Month: June 2016

Posted on

The Disappearing Demarcation Between IT and Security

There’s been a longstanding belief that IT and security teams are at odds with each other. This is because their measures for performance are, on the surface, almost contradictory with one another. IT must find ways to provide the applications that the business needs. But business conditions change rapidly, and the applications the organization needs can shift on a dime. IT organizations must be agile and quick in response to new business drivers because no CIO wants to be the bottleneck in the boardroom for business change. Thus, IT tends to favor technologies that accelerate change, such as the rapid adoption of virtualized business workloads to the cloud.

Security, on the other hand, operates on a different set of benchmarks and priorities. Security’s foremost concern is the protection of data by eliminating avenues of risk. As such, the general inclination of security tends to be conservative and values consistency over change. Introducing new applications and emerging technologies opens up new vectors for risk and data loss, which are precisely the opposite of what they’re tasked to minimize.

Despite having a healthy appreciation for each other’s work, both sides feel conflicted. IT does not want to forsake security, and security does not want to slow down IT. Yet, it’s not uncommon to see IT and security teams working in completely different parts of the organization due to their conflicting missions.

I found this recent article in Dark Reading interesting: “How Security and IT Teams Can Get Along,” in that there is precedent for change. It discusses several areas where change is occurring, including where new roles are emerging. For example, DevOps groups bridge the gap that traditionally separated application development (constructing new applications) and operations (keeping existing applications running at all times). When thinking about how a similar divide exists with IT and security, perhaps the first step will come through shifts in the expectations on what each group should do.

The article goes into depth about how to make a difference when bringing the teams together, and one area is the problem of measuring goals when the metrics are not meaningful. I agree, because there is a major risk of losing sight of the goals when your metrics are based on the symptom rather than the problem. For instance, incidence response teams that work on investigating alerts often face a Sisyphus’s stone amount of work. There is no shortage of red alerts being generated throughout the organization, and quantity of alerts is seldom a good measure to determine the severity of the problem. The more patient attacker will not draw attention, but how do you find the events on which to focus? And how do you correlate that activity across systems that are traditionally unrelated to one another?

One area that I think is particularly promising is the decoupling of security controls from the application. Phrased in a different way, the reason that I see IT and security competing, at times, is that there’s been no shortage of evidence showing what can happen if you deploy an application first and then bolt the security on afterwards, typically with a one-off point product. It’s seldom going to be as secure or easily managed as if it was designed to be deployed together with the application in the first place. The policy will certainly be fragmented, with a different control point for every point product deployed. And it will almost certainly create the issue described above, where every point product generates red alerts with no correlation on what to prioritize.

That’s why I believe that the Palo Alto Networks Next-Generation Security Platform provides the security controls that bridge the intersection between the interests of IT, Security and DevOps. It does this because it positions critical security functions as the common denominator to all applications: the network. By seeing all traffic, and extending that visibility across all users, applications and devices, the organization can set up the underlying security that applies to all the applications that IT wants to deploy. The critical security controls for stopping an attack are in place ahead of the application, rather than trailing it.

It’s important to note that “network,” in this sense, does not solely mean the traditional perimeter because the platform extends to the mobile user (through GlobalProtect), the public cloud (through VM-Series on AWS and Azure) and the virtualized data center/private cloud. These baseline principles set the foundation for additional controls that the organization deploys along with the application.

Operationally, the use of the platform helps organizations get contextual views of network activity that bears investigation (through AutoFocus) as well as a deeper level of control through the enforcement of policy on the next-generation firewall.

These principles deliver upon the premise of prevention first, while breaking the lifecycle of an attack across all stages, because the protection is inherently baked into the platform rather than bolted onto the application. It’s been designed to do this from the ground up.

I think that, in the years ahead, there will be even greater discussion on how IT and security teams align in new ways, and every organization should be preparing for this conversation. Fortunately, the principles of the Next-Generation Security Platform can help pave the way.

[Palo Alto Networks Research Center]

Posted on

Customer Spotlight: Sielte SpA Achieves a New Preventive Security Posture

Sielte SpA is an international cloud-based information and communication technology (ICT) service provider that provides telecommunication and energy systems across fixed networks, mobile and wireless networks, and equipment and systems.

