Software development has emerged as a critical task for organizations looking to compete in the digital economy. It increasingly fuels innovation and even disruption. Yet, building, testing, and verifying major chunks of code usually takes months – and finding the talent to handle the task can be formidable.

Due to the skills gap and to scale delivery, many companies turn to low-code application development platforms to build and deliver applications faster.

Typically, these low-code tools deliver a graphical user interface (GUI) that helps non-technical people — citizen developers, if you will — become involved in the software development process. Rather than a developer typing code line-by-line, these tools assemble building blocks of code that implement the business logic of applications.

Yet, what’s often overlooked in the enthusiasm to adopt low-code tools is that these types of development platforms affect many areas of the enterprise, including identity management and cybersecurity. For example, a low-code application must interoperate with various on-premises systems, as well as cloud identity platforms such as Active Directory, Azure AD, Okta, and others.

The fallout from poor integration with identity systems can be significant, and extremely painful. Especially as business requirements change and an organization needs to start adding new capabilities like passwordless authentication, multi-factor authentication (MFA), identity proofing, user behavior analytics, or complex role- or attribute-based authorization. Without a strong identity management framework in place, managing myriad authorizations and authentications manually can prove difficult and can undermine security, including zero-trust initiatives.

Permissions matter

The complexity of today’s IT environments isn’t lost on anyone. Low-code, while simplifying and speeding software development, introduces challenges. Organizations may find that they are mired in a framework that lacks the flexibility they need to deliver a seamless but highly secure user experience, particularly for complicated role-based access connected to single sign-on (SSO). Updates, changes, and other events can wreak havoc and force teams to push constant application updates to cope with the ever-evolving threat landscape.

For example, the legacy approach of using software development kits (SDKs) to perform identity integrations like adding support for MFA, creates additional layers of complexity. This is the case whether low-code tools are used or not. That’s because the SDK approach establishes a deeply coupled relationship between the applications and the identity system they use. Often each new identity capability that needs to be added requires yet another SDK for integration, which increases interdependencies and the likelihood of failure.

In practical terms, an organization might require different SDKs with different authentication and authorization capabilities, depending on the application and framework it is building or using. However, today’s applications require a more flexible and contextual framework that spans systems and, in some cases, delivers deeper insight into what a user is doing at any given moment.

In fact, migrating away from an SDK-centric approach isn’t just a good idea, it’s vital. What’s more, attempting to circumvent the problem using APIs isn’t particularly helpful because an organization typically winds up with the same basic problem: there’s a high level of complexity tied to a rigid identity framework. Making matters worse, this approach can also introduce security gaps and other weaknesses.

A more manageable approach when using low-code development frameworks to build applications is to connect them to a single abstraction layer for identity services. This addresses three primary challenges associated with identity management in low code environments: moving away from a platform-specific approach, breaking free of low-code tools that tie the application to a specific identity provider, and establishing an identity framework that matches the specific needs of your business.

Abstraction is key

An abstraction layer reduces the load on citizen developers, who lack the technical skills and awareness of security requirements that prevent them from making updates and upgrades or adding new capabilities to keep up with evolving requirements—frequently within a DevOps or DevSecOps environment that is optimized for continuous integration and delivery.

Abstraction also eliminates the need for specific applications to be hardcoded to a specific identity system or API.

In this world, embedded logic is built into the identity framework through a form of distributed intelligence. What’s more, the process takes place without pushing out code and requiring processing on apps. There’s also no need for app owners or identity management providers to play a role in the process.

Abstraction offers another advantage: it handles various standards associated with identity management, including SAML. Most organizations rely on several standards for processes and tasks associated with authorizations and authentications. When using low code tools, overseeing standards and orchestrating them can become cumbersome and unmanageable as well.

As enterprises increasingly turn to low code frameworks to improve performance and lower costs, it’s vital to keep software development and identity in lockstep. Abstraction can help bridge the gap.

from Help Net Security https://ift.tt/lLrA0Kc

The world is shaken by different new crises and cyber events every day. All sectors are affected by the events, either in terms of production, transportation, or security. The intensity and impact of cyber-attacks across all sectors keep rising daily. Traditional threat intelligence solutions are not enough. Therefore, new solutions such as Extended Threat Intelligence are needed.

In 2021, ransomware gangs alone made at least $590 million in profits, according to U.S. Treasury Department. As threat actors leverage more targeted tactics, techniques, and procedures (TTPs) to successfully exploit vulnerable systems, security teams are increasingly looking for laser-focused solutions that would alert them with early-warning signals of cyber threats.

