Day: November 30, 2016

Posted on

Training: The Missing Ingredient for IT Success

Over the years, it has come to my attention that few industries innovate faster than IT. And while I am surrounded by many of these changes in my everyday life, I try not to underestimate the value of ongoing training and how it improves my skill set and could potentially open up new career opportunities.

Regular IT training is by far one of the single most valuable things I do on a regular basis.

Benefits of Ongoing Training
I will admit that I do not like the word “training.” It takes me back to being a student in a structured classroom setting. But training really is a positive thing. It is what gives us the knowledge and skills necessary to complete the tasks and objectives we face in our jobs.

With that being said, here are some of the biggest benefits that I have found in committing to ongoing training.

  • Less supervision. When you know what you are doing and have the knowledge to handle any issue, you no longer need someone looking over your shoulder. As a result, you will find that one of the direct benefits of training is less supervision.
  • Growth and salary opportunities. The more you train, the more skilled you will become. This ultimately will open up the door for new opportunities and career advancement. As a by-product, ongoing training can lead to higher salaries.
  • Increased satisfaction. If you are good at your job, you are more likely to enjoy it. This leads to more happiness and satisfaction in your daily job—benefits that cannot be purchased.

Invest in training and you are sure to reap positive and tangible rewards that will benefit your career for years to come.

How to Make Training a Habit
The occasional training session and brief seminar will not do you much good—at least it does not for me. In order for training to provide benefits, it needs to be a priority.

Here are some of the ways I have made training a consistent habit in my life:

  • Carve out consistent time. The most important thing is that you make time for training. “Pick a consistent time and set a reminder,” suggests CBT Nuggets, a leader in online IT training. “Maybe it’s right after breakfast, during lunch, or right when you get home from work. Whatever time will work best for you, be consistent and set a reminder. By using multiple cues (time and sound), you will increase the motivators that will move you to train.”
  • Involve others. It is much easier to make training a priority when you have others involved. While you do not necessarily need to do the training with other people, consider launching your individual training at the same time as a friend or coworker’s training. This provides some accountability and keeps you on track.
  • Choose something interesting. Learning is always much more fun when you are actually interested in the topic at hand. When choosing different ongoing training programs and curriculum, go with topics that you like—or topics that you want to know more about. I know I am much more likely to stay on track if the subject intrigues me and holds my interest.

Anyone can make training a habit. The key is to set up a foundation in which success is more likely than failure.

Keep Moving Forward
As motivated people often say, “If you aren’t moving forward, you’re going backwards.” In other words, because technology advances so quickly, sitting still is the equivalent of backtracking.

Well, the good news is that it does not take much time or effort to move forward in the IT world. You already have most of the knowledge you need! All that is necessary is ongoing training on a consistent basis. It has taken time and effort, but I have made it a part of my weekly schedule. I am confident that you can do the same!

Editor’s note:  ISACA offers numerous training and education opportunities. For more information click here and click here for CSX training information.

Larry Alton, Writer, LarryAlton.com

[ISACA Now Blog]

Posted on

Automation Is Key for Effective SaaS Security

The first step for many organizations migrating to the cloud is the adoption of SaaS applications such as Office 365, Box, Salesforce and many more. As an IT professional, this means you are giving permission to your users to store data in the cloud with corporate-approved services, such as OneDrive or SharePoint Online. The decision to move to the cloud is usually supported by a long list of cost and operational benefits. Infrastructure cost reduction? Check. Increased productivity? Check. License cost reduction? Check. But, have you thought about data governance and compliance, malware protection, and collaboration with external vendors? These are great questions to ask as you make this transition.

With the adoption of SaaS, organizations look to reduce the threat surface for your organization as your data is now hosted in data centers that are not managed by you. When you start your research, you may come across such terms as Cloud Access Security Broker (CASB), Cloud Security Gateway (CSG) or cloud-based Data Leakage Prevention (DLP), depending on your source of information. Security providers, including us, belong to these new categories and are essentially solving the same customer problems: SaaS usage control, data governance and threat protection for your corporate cloud apps. Palo Alto Networks SaaS security provides a different, but effective, approach by extending our industry-leading security platform to your SaaS applications.

Palo Alto Networks Next Generation Security Platform includes our Aperture service, which provides our customers with complete SaaS security, including the ability to enforce consistent policies across the network, endpoint or cloud. We continue to adapt to the ever-changing SaaS ecosystem and have recently added several new enhancements to Aperture to significantly improve and optimize SaaS security for your organization while keeping your daily tasks at a minimum. Here is a quick recap of some the new features added over the last three months:

Automated Remediation

Aperture now supports complete automation with the ability to instantly discover and remediate risks. You can create policy rules that automatically quarantine compromised assets, change sharing to maintain your security posture, and notify owners when an asset is vulnerable. When you enable this feature, you can process and fix large volumes of risks in record time with minimal overhead.