Sielte has over 500 customers operating in its cloud, encompassing approximately 10,000 devices and a wide range of applications. With such high levels of activity, Sielte has to be constantly vigilant against cyberthreats.

The increasing pressure from its customers, combined with a breach to its previous Cisco firewall, prompted the company to seek a new network security solution. Sielte chose to deployPalo Alto Networks Next-Generation Security Platform in its data center in Catania, Italy.

Sielte’s deployment of the Palo Alto Networks Next-Generation Platform included the PA-5050 Next-Generation Firewall as an Internet gateway for network security and segmentation, as well as subscriptions for Threat Prevention, URL Filtering (PAN-DB), and WildFire. Through this holistic approach, Sielte successfully established a preventive security posture to proactively identify and avert cyberattacks. In addition, the new platform increased their network performance by 150 percent, enabling greater throughput to support the highest number of concurrent user session, and reducing security administration time by 20 percent.

“Working with Palo Alto Networks gives Sielte a great advantage for expanding our cloud business,” Dr. Salvo Rosa, Sielte’s chief security officer, says. “Palo Alto Networks is a clear leader in security innovation, and as a partner, we will have exposure to their latest technology to protect our customers from the most advanced cyberthreats. We see partnership with Palo Alto Networks as a very important vehicle for increasing customer confidence in Sielte, attracting new customers, and opening new markets to help our business grow.”

Read the full case study.

[Palo Alto Networks Research Center]

Posted on

Next-Gen Drive: Robert Megennis Continues Chasing his Indy 500 Dreams

Robert Megennis is a 16-year-old racing prodigy. Palo Alto Networks is proud to be an ongoing sponsor of Rob’s races for the 2016 Mazda Road to Indy racing season. We’ll be checking in to chronicle his adventures as a true next-generation competitor!

The summer is off to a big start for our Indy car driver Robert Megennis. Last week his goal of racing in the Indy 500 came a step closer to reality when he competed in the Carb Night Classic, a 75-lap race held in Indianapolis as a precursor to the main event, the Indy 500.

Robert was also recently featured in a New York Daily News story, and we invite you to read to learn more about Robert’s journey. It’s a tale of passion and inspiration, something we relate to strongly here at Palo Alto Networks. Best of luck, Robert!

Keep up with Rob’s journey on social media:

[Palo Alto Networks Research Center]

Posted on

How Big Data Demoted Pluto

Let me say in advance that you will not learn a new audit or data analytics technique from this article. It is purely to demonstrate the power of data analytics on a massive scale. My goal is to inspire you.

A few months ago I attended a conference that featured Dr. Neil deGrasse Tyson as the keynote speaker. And yes, he is that guy from the Cosmos: A Spacetime Odyssey TV show.

He was hilarious and engaged the audience, receiving a standing ovation from the data geeks. He inspired me to make even more use of data analytics.

His first comment was about Pluto:  “It is not a planet. Get over it.” And then he said:  “We demoted Pluto because we had more data.” Whaaat? That sentence resonated with me so much that I started researching about the data that demoted Pluto.

I learned how powerful new ground and space-based observatories have completely changed our understanding of the outer solar system. As these tools have evolved over the past generation, so too has our picture of the universe. New capabilities have provided new understandings about our place in the cosmos, but they have also unleashed a baffling torrent of data. Amazing discoveries might be right in front of us, yet hidden within all that information.

Since 2000, the Sloan Digital Sky Survey at Apache Point Observatory in New Mexico has imaged more than one-third of the night sky, capturing more than 930,000 galaxies and 120,000 quasars. Computational analysis of Sloan’s prodigious data set has uncovered evidence of some of the earliest known astronomical objects and has determined that most large galaxies harbor super massive black holes. It has even mapped out the three-dimensional structure of the local universe.

So it was just a question of time until someone started searching for large objects everywhere, including the Kuiper Belt. It was astronomer Mike Brown who was convinced by the data on the Belt that there must be many more nearby objects and that some of them were potentially larger than Pluto.

Bingo! In 2003 Brown thought he had found a new planet that was larger than Pluto. He named it Eris (EER-is). Instead of being the only planet in its region, like the rest of the solar system, Pluto and its moons are now known as just a large example of a collection of objects in the Kuiper Belt.

“You didn’t lose a Planet; you gained a new place in the universe.” Dr. Neil deGrasse Tyson

The Kuiper Belt data that led to Pluto’s demotion came from routine observations at Mount Palomar Observatory in California. These data are stored at many repositories, including the National Optical Astronomy Observatory (NOAO) in the United States. The NOAO collects a large quantity and variety of scientific data products, including images, spectra, catalogs, etc., from many instruments deployed on two continents. Wow!

The NOAO has archived all data from their telescopes, accumulating about 10 terabytes of data annually. These data are now available to the public, which is actually an exciting discovery for a data geek like me.

The key to maximizing knowledge extracted from this massive amount of data is the successful application of data mining and knowledge discovery techniques. The data can help classify stars, galaxies and planetary nebulae based on images and spectral parameters, forecasting of sunspots and geomagnetic storms from solar winds, antimatter search in cosmic rays, etc.

Astronomy professor Robert Brunner said:  “Before Sloan, individual researchers or small groups dominated astronomy. You’d go to a telescope, get your data and analyze it. Then Sloan came along and suddenly there was this huge data set designed for one thing, but people were using it for all kinds of other interesting things.” Brilliant!

There you go—factual big data demoted Pluto and not some technicality pushed by a small group of scientists.

I hope you search for interesting ways to use the data available to you. Perhaps to revise long-standing decisions and notions formed when data and easy-to-use analytics tools were less reliable. What truth is hidden on your data just waiting to be set free? You may want to reflect on how much of this all applies to corporate environments.

Editor’s note: The ISACA Now Blog section is celebrating Women in Technology Month throughout June by featuring female bloggers. If you are a female blogger and would like to contribute a blog, please contact us at news@isaca.org.

Karina Korpela, CISA, CISM, CISSP, PMP, IT Audit Manager, AltaLink

[ISACA Now Blog]

Posted on

Five Telltale Signs You Don’t Have the Latest Backup System

It’s Backup Awareness Month—time to take stock of how well your backup system is serving your organization. To help you get started, here are five telltale signs you don’t have the most modern endpoint backup system:

1. You still get Help Desk calls to retrieve lost data.
The latest backup systems feature intuitive, self-service backup so employees can restore their own data. Not surprisingly, enterprises with a modern endpoint backup system cited fewer backup/restore-related support tickets as a top benefit in a recent survey. More importantly, they were able to use the reduced support time to cost justify their more-advanced system.

2. Your backup system doesn’t support multiple platforms.
Today, 96 percent of companies support Macs. That’s because the enterprise has gone heterogeneous and your backup system should, too. A modern endpoint backup system doesn’t care whether a file is on Windows, Linux or OS X, or whether a device operates on iOS, Android or Kindle Fire. It backs up every file, every time, from anywhere—without requiring a cumbersome VPN connection.

3. You have no visibility into what’s on employee devices.
The latest backup systems give IT a comprehensive, single point of visibility and control across every employee device in the enterprise—including desktops, tablets and smartphones. You gain the insight to pinpoint leaks and prevent insider threat, because you know:

  • Which employees are uploading which files to third-party clouds
  • Which employees have transferred which files to removable media
  • Which employees have uploaded which files via web browsers, including web-based email attachments
  • Unusual file restores that may signal compromised credentials
  • The content of files and folders
  • The location of sensitive, classified and “protected” data

4. You can’t pinpoint where a breach occurred.
With legacy backup, you have to conduct lots of inquiries that take lots of time. With a modern endpoint system, you have visibility into every endpoint (see #3 above), so you can quickly identify where a breach occurred and reduce your Mean Time to Contain (MTTC). You also eliminate unnecessary reporting, because with 100 percent data attribution, you know for certain whether or not there was a breach.

5. You have to confiscate a device to enact a legal hold.
Really? Are you still putting up with that significant productivity drain? With a modern endpoint backup system, your legal team can conduct in-place legal holds and file collection without confiscating user devices—and without having to rely on IT staff.

If two or more of these statements apply to your organization, it’s time to go shopping for modern endpoint backup. See #1 above on how to cost justify it.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution that protects data without sacrificing productivity for today’s mobile workforce.

Susan Richardson, Manager/Content Strategy, Code42

[Cloud Security Alliance Blog]

English
English
Exit mobile version