HOT CYBERSECURITY TECHNOLOGIES

[ This article was originally published here ]

By Ruchika Sachdeva, CISSP, Certified Lead Auditor ISO 27001, Partner Trainer ISO 27001 with PECB.

Hot Cybersecurity TechnologiesWith the advent of the pandemic, the plethora of enterprises has turned inside out. The accelerated digital business has led to an exponential increase in cognition of both the service providers as well as the user community. Nevertheless, the hacktivists (a combination of hacker and activist) have found a persistent playground to play their part and constantly outsmart modern cyber security technologies. As per the Cost Of Data Breach Report (CODB), there has been 10% increase in the average total cost of a breach, 2020-2021. Does that end the fight against cyber crime? Definitely ‘NO’. Security is a journey, not a finish line. We must respond by reassessing our security infrastructure and technology, thereby responding appropriately. Cybersecurity experts now must ‘Move their Cheese’ and deal with threats created by the cloud, the Internet of Things (IoT), mobile/wireless and wearable technology. 

As per Gartner, "this year’s security and risk trends like Cybersecurity Mesh, Identity First highlight ongoing strategic shifts in the security ecosystem that are not yet widely recognized but are expected to have broad industry impact and significant potential for disruption." The pandemic has pushed organizations to be fully (or mostly) remote, with plans to shift employees to remote permanently. In fact, $1.07 million cost difference has been reflected in CODB Report where remote work was a factor in causing the breach. From a security perspective, this widened attack matrix requires a total reboot of policies, tools and approved technologies to better mitigate the risks. 

Before moving towards the hot technologies that are tearing up the security ecosystem, let us look at the top 10 vulnerabilities of 2021, as per OWASP leading hackers wreak havoc on enterprises with successful attacks and data breaches. 

  • Broken Access Control     
  • Cryptographic Failures 
  • Injection 
  • Insecure Design 
  • Security Misconfiguration 
  • Vulnerable and Outdated Components 
  • Identification and Authentication Failures 
  • Software and Data Integrity Failures 
  • Security Logging and Monitoring Failures 
  • Server-Side Request Forgery (SSRF) 

In a real-world retrospective of the OWASP Top 10, organizations can now set priority focusing on risks and help them understand, identify, mitigate and fix vulnerabilities in their technology to maintain a foundational security posture in this era of digital transformation. We will see how some of the technologies discussed are mapped to the OWASP Top 10. 

Hot Technologies

Artificial Intelligence (AI) and Machine Learning (ML)

As in every other domain, AI has emerged as one of the top game-changers for cybersecurity. As cybercrime is growing manifold, AI is helping under-resourced security operations analysts stay ahead of threats. Many companies use AI and ML interchangeably, as though they are synonymous. However, they are not. AI is a broad field that includes ML which gives machines the ability to do things that a human can do better or allows a machine to perform tasks that we previously thought required human intelligence. An AI system starts with nothing and progressively learns the rules. It then creates its own algorithms as it learns the rules and applies machine-learning techniques based on these rules. 

Application: AI systems are being trained to detect malware, run pattern recognition, and detect even the minutest behaviors of malware or ransomware attacks before they enter the system. A behavior-based Intrusion Detection System (IDS) can be labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events by consuming billions of data artifacts. Access control on top of OWASP, AI can prove to be a blessing in the security ecosystem as it can be used as a proactive step against intrusion at a security entrance like a swing door or turnstile and integrated into the access control and video security systems to provide rich analytics and situational awareness. 

Benefit: A significant benefit of AI and ML based devices, for example a behavior-based IDS, is that it can detect newer attacks that have no signatures and are not detectable with the signature-based method. Finding threats becomes faster with AI that analyzes relationships between threats like malicious files, suspicious IP addresses or insiders in seconds or minutes and enables security analysts to make critical decisions and remediate threats in reduced time. 

User and Entity Behavior Analysis (UEBA) 

UEBA is the concept of analyzing the behavior of users, subjects, visitors, customers, and so forth for some specific goal or purpose. UEBA tools create user profiles (like a baseline for a network) based on individual behavior. on endpoints and other devices, and then highlighting deviations from that profile that may indicate a potential compromise. 

