Month: March 2016

Posted on

A Tool to Help You Develop Your Cybersecurity Career

We’ve all heard that cybersecurity is a booming field. But sometimes it can be challenging to know career-wise where to begin, or how to take the next step.

The new CSX Career Road Map is a valuable educational tool for young professionals looking to jump-start or launch a career in the cybersecurity/ information security field. The Road Map is comprised of three sections:  your background, your current skills, and future goals and aspirations in the cybersecurity field.

The first stage takes you through basic information such as building your profile by providing your name, current job title, current role (technical or nontechnical), education level, years of relevant security experience, and any certification(s) you have earned. After completing this, there is a little circle below which tells you which level on the CSX certification path you are currently at and what the actual path is.

The second stage consists of your current skills. It asks you what managerial and soft skills you have. After entering the information, the tool tells you how many job titles you qualify for. This is an awesome feature.

The job titles also include nice descriptions so that you will know exactly what each entails and can compare that against where you want to go in cybersecurity. At this stage, you should have a good idea of what job you can be looking for in the market if you are not yet employed. However, if you are already employed, this stage gives you a good idea of what you should be responsible for in your current cybersecurity role, as well as some alternate areas to consider pursuing.

The third stage helps you determine where you want to be in the future in the cybersecurity field based on the path that appeals to you most (managerial/technical). It gives you a list of future job considerations and development goals that you can choose from to reach your goals.

Since I currently work as an information security analyst—the equivalent of a cybersecurity practitioner in the CSX Career Road Map tool—I was able to determine where I am now and where I am supposed to be next in my cybersecurity/information security career.

Another great feature of the CSX Career Road Map is that it gives you a great level of detail on suggested potential roles, which may help you discover new roles you might be interested in pursuing. Importantly, it also tells you possible certifications to earn in order to strengthen your path to a successful cybersecurity/information security career. Certifications are really important in the cybersecurity field in order to validate your skills. With that, I was able to see what certification I need to earn in order to get to an information security manager (ISM) role. It also gives hints on what to do to achieve your development goals.

Overall, this is an awesome tool that provides very valuable information. It will not only help many young professionals starting their careers in cybersecurity find out what to do and where to start, but it will also help practitioners like me who are already in the field figure out how to advance to the next level to better identify, protect, detect, respond and recover.

Yaro Sadek Tahirou, Information Security Analyst, Affinity Plus Federal Credit Union

[ISACA Now Blog]

Posted on

Customer Spotlight: Travel Service Takes Cybersecurity to a Whole New Place

Schauinsland-Reisen, an independent travel agency based in Duisburg, Germany, is the seventh largest package tour operator in Germany and currently offers travel services to over 60 traveldestinations. This nearly 100-year-old company, with a team of over 300, provides excellent customer service, but with a growing web business and a network of over 11,600 partner travel agencies, Schauinsland-Reisen saw a steady rise in cyberthreats.

Unfortunately the company’s Linux-based firewall and antivirus software did not provide adequate protection of critical network assets and endpoint devices. Since implementing the Palo Alto Networks Next-Generation Security Platform, Schauinsland-Reisen has seen a dramatic improvement in network visibility and intrusion prevention.

The platform, consisting of Palo Alto Networks Next-Generation Firewall, Threat Intelligence Cloud, and Advanced Endpoint Protection, blocks daily cyberattacks while ensuring the smooth flow of legitimate network traffic, and also proactively guards against new cyberthreats and prevents damaging code transported by malicious emails and applications from infecting its endpoint devices.

Schauinsland-Reisen is happy to now have a comprehensive, end-to-end cybersecurity platform to protect its business and assure travel customers that their private information is safe on Schauinsland-Reisen’s systems.

“The Palo Alto Networks Next-Generation Security platform opened a whole new universe of options for us. We could finally see how many cyberattacks were coming in from the web every day. It was quite alarming,” Michael Mrugowski, technology team leader at Schauinsland-Reisen comments. “Yet, having the Palo Alto Networks security platform in place, we can say with certainty that compromises to our network are being effectively prevented.”

Read the full case study in English or German.

[Palo Alto Networks Research Center]

Posted on

A Nontraditional Approach to Prioritizing and Justifying Cybersecurity Investments

Investments in cybersecurity tend to be fairly significant, so organizations continually seek ways to determine whether the investments are appropriate based on return. However, companies are challenged to apply and fit the traditional discounted cash flow methods to calculate a return on investment (ROI) and justify cybersecurity initiatives. Return on (cyber)security investment (ROSI) with a method to quantify the intangible returns on cybersecurity initiatives are even harder to calculate than traditional IT initiatives using traditional accounting methods.

The perceptions and views of non-IT management toward cybersecurity are among the contributing factors posing the challenge to justify the expense of such initiatives. A communication gap has resulted and is apparent in some of the following views and questions:

  • Security is not an investment.
  • Is cybersecurity an IT discipline?

The investment justification methodology proposed in my recent Journal article applies to situations in which company competitiveness is examined, critical success factors are defined, and risk and challenges are identified. The objective of the company’s cybersecurity decision model (CSDM) is to frame cybersecurity initiatives with justifications in alignment with company business objectives and governance.

One critical component of my proposed cybersecurity investment decision model formation is based on the company’s collective efforts managed in a workshop environment. The tool used in the workshop based on analytic hierarchy process (AHP) is the technique used to facilitate and determine the degree of impacts and priorities of the proposed initiatives

Figure 1—Example of Cybersecurity Decision Model 

View Large Graphic.

Source:  Robert Putrus. Reprinted with permission.

