Tech Docs: Traps Management Service Updates Are Live!
The May release of the Traps management service is now available and introduces the following key features and capabilities:
- Traps for Android — You can now protect your Android endpoints from malware using the new Traps app for Android. To get your end users started with Traps for Android, you create a custom installation URL from the Traps management service and send it to your users. Your custom URL contains a distribution ID for your Traps management service tenant which ties the Android endpoint to your tenant. After you install Traps for Android, you can use the Traps management service to manage your Android endpoints and view details about the threats and events reported by your Android endpoints. Traps for Android is supported on Android 4.4 and later releases.
- File Analytics — The Traps management service now provides detailed file analytics for the files that attempt to run on Windows and Mac endpoints in your organization.
- Child Process Execution Criteria — You can now allow specific parent processes to launch child processes and optionally configure execution criteria based on command line parameters.
- Windows Security Center Registration — You can now customize the registration behavior for Traps and the Windows Security Center.
- Delete an Endpoint — This feature enables you to manually remove an endpoint from the Traps management service (Endpoints view) and returns its license to the license pool.
For more details on the new features, please refer to the following resources:
- Traps Management Service Release Notes
- Traps Management Service Administrator’s Guide
- Traps Agent Administrator’s Guide
Happy reading!
Your friendly Technical Documentation team
Have questions? Contact us at documentation@paloaltonetworks.com.
[Palo Alto Networks Research Center]
IS THE CISO WELL POSITIONED TO MITIGATE OPERATIONAL RISK?
by Tamer Gamali, CISSP, CISO Mashreq Bank, and member of the (ISC)² EMEA Advisory Council
Is the CISO well positioned to mitigate operational risk? (ISC)² will be asking this probing question of Security leaders at the kick-off session for Infosecurity Europe’s Leaders Programme in London next month. A round table discussion conducted under the Chatham House Rule, the session creates an opportunity to offer up frank comment and illuminate the challenges currently hampering companies from appreciating and truly gaining control of cyber risks. Infosecurity Europe’s Leaders Programme is open to CISOs and Heads of Information Security, who are the final decision-makers and budget holders for information security in end-user organisations, making this a bespoke session for those charged with managing the risks. It’s also a continuation of a discussion we started in Abu Dhabi at Infosecurity Middle East in March which proved to be very enlightening.
We had 10 participants sitting around the table in Abu Dhabi, all with CISO-level responsibilities representing government, at city and national levels, small companies and larger corporations. Overall, the group confirmed a persistent governance challenge when it comes to mitigating cyber security risk, despite the acknowledgement of a National Framework and/or documented company policy and procedures. Understanding what should be done, it seems, is proving not enough: organisations must also build in the motivation and influence across their management structure to get it done.
The group confirmed, for example, that the status of a project or its business owner, is more likely to determine whether it goes forward without sign off from the security experts, than the understood risks. In all cases, participants felt they couldn’t always put their hand up and highlight concerns, even when there was a security governance committee in place: if a project was considered critical or high -profile the chief motivation is to deliver making it likely to move ahead into production with the risks logged in a risk register. The group also revealed that increasing levels of risks logged in this way were being realized within months.
Clear lines of accountability proved to be another concern. Participants noted the existence of many consultants and recommenders, but very few approvers in the security and risk governance process. In the best-case scenario, particularly within government, a governance committee will have authority to veto acceptance of risk by a business owner, yet the veto occurring will still be determined by the criticality of the project, not necessarily the level of risk. Further, all described an unhealthy relationship with auditing grounded in the belief that auditors are biased to find something wrong rather than contribute to development, while traditional auditors lack the skill needed for cyber.
Overall the group concluded that there is no single model for security governance, including the auditing stages, but there are some intangible yet clear shortcomings that must be recognised and accepted. Ensuring the right level of influence and a healthier balance of considerations is needed. Regulators are recognising this and some, including within the UAE, are requiring the appointment of a CISO accountable for regularly updated plans within particular sectors. Clearly, greater visibility and co-ordination of the overall risk will be required if CISOs, and the organisations that appoint them are going to live up to the expectation. Frameworks, best practice and policies must be backed up by a process to document that they have been followed and best efforts made.