Application: UEBA can provide a huge sense of relief as it strengthens security by monitoring users and other entities, detecting anomalies in behavior patterns that could be indicative of a threat, somewhat similar to what occurred on June 21, 2021 with the Professional networking giant LinkedIn wherein a huge bundle of 700 million user records scraped from via an API, impacting more than 90% of its user base. 

Benefits: Some of the benefits of UEBA includes Early detection of insider threats, detection of breach due to access to protected data by a user when they do not have a legitimate business reason to access it, detection of brute force attack of cloud-based entities and helps in prioritizing accounts generating abnormal failed logins. Finally, UEBA can reduce false positives when combined with machine learning. 

Blockchain 

The blockchain is, in its simplest description, a distributed and immutable public ledger. This means that it can store records in a way that distributes those records among many different systems located around the world and do so in a manner that prevents anyone from tampering with those records. The Blockchain creates a data store that nobody can tamper with or destroy. Organizations must ponder upon blockchain technology especially when security logging and monitoring failures, one of OWASP Top 10 is their key vulnerability relevant to their environment. 

Application: The first major application of the blockchain is cryptocurrency. The blockchain was originally invented as a foundational technology for Bitcoin, allowing the tracking of Bitcoin transactions without the use of a centralized authority. Although cryptocurrency is the blockchain application that has received the most attention, there are many other uses for a distributed immutable ledger-so much so that new applications of blockchain technology seem to be appearing every day. For example, property ownership records could benefit tremendously from a blockchain application. This approach would place those records in a transparent, public repository that is protected against intentional or accidental damage. Blockchain technology might also be used to track supply chains, providing consumers with confidence that their produce came from reputable sources and allowing regulators to easily track down the origin of recalled produce. 

Benefits: The key reason behind blockchain gaining much traction are the promising benefits that it offers including but not limited to better transparency, enhanced security, reduced cost, true traceability, improved speed and efficiency. Blockchain is a revolutionary technology with an enormous impact on every sector out there namely energy, real estate, logistics, healthcare, finance and government. There are already many companies using blockchain technology actively after realizing the potential of this technology. So, organizations can make educated decisions on whether to use blockchain technology.

Automating Incidence Response through SOAR 

Security orchestration, automation, and response (SOAR) refers to a group of technologies that allow organizations to respond to some incidents automatically. Traditionally, security administrators respond to each warning manually. This typically requires them to verify the warning is valid and then respond. Many times, they perform the same rote actions that they have done before. 

Application: Some of the applications of SOAR include automating a response for DOS attacks. Imagine attackers have launched a SYN flood attack on servers in a screened subnet (sometimes referred to as a demilitarized zone). Network tools detect the attack and raise alerts. they manually change the amount of time a server will wait for an ACK packet. After the attack has stopped, they manually change the time back to its original setting. SOAR allows security administrators to define these incidents and the response, typically using playbooks and runbooks. Within the context of incident response, a playbook is a document that defines actions, and the runbook implements those actions. 

Benefits: The ultimate goal of SOAR is to bring efficiency to Security Operations Centre (SOC) processes and improve incident response in the face of thousands of security alerts. Some of the main benefits include Faster Response Time, Optimized Threat Intelligence, Optimized Threat Intelligence, Streamlined Operations, Reduced Cyberattack impact, Lowered cost. A typical enterprise is surely to experience significant savings by integrating a SOAR platform into its business model

Zero Trust Architecture 

Zero Trust is a security concept where nothing inside the organization is automatically trusted. There has long been an assumption that everything on the inside is trusted and everything on the outside is untrusted. This has led to a significant security focus on endpoint devices, the locations where users interact with company resources. An endpoint device could be a user’s workstation, a tablet, a smartphone, IoT device, an industrial control system (ICS), an edge computing sensor, or any public-facing servers in a screened subnet or extranet. Zero Trust is an alternate approach to security where nothing is automatically trusted. Instead, each request for activity or access is assumed to be from an unknown and untrusted location until otherwise verified. 