However, isolated cybersecurity services like those involving one-dimensional technologies, are neither sufficient to detect ransomware threats beforehand nor are they effective for industries. In fact, Gartner says in a report published last month that the intersection of many use cases of cybersecurity is confusing for industry actors who do not know which service to prioritize against threats.

But there’s no need to be confused. There are some platforms that bring a new approach that integrates Cyber Threat Intelligence, Digital Risk Protection, and External Attack Surface Management capabilities to realign security thinking from that of a defender to that of an attacker. (The details of these technologies will be explained below.)This can put security teams in various sectors in a better position to detect blindspots before hackers exploit them.

In order to understand the nature of these services, first of all, it is necessary to describe the limits of traditional approaches in cyber security.

What are the limitations of traditional threat intelligence approaches?

Historically threat intelligence was promised to be the first destination to look for the unknowns, however reactive traditional cyber threat intelligence (CTI) programs are unlikely to fill the early warning gap. Limited focus on the dark web data collection and analysis, for example, is one of the drawbacks.

Despite the fact that dark web marketplaces have become a one-stop shop for threat actors who wanted to cash out, according to the 2021 SANS CTI Survey, only 38% of respondents consider the closed and dark web sources as part of their intelligence gathering.

This low level of interest might be a result of a common misconception which is the assumption that the relevant intelligence from deep and dark web sources would be included within public threat feeds and IOCs. This can be true for tactical intelligence but is very limited in terms of gathering company-specific operational and strategical intelligence.

Another contributing factor to this insufficient CTI strategy would be the wrong sense of security disseminated by cybersecurity vendors and technology providers. IOCs fed into the existing security stack have been heavily shown as an ultimate proactive way of preventing cyber threats.

Visibility is a crucial component of cyber defense. It’s essential to know what to protect. Lack of visibility and intelligence around external-facing critical vulnerabilities is another drawback of traditional CTI programs.

According to IBM X-Force Threat Intelligence Index, the share of scan-and-exploit vulnerabilities jumped to be the top infection vector (35%), surpassing phishing. Keeping an up-to-date asset inventory and running continuous scans from an external viewpoint can help vulnerability management teams spot and prioritize the patching of heavily exploited bugs on critical load balancer or VPN technologies such as Citrix, Palo Alto, or Microsoft Exchange.

How do we get to “extended”?: Completing the puzzle

Because of the ideal blend of prevention, response, and strategic perspectives, cybersecurity experts believe that the early warning mechanism should naturally be built around threat intelligence. The purpose of CTI programs is to help security teams fill a knowledge gap about the present and future threats.

Over the past decade, a number of solutions delivering the external threat visibility were also born such as Digital Risk Protection Services (DRPS) and External Attack Surface Management (EASM).

EASM technologies, on the other hand, approach security from the perspective of attackers. Understanding the constantly changing attack landscape through identifying forgotten or shadow assets can assist security teams to spot weaknesses and vulnerabilities early on.

DRPS solutions are generally the go-to solution for enterprises that need extended protection of critical digital assets as well as risks associated with third parties, brands, employees, and VIPs. Stakeholders of DRPS can extend to Fraud Prevention Teams, Executive Board, and other customer-facing departments.

DRPS and EASM technologies allow organizations to handle the monitoring of data sources of many varieties including social media, SSL certificates, domain registrations, vulnerability databases, breach datasets, deep web sources, code repositories, and many others. XTI technology, however, helps reach the full potential of this massive data by generating continuous and actionable intelligence. In fact, Gartner, in another report published in the last months, advocates the view that cyber security service providers should cooperate with DRPS or EASM.

One of the challenges of being a security leader is making the most informed decision to choose from a diverse pool of technologies to prevent data breaches. As the trend of consolidation in cybersecurity is accelerating, solutions that provide similar results but are listed under different market definitions make the job harder.

Meanwhile, security practitioners grapple with a multitude of technologies that generate alerts from various vendors, eventually causing loss of productivity and complexity. The importance of the integration of artificial intelligence with the cyber security sector should be underlined at this point.

A smart combination of AI-powered automation technology and a CTIA team can increase productivity while turning a large alert stream into a massive number of events. Built-in remediation support is also essential for disrupting or analyzing enemy infrastructure as needed.

How does XTI work? How different Extended Threat Intelligence solutions can help companies?

Extended Threat Intelligence can hit the ground and be operational in hours. No need for an excel list of assets or keywords for turning the key. XTI companies like SOCRadar, promise different modules to activate. For example, the first one is External Attack Surface Management (EASM). EASM