As a Chief Information Security Officer (CISO) based in Dubai with over 12 years working in this capacity within financial services, and a volunteer member of (ISC)²’s EMEA Advisory Council, I am
keen to help companies develop a deeper understanding of how operational risks are evolving with cyberthreats. As every company marches toward their own digital agenda, I believe that the CISO will increasingly play a strategic, not just supporting role. A well-positioned, business-aligned CISO can help align corporate priorities so that security issues can be properly addressed as companies increase their dependency on technology and, therefore, the capacity to address the risks properly.
I look forward to continuing and sharing more insights from the discussion in London, June 5 at 10:30am. To join us, qualifying Infosecurity Europe delegates must register for a Leaders Pass, which also gives them access to a Leaders Lounge and networking opportunities, in addition to the round tables. Learn more, and register to join us.
[(ISC)² Blog]
Cloud Security Alliance Announces FedSTAR, a New Joint Certification System with FedRAMP
Seattle, WA– May 14, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announces that it has partnered with the Federal Risk and Authorization Management Program (FedRAMP), at the U.S. General Services Administration (GSA). The two programs will work together to develop FedSTAR that offers mutual recognition between the two security programs based on a common framework for deployment, use and maintenance.
“FedRAMP and CSA’s STAR are among the most used cloud certifications world-wide, however, because they are deployed separately and incompatible, cloud service providers (CSP) spend valuable resources in duplicating efforts to comply with both systems,” said Kate Lewin, Federal Director, Cloud Security Alliance.
“Complying with multiple systems is not only confusing, costly and ineffective, but acts as a barrier to market entry for smaller companies. That’s about to change with the development of FedSTAR. Now, CSPs will be able to earn two certifications with one audit, saving both time and money,” she added.
Cloud service providers are in desperate need of tools they can use to analyze and assess their security posture, as well as use to conduct continuous monitoring. FedSTAR will provide processes and methodologies that allow CSPs to stop replicating steps that are common between FedRAMP and STAR. This collaboration will demonstrate the effectiveness and efficiency of joint efforts with the U.S. Government and industry to reduce compliance burdens on private-sector companies.
CSA and the GSA have agreed to establish a working group to begin work on bridging the gaps. The group will engage independent, third-party assessor companies to conduct a gap analysis between STAR and FedRAMP controls.
Further, the working group will seek input from all stakeholders, including cloud service providers, the security community (CISOs, risk managers) and Federal government as it sets out to determine which processes and procedures from each system can be recognized and accepted by both, including the Independent Third-Party Assessors certification processes, documentation format, and standards for mutual acceptance. Individuals and organizations interested in participating in the working group are invited to contact Katie Lewin, Federal Director, CSA.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security- specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
Media Contact
Kari Walker for the CSA
ZAG Communications
703.928.9996
kari@zagcommunications.com
[Cloud Security Alliance Research News]
The Impact of Net Neutrality on Cloud Computing
It became unlawful for broadband providers to decide to slow down or block certain web traffic when the 2015 regulations were enacted by the FCC. Actually, the 2015 rules did not incorporate enterprise web access, which is often custom. They did, however, safeguard the flow of data to small businesses.
FCC chair Ajit Pai and other lawmakers take the position that the policies and practices of net neutrality are unnecessary rules which make it less likely that people will invest in broadband networks, placing an unfair strain on internet service providers (ISPs). That perspective does not seem to be aligned with that of the public, according to a poll from the University of Maryland showing that 83% of voters favored keeping the net neutrality rules in place.
What is net neutrality, exactly?
The basic notion behind the concept of net neutrality, according to a report by Don Sheppard in IT World Canada, is that the government should ensure that both all bits of data and all information providers are treated in the same way.