Application: Zero Trust is implemented using a wide range of security solutions, including internal segmentation firewalls (ISFWs), multifactor authentication (MFA), Single Sign On (SSO), RBAC coupled with virtual patching, identity, and access management (IAM) (Identification and authentication failures on OWASP top 10 list), Auditing and logging (also on OWASP Top 10 list) and next-generation endpoint security. 

Benefits: Key benefits of Zero Trust Architecture include Reduced threat surface, Increased visibility into all user activity Limit possibility for data exfiltration, Improved overall security posture both on-premises and in the cloud. As per Cost Of Data Breach (CODB) report, 2021, a zero-trust approach will help reduce the average cost of a data breach. A cost difference in breaches of $1.76m has been observed where Zero Trust was deployed as compared to zero trust. Zero trust can help prevent attacks based on the OWASP top 10, as zero trust attackers will have no visibility into potential OWASP applicative vulnerabilities. 

Embedded Hardware Security 

An emerging area of vulnerability is the code in device firmware that runs at startup to prepare the operating system launch. Hackers are looking for ways to inject malware into this code beneath the operating system, which by default never required security and integrity checks designed into its sequence. As a result, the operating system will trust this code even when it contains a nefarious malware payload. To mitigate this threat, a modern PC platform can integrate Hardware-Enhanced Security that starts at the assembly line. It is based on the concept of Privacy by Design (PbD). PbD is a guideline to integrate privacy protections into products during the early design phase rather than attempting to tack it on at the end of development. It is effectively the same overall concept as “security by design” or “integrated security,” where security is to be an element of design and architecture of a product starting at initiation and being maintained throughout the software development lifecycle (SDLC). 

Application: Embedded security ICs can provide a turnkey security solution, delivering capabilities and features such as layers of advanced physical security, cryptographic algorithms, secure boot, encryption, secure key storage, and digital signature generation and verification. Infact Organizations must ponder upon Hardware Security especially when sensitive data disclosure is their key vulnerability relevant to their environment. Cryptographic Failure being on top of OWASP, Embedded hardware Security seems to be the need of the hour. 

Benefits: Some of the benefits of embedded hardware security include root-of-trust, mutual authentication, data confidentiality and integrity, secure boot, secure firmware update, and secure communications. It addresses most vulnerabilities in the OWASP list (Cryptographic Failure, Data Integrity, Insecure Design to name a few) Vendors like Maxim, Intel features authentication IC that provides a unique approach to mitigating key threats by providing a built-in key that uses the random variations in semiconductor device characteristics to provide a physically unclonable function (PUF). The PUF feature is used to create a unique secret key that remains constant over time and under different operating conditions, including operating voltage and temperature. The only way the PUF output (and resulting key) changes is if someone attempts to probe low level chip operations. Designed to revolutionize ‘authentication security’, these employ multiple levels and methods of authentication working in tandem. Some business grade PC are providing AI based Hardware-Enhanced Endpoint Security that make use of hardware telemetry to help detect stealthy attacks. 

Conclusion 

As per NIST 800-36, Guide to Selecting Information technology security controls, the specific blend of security controls an organization employs are tied to the mission of the organization and the role of the system within the organization as it supports that mission. Any of the technologies that the organization chooses to adopt, it must ensure the following general considerations when selecting IT security products: 

  • Organizational considerations should include identifying the user community; the relationship between the security product and organization’s mission; the sensitivity of the data; the organization’s security requirements, policies, and procedures; and operational issues such as daily operation, maintenance, and training. 
  • Product considerations should include total life-cycle costs (including acquisition and support), ease-of-use, scalability, and interoperability requirements; test requirements; known vulnerabilities; implementation requirements for relevant patches; requirements and methods for reviewing product specifications against existing and planned organizational programs, policies, procedures, and standards; security critical dependencies with other products; and interactions with the existing infrastructure. 
  • Vendor considerations should include whether the selection of a particular product will limit future security choices; vendor experience with the product; and vendor history in responding to security flaws in its products.
Ad