Enhanced Search

The Asset and Activity Search feature provides customers with unprecedented visibility by searching through terabytes of cloud assets within seconds to identify assets or users at risk. If these basic search filters are not sufficient, Aperture also supports advanced search capabilities that allow you to apply multiple filters and logical operators. With advanced search, you can find an exact list of important assets that match your criteria while ignoring items that may not be important to you.

Find Malware in Office 365 Documents, PDFs and Executables

Customers can choose whether to submit files to the WildFire cloud for analysis and can now submit Windows executables, Microsoft Office files, or PDF files. This feature ensures that known and unknown malware hosted in your SaaS applications is quarantined or deleted immediately to prevent propagation or malicious data exfiltration.

This is just a brief review of the most recent Aperture enhancements. A complete listing of updates is maintained at the Aperture New Features Guide.

If you would like to learn more about SaaS security from Palo Alto Networks, here are several resources:

[Palo Alto Networks Research Center]

Posted on

2017 Cybersecurity Predictions: The Year We Get Serious About IoT Security

This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017. 

Throughout 2016, cybersecurity moved more into the public eye than ever before. Hacks into the Democratic National Committee, BitFinex, Yahoo, Dropbox, LinkedIn, and Verizon were just a few of the high-profile security breaches that grabbed headlines this year.

With 2017 fast approaching, we expect that we’ll continue to see breaches in the news. Let’s look at some predictions for the new year around network security:

Sure Things

Phishing attacks will continue to increase…and be effective

While phishing has been around for a long time, it continues to be a very successful method of attack for hackers. The 2016 Verizon Data Breach Investigations Report cites 30 percent of phishing messages were opened by the target, with a median time of the first click on a malicious attachment being within the first three minutes and 45 seconds. It’s effective, and it works. In their Q2 2016 Phishing Activity Trends Report, Anti-Phishing Working Group (APWG) observed 466,065 unique phishing sites in Q2 CY2016 – up 61 percent from the previous quarter’s record in Q1 CY2016. Seagate Technology, Snapchat, and Polycom are just a few examples where spear phishing attacks compromised employee payroll information in 2016. With attackers creating ever-more-realistic-looking emails and landing pages, we’re only going to see more of this in 2017.

Security organizations will begin to move away from security sprawl and towards true automation

To counter the malicious activities coming at them, security operations teams need to be more agile than ever – that means more visibility into what’s coming at them, a reduction of noise, and automating for faster response.

Traditionally, security teams have bolted on additional security solutions to address new threats. This has led to management frustration – coordinating security resources (oftentimes manually) from a variety of security solutions and vendors where the components don’t talk to each other or share knowledge. Security organizations will start to migrate toward solutions that are more contextually aware and security platforms that can share information across the attack surface, utilizing analytics for automated detection and response.

Internet of Things (IoT) attacks become a thing

Experts have been sounding warnings about IoT security vulnerabilities for a few years now, and while hacks have been demonstrated, until recently we hadn’t seen a lot of widely reported malicious activity. That changed in a big way towards the end of 2016. We saw the largest DDoS attack ever delivered by a botnet made up of IoT devices and a major attack on Dyn just a month later led to a massive internet outage across the U.S. and parts of Western Europe.

Gartner estimates that there are 6.4 billion connected things worldwide in use this year, a number expected to reach 20.8 billion by 2020. That’s a lot of targets.

Ease of use will be key to the success of IoT devices, but requiring individual users to constantly update their security wrinkles the user experience. Will “Uncle Joe” really go through the process of updating the default password on his new connected thermostat? Probably not – and that leaves a gaping hole for breaches depending on other connections in his network. I expect we’ll look back and view 2017 as the year IoT attacks really started – and also when we got serious as an industry about preventing them.

Long Shot

Ransomware encroaches on IoT devices

DDoS attacks are one thing, but what about ransomware on IoT devices? Ransomware has traditionally been used to hold an organization’s valuable data hostage by locking down the computers that store that data. Attacks often come into an organization through things like Adobe Flash or executable files.

IoT devices don’t generally store sensitive data and often don’t have the interfaces to deliver ransom notes. Malicious actors of course tend to be motivated by profits and it’s still easier, more efficient, and more profitable today to go after data where it resides. But the vulnerabilities in IOT devices will eventually lend themselves to ransomware that threatens immediate damage – shutting down a power grid or production line, for example.

As we start to see connected devices exploited more often for DDoS attacks, additional kinds of exploits are sure to follow – the question is whether it will become a profitable enough endeavor for bad actors to take mainstream in the next year.

What are your cybersecurity predictions around network security? Share your thoughts in the comments and be sure to stay tuned for the next post in this series where we’ll share predictions for endpoint security.

and

[Palo Alto Networks Research Center]

English
English
Exit mobile version