Net neutrality makes it illegal to have paid priority traffic, throttle, block, or perform similar tasks (see below).
Sheppard noted that there are two basic technical principles related to internet standards that are part of the basis for net neutrality:
- End-to-end principle – Functions related to applications should not take place at intermediate nodes but instead at endpoints within networks used for general purposes.
- Best efforts delivery – There can be no performance guarantee but instead a demand for best efforts for equal, nondiscriminatory packet delivery.
IoT: harder for startups to compete?
Growth of the Internet of Things (IoT) is closely connected to the expansion of cloud computing – since the former standard uses the latter as its backend. In terms of impact on the IoT, Nick Brown noted in IOT For All that the repeal of net neutrality will result in an uneven playing field in which it will become more difficult for smaller organizations, while larger firms will be able to form tighter relationships with ISPs.
The issue of greater latency is key to the removal of net neutrality, because latency could arise as sites are throttled (decelerated). The reason that throttling would occur between one device and another is that ISPs may want some devices (perhaps ones they build themselves) to have better performance than others.
Some people think the impact of the net neutrality repeal on the IoT will be relatively minor. However, many thought leaders think there will be a significant effect since IoT devices rely so heavily on real-time analysis.
Entering a pay-to-play era
Throttling, or slowing throughput, could occur with video streaming services and other sites. Individual cloud services could be throttled. Enterprises could have difficulty with apps that they host in their own data centers, too, since those apps require a fast internet connection to function as well.
There will be a pay-to-play scenario for web traffic instead of just using bandwidth to set prices, according to Forrester infrastructure analyst Sophia Vargas.
There is competition between wired and wireless services that has resulted from changes to their pricing models following the repeal of net neutrality, said Vargas. The pricing is per bandwidth for wired, landline services, while it is per data for wireless services. Wireless services will have the most difficulty because wired services are controlled by a smaller number of ISPs.
There will be more negotiations and volatility in the wireless than in the wired market, noted Vargas. Competition is occurring “in the ability for enterprises to essentially own or get more dedicated [wired] circuits for themselves to guarantee the quality of service on the backend,” she added.
Does net neutrality really matter?
The extent to which people are committing themselves to one side or the other gives a sense of how critical net neutrality is from a political, commercial and technical perspective. A consumer should be aware of the potential for companies to mistreat them without these protections in place (which is not to say those abuses will occur).
Ways that ISPs could perform in a manner that go against the precepts of net neutrality are:
- Throttling – Some services or sites could be treated with slower or faster speeds.
- Blocking – Getting to the services or sites of competitors to the ISP could become impossible because those sites are blocked.
- Paid prioritization – Certain websites, such as social media powerhouses, could pay to get better performance (in reliability and speed) than is granted to competitors that may not have the same capital to influence the ISP.
- Cross-subsidization – This process occurs when a provider offers discounted or free access to additional services.
- Redirection – Web traffic is sent from a user’s intended site to a competitor’s site.
Rethinking mobile apps
Another aspect of technology that will need to be rethought in the post-repeal world is improving efficiency by developing less resource-intensive mobile apps that are delivered through more geographically distributed infrastructure. Local caching could also help, and delivery of apps that serve video and images should potentially be restructured.
You can already look at file size to create better balance in the way you deliver video and images to mobile users. However, the rendering, quantity that is stream-loaded (to avoid additional pings), and other aspects are optimized with net neutrality as a given.
Providers of content delivery networks (CDNs) will need to re-strategize the methods they use to optimize enterprise traffic.
Cost has been relatively controlled in the past, according to Vargas. There is an arena of performance management and wireless area network (WAN) optimization software that was created to manage speed and reliability for data centers and mobile. Those applications will no longer work correctly because they were engineered with traffic equality as a defining principle. Hence, providers will have to adapt to meet the guidelines of the new paradigm.
Marty Puranik, CEO, Atlantic.Net
[ISACA Now Blog]