In my recent Journal article, I stated several benefits and byproducts to expect through the use and performance of the ROSI nontraditional justification methodology, including:

  1. Establishing a clear and dynamic link among company goals, objectives, risk and cybersecurity initiatives
  2. Elevating cybersecurity planning and implementation to the corporate governance level with easier interpretation for nontechnical and technical personnel
  3. Providing a communication platform for management team alignment and support
  4. Developing a company business model that is well understood by the management team and other company entities
  5. Identifying and prioritizing the interrelated elements where management is able to establish better planning, rationalization and deployment of initiatives
  6. Quantifying the impact the proposed initiative might have on each of the company objectives and on the bottom line
  7. Seeking the support of the management team for future departmental initiatives and operational decisions

Read Robert Putrus’s recent Journal article:
A Nontraditional Approach to Prioritizing and Justifying Cybersecurity Investments,” ISACA Journal, vol. 2, 2016.

Robert Putrus, CISM, CFE, CMC, PE, PMP

[ISACA Journal Author Blog]

Posted on

Tech Docs: New AutoFocus Features Make Threat Research a Breeze

A new version of the Palo Alto Networks threat intelligence portal AutoFocus is out! And it’s packed with several nifty features that make threat research a breeze.

The AutoFocus New Features Guide has everything you need to get started but here are some release highlights: 

STIX for AutoFocus API: STIX (Structured Threat Indicator eXpression) is an XML-based standard that provides a consistent format for storing and sharing cyberthreat data. The AutoFocus API now lets you send API requests to AutoFocus and receive STIX-compliant responses. Sharing AutoFocus threat intelligence is easier than ever!

New Threat Analysis Features: Assess your level of coverage against malware by viewing which signatures were matched to a sample during WildFire analysis. Additionally, for behaviors observed in a sample during WildFire analysis, you can now view a list of activities exhibited by the samples that were used as evidence of the observed behavior.

AutoFocus Feedback Tool: A new feedback tool built into the AutoFocus navigation pane lets you get in touch with the AutoFocus team in just a couple of clicks. Send your rave reviews of AutoFocus or request features you’d like to see in future releases. 

Workflow Improvements: Be an AutoFocus power user in no time with various time-saving enhancements to the portal. Changes include the ability to:

  • Start searching for an artifact from any page on AutoFocus
  • View the API request for a search directly in the AutoFocus interface
  • Conduct multiple searches simultaneously in different browser windows

and many more.

Get Started

To get started, view the AutoFocus Release Notes and AutoFocus New Features Guide. You can also visit the documentation portal for access to more AutoFocus resources.

Have Questions?

For questions or comments about these features, contact your SE or account representative. For questions about documentation, email us at documentation@paloaltonetworks.com.

[Palo Alto Networks Research Center]

Posted on

Top 3 Malware Bogeymen Keeping CISOs Up at Night

What keeps CISOs up at night? Of all the cyberthreats, malware sends chills down a CISO’s spine, according to The CyberEdge Group’s recently released 2016 Cyberthreat Defense Report. Malware bogeymen come in many shapes and sizes. Here are three of the most nefarious in their respective categories:

Ransomware: CryptoWall
Ransomware has come a long way since 1989, when the AIDS Trojan first encrypted a user’s hard drive files and demanded money to unlock them. The latest version of CryptoWall, the most significant ransomware threat in the States, not only encrypts the file, it also encrypts the file name—making it a challenge to even find “kidnapped” files.

CryptoWall cost victims more than $18 million in losses in a single year, according to the FBI. While individual ransom fees are typically only $200 to $10,000, additional costs can include loss of productivity, mitigating the network, incorporating security countermeasures, and purchasing credit monitoring services for employees and/or customers.

Banking Trojan: Dyreza
Banking Trojans use a man-in-the-browser attack. They infect web browsers, lying in wait for the user to visit his or her online banking site. The Trojan steals the victim’s authentication credentials and sends them to the cyberthief, who transfers money from the victim’s account to another account, usually registered to a money mule.

For nearly a decade, the ZeuS Trojan conducted a reign of terror in the banking world. Even after Europol took down the Ukrainian syndicate suspected of operating ZeuS in 2015, new strains kept appearing. But it seems ZeuS has met its match in Dyreza (aka Dyre, aka Dyzap). More than 40% of banking Trojan attacks in 2015 were by Dyreza, according to Kaspersky Lab’s 2015 Security Bulletin. Dyreza’s one-two punch? It can now attack Windows 10 machines and hook into the Edge browser.

Mutant two-deaded worm: Duqu 2.0
There isn’t an official category yet for the most sophisticated malware seen to date. At a London press conference announcing an attack by the new version of the Duqu worm on its corporate network, Kaspersky Lab founder Eugene Kaspersky described the malware as a “mix of Alien, Terminator and Predator, in terms of Hollywood.

The original Duqu worm was mysterious enough, being written in an unknown, high-level programming code. Now Duqu 2.0 is further flabbergasting the security experts. Some describe it as a compound sequel of the Duqu worm that assimilates the features of a Trojan horse and a computer worm. Others call it a collection of malware or a malware platform.

I’m dubbing it the Mutant Two-Headed Worm because it has two variants. The first is a basic back door that gives attackers an initial foothold on a victim network. The second variant contains multiple modules that give it multiple superpowers: it can gather system information, steal data, do network discovery, infect other computers and communicate with command-and-control servers. And did I mention Duqu 2.0 has an invisibility Cloak? The malware resides solely in a computer’s memory, with no files written to disk, making it almost impossible to detect.

If Duqu 2.0 attacks increase in 2016, expect malware to be a CISO’s worst nightmare next year too.

Download the 2016 Cyberthreat Defense Report to learn how IT security professionals perceive cyberthreats and their plan to defend against them.

Susan Richardson, Manager/Content Strategy, Code42

[Cloud Security Alliance Blog]

English
English
Exit mobile version