalies in user behavior.
Effiziente Administration von Benutzerberechtigungen - Wenn Rollenvergaben alleine nicht ausreichen
Die Einhaltung und Umsetzung komplexer Regularien stellt viele Organisationen vor große Herausforderungen. Das Berechtigungsmanagement muss mit Blick auf die Vielzahl möglicher Berechtigungen beherrschbar bleiben. Eine rein rollenbasierende Berechtigung ist aber mit Blick auf die notwendig werdende Anzahl statischer Rollen oft nicht angemessen. Die regelbasierte Vergabe von Berechtigungen kann hier eine wichtige IT-Governance-Komponente darstellen.
Im Mittelpunkt steht das Kundenerlebnis: Consumer Focused Identity Management
In den letzten fünf Jahren haben sich die Bedürfnisse von Unternehmen, was den Zugriff auf kritische Anwendungen oder die Sicherheit von Kundenidentitäten betrifft, deutlich geändert. Zunehmend vernetzte Kunden, die auf neue Art und Weise über verschiedene Kanäle aktiv werden, lassen die Grenzen der Kundeninteraktion verschwimmen. Das neue Kundenverhalten zwingt Marketingabteilungen und Geschäftsbereiche nun dazu, eng mit den IAM-Verantwortlichen zusammenarbeiten: Sie müssen gemeinsam eine passende Lösung finden, die das Unternehmen bei der Schaffung, Pflege und Optimierung von Kundenbeziehungen unterstützt.
Advisory Note: Turning inattention into intention - 71501
by Scott David
How IoT will help drive the development of Life Management Platforms and affect your company’s future relationship with its customers.
Oct 27, 2015: Intelligente Protokollierung von Aktivitäten
Einen Einblick in die Administration von kritischen Systemen zu haben ist notwendig, um die Einhaltung von Vorschriften kontrollieren und den Schutz des Systems, als Kernstück des Unternehmens, sicherstellen zu können. Durch die Protokollierung und Analyse der Aktivitäten von privilegierten Nutzern und Administratoren können Fehlverhalten und daraus resultierende Gefahren schneller erkannt und weitere negative Auswirkungen für Systeme, Anwendungen und Daten verhindert werden.
From Static Roles to Dynamic Attribute-Based Authorisation
Traditional identity & access management (IAM) relies on the modeling of roles and permissions for the administration of rights. However, the digital transformation of business models and the demand for more flexibility and increased speed of implementation is turning out to be more than what a pure role model could provide. IAM is now much more essential to operations than was the case a few years ago, and therefore requires more agility. Dynamic authorisation provides this and is the core of the new IAM framework.
KuppingerCole Analysts' View on IAM 3.0/4.0
Identity Management and Access Management are on their way into the first line of defence when it comes to enterprise security. With changing architecture paradigms and with the identity of people, things and services being at the core of upcoming security concepts, maintaining identity and Access Governance is getting more and more a key discipline of IT security. This is true for traditional Access Governance within the enterprise and this will become even more true for the digital business and the identities of customers, consumers, partners and devices.