Palo Alto Networks researchers were recently credited with discovery of two new Apple product vulnerabilities.
Researchers Tongbo Luo and Bo Qu discovered a webkit vulnerability (CVE-2016-1855) affecting Safari in OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.10.5.
Tongbo and Bo also identified an OpenGL vulnerability (CVE-2016-1847) affecting Apple TV (fourth generation and later), iPhone 4S (and later versions), iPod Touch (fifth generation and later), and iPad 2 (and later versions).
Apple addressed both findings in a recent security update. Palo Alto Networks has also released IPS signatures covering these vulnerabilities (for current customers, available in content release 585).
Palo Alto Networks is a regular contributor to vulnerability research in the Microsoft, Apple, Android and other ecosystems. By proactively identifying these vulnerabiliites, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government and service provider networks.
In a recent conversation with Linda Moss, VP of Global Enablement and Education at Palo Alto Networks, I was shocked to learn just how significant of a cybersecurity workforce shortage there is in this industry. Our conversation included both the volume of threats seen in the modern threat landscape and the growing number of opportunities this landscape is creating for students and IT professionals to either begin or transition into a lucrative career in cybersecurity.
With the cybersecurity industry expected to grow from $75 billion to $170 billion in the next five years, or so, the need for trained professionals is skyrocketing. In my opinion, Linda has one of the most exciting jobs in our company, but also one of the largest responsibilities, as her team develops a curriculum that will enable a next-generation cybersecurity workforce. Some experts predict that, by 2019, the demand for cybersecurity professionals will increase to approximately 6 million globally. What is even more surprising is that the shortage of trained professionals is projected to be 25 percent – or 1.5 million jobs unfilled.
I was happy to capture our conversation in a short video that I’d like to share with you. Here, Linda and I discuss several key areas of education, including the overall skills shortage, types of training available, the Palo Alto Networks Certified Network Security Engineer (PCNSE) certification, and the Accredited Configuration Engineer (ACE) accreditation. In addition, Linda has some great insight regarding the importance of working with colleges and universities to ensure future generations get the necessary skills to prevent successful cyberattacks through the Palo Alto Networks Academy program.
I am originally from the U.S. and relocated to New Zealand in 2014. Prior to coming to New Zealand, I worked as an IT auditor in Phoenix, Arizona, U.S. Long before engaging in IT related work, I obtained an undergraduate degree in Aerospace Engineering from University of Arizona and also an MBA from Thunderbird School of Global Management. The engineering degree taught me how to think about systems. The MBA prepared me for working in other countries.
You might wonder why I moved from aerospace engineering, IT audit and then to information security. I am a multipotentialite (http://puttylike.com), and have many different interests and pursuits in life. For some time, I had resisted pursuing information security as I thought it was primarily about hacking.Then I saw a chart (see below) that showed me the many facets of information security. Having so many facets interested me.
I was informed about the CISSP by colleagues in the U.S. At the time, I thought I was not ready for it. I found out about the Associate Program from the (ISC)² website. I decided to obtain the Associate designation because I wanted to be considered for an information security position. Then I moved to New Zealand.
Transition to New Zealand
Why New Zealand? New Zealand is a beautiful country. Anyone who has seen “Lord of the Rings” or “The Hobbit” movies has seen the beauty of New Zealand. I was also intrigued by a country that posted a high SPI (Social Progress Index http://www.socialprogressimperative.org) score and a high Transparency score (Transparency International http://www.transparency.org/cpi2015 ).
Currently, I am the information security manager for Waikato District Health Board headquartered in Hamilton. This organization provides healthcare to more than 300,000 New Zealand citizens and residents. Anyone who has worked in a hospital system can understand the complexity of providing healthcare, managing information systems and balancing security and privacy. In my present role, I am charged to lead the development of the organization’s information security strategy, framework, culture and policy. In conjunction, I develop information policies, protocols, procedures and guidelines. Also, I perform risk assessments and review operational compliance. My favorite part is working to raise security awareness and provide advice and guidance.
When I applied for my current position, one of the requirements was that “the candidate holds an information security certification.” I had studied for and passed the CISSP exam in October 2013. At the same time, I was also able to apply work experience as an IT auditor and work experience as an information security manager. I was able to obtain the CISSP in September 2015.
Borderless Certifications
One thing I would like to share regarding the internationally recognized certifications like the CISSP is that such credentials cross borders. I really do not have to explain that I am an information security professional. This is important in a world where information security knowledge and skills are wanted. The certifications give me credibility when I speak about information security. This is important in gaining trust and the acceptance of others.
I was encouraged by Ryan Ko, Ph.D. at the University of Waikato (http://www.cms.waikato.ac.nz/people/ryan) to obtain the CCSP (Certified Cloud Security Professional). I had come into cloud technologies by accident and had worked on cloud-based implementations. The CCSP has given me the creditability to speak about issues of data security and cloud use. The CCSP is not well known and I am having to educate colleagues about it. By the way, the Maori’s (first people to come to New Zealand) name for New Zealand is “Aoteoroa” which means “Land of the Long White Cloud.”
Since moving to New Zealand, I have been able to write and speak more about information security. I write a blog published within Waikato District Health Board. I have also written a chapter on cloud governance in “Cloud Security Ecosystem.” At Cloud Asia 2016 (http://www.cloudasia.asia ) in Singapore, I gave a presentation on “An Experiment in Virtual Healthcare.” This is an initiative of Waikato District Health Board to provide healthcare through a cloud-based system and mobile devices. I have also worked with Cloud Security Alliance (www.cloudsecurityalliance.org) which is a partner with (ISC)² on the CCSP.
You may be wondering how the work environment in New Zealand compares to what I experienced in the U.S. There does appear to be a better work-life balance. Also, there are more holidays and vacation days in New Zealand. This allows for more time to enjoy the beauty of this land.
Advice to Novice Security Practitioners
The (ISC)² Associate Program indicates to anyone that the holder of this designation is serious about information security. Take the exam (for whichever certification you want) as soon as you are ready to do so. Even if you are a student, having the Associate designation makes you stand out from other students. Once you obtain the Associate, it really is only a matter of time before you become certified.
About the Author:
Name: Sai Honig
Job Title: Information Security Manager, Waikato District Health Board, New Zealand
Where are you from or currently based: Originally from the U.S.; currently based in Hamilton, New Zealand
(ISC)² certifications: CISSP, CCSP
Years of experience in the industry: 6
Topic(s) of interest in infosec: Cloud, Governance, Data
Palo Alto Networks joined a cybersecurity business development mission of 14 U.S. ICT companies to Japan, Korea and Taiwan from May 16–24, 2016. The mission, led by U.S. Assistant Secretary of Commerce Marcus Jadotte, aimed to foster cooperation with these countries on cybersecurity from both a policy and business angle, exchanging challenges, experiences, ideas and best practices from both government and industry perspectives.
Palo Alto Networks was honored to be part of this high-level delegation. As three of the most developed and networked countries in Asia, Japan, Korea and Taiwan have extremely digitized economies, ICT-savvy businesses and citizens, and some of the most advanced manufacturing in the world. Thus, these countries have essential roles to play in helping the region chart a solid course in cybersecurity policies that take account of the interconnectivity and interdependence of each other and the global economy.
Each stop offered numerous opportunities to engage with governments, academics, industry officials, and other thought leaders, all of whom are taking steps to craft workable approaches to cybersecurity. All three stops included conferences or workshops where participants shared about their current cybersecurity policy activities. Palo Alto Networks spoke at the Spotlight on Cybersecurity Conference in Tokyo and the Korea-U.S. Cybersecurity Policy and Business Exchange in Seoul, providing our views on cybersecurity in critical infrastructure and the Internet of Things (IoT), as well as the increasing emphasis we see in the United States on cybersecurity being viewed as an issue for the C-suite.
The Taiwan stop of our trip from May 23–24 had fortuitous timing, coinciding with the first two days of the new administration that had been inaugurated the prior week. Taiwan President Tsai Ing-wen has made cybersecurity one of her top priorities, and the government plans to finalize and pass later this year its pending Cybersecurity Act, which will lay out expectations and requirements for the government as well as government-owned companies and infrastructure on cybersecurity. We look forward to working with Taiwan as it passes this law.
All in all, the mission shed extensive light on activities in the three countries. We appreciated the governments of Japan, Korea and Taiwan sharing with us their current actions and future plans to strengthen their cybersecurity and seeking industry’s input on these initiatives. Japan, Korea and Taiwan alike are devoting more government and private sector resources to combat cyberthreats, and protect critical infrastructure, and investing in computer emergency response teams (CERTs), cyberthreat information-sharing, public-private partnerships, and international cooperation.
Palo Alto Networks commends the U.S. government for organizing this mission. The leadership from Washington was complemented in each capital by senior U.S. embassy officials—including Ambassadors—who hosted our delegation and counterpart government and industry officials, signifying the importance placed by the United States on dialogue and cooperation on cybersecurity with these three countries. The mission facilitated extremely fruitful discussions that are hugely important both in government and industry. We look forward to building upon the relationships and partnerships we have in Japan, Korea and Taiwan and continuing to work with these leading countries to enhance cybersecurity and resilience in the global economy.
Danielle Kriz, Jae Heun Shim, and Charles Choi of Palo Alto Networks, with the mission delegation, at the residence of U.S. Ambassador to South Korea Mark Lippert.
We often hear about cyberattacks consisting of exploits or malware meant to gain control of victim machines, and the term “phishing” has become more widely used and understood. Even my dad now knows what phishing is, not because I told him, but because of headlines in news publications like these:
According to Verizon’s recently released 2016 Data Breach Investigations Report, phishing attacks overwhelmingly aim to steal legitimate user credentials. Genuine credentials are valuable because they provide attackers with “authorized” access, which is less likely to trip any alarms or alert administrators, which, in turn, means more time for attackers to do what they will.
Verizon reported that around 1000 breaches in 2015 were the result of stolen credentials. If you’re the attacker, why try to break in through the second story window when you’ve got a key to the front door? And if you’re the target, how do you stop attackers from using your own front door keys to break into your house?
Verizon recommends a few things to stop credential phishing and limit attackers’ movement, should they be able to bypass your network protections:
Use an email gateway to inspect email content and filter out those pesky phishing emails. (We highly recommend Proofpoint – keep reading to find out why!)
Provide your users with a straightforward way to contact your security team should they suspect a phishing attempt.
Require strong authentication – no one should be using default passwords or easily guessable passwords consisting of less than 12 characters – and when two-factor authentication is available, use it!
Use internal network segmentation to limit how far attackers can get and make sure they cannot easily pivot to where the high-value stuff is kept.
Inspect outbound traffic for signs that users have been compromised. Look for suspicious HTTP and DNS connections and file transfers – these are signs of command-and-control traffic and data exfiltration.
Of course, being a security company, we always have phishing attacks top of mind as challenges to solve. We’ve recently implemented new features within PAN-DB to help our customers fight the ongoing phishing battle using URL Filtering and WildFire.
Recognizing New Phishing Websites
WildFire now includes frequent updates to PAN-DB’s phishing category in its generated set of protections. It actively looks for links to spoofed websites and web forms containing usernames and passwords that are intended for unapproved or unknown web applications. These quick categorizations enable our customers to block access to newly discovered phishing sites so your users don’t get duped into giving away their credentials.
Better Together
In addition, we’ve recently partnered with Proofpoint to help our joint customers better secure themselves against malicious emails, including phishing emails and emails with exploitive or malware attachments and malicious links. Armed with Proofpoint deployed for email, and a WildFire API key, customers can easily integrate Proofpoint’s visibility into all pre-filtered incoming email with WildFire’s thorough analysis engine to prevent attacks both at the email gateway and at the firewall – a double layer of protection against phishing.
As Verizon has noted, 63 percent of confirmed data breaches involved leveraging weak, default or stolen passwords. This problem is not one that technology can fix by itself; real people are being targeted, and real people are necessary to overcome phishing attacks. User education – though not 100 percent effective against phishing attacks (some of these targeted emails areinsanely well-crafted, guys) – can help to significantly decrease the attackers’ success rates.
Has your organization done anything unique in terms of people, process or technology to help tackle the phishing problem? And, of similar importance (not really), how many other phishing puns can you think of?
Check out the lightboard video below to learn more about phishing and how Palo Alto Networks helps to prevent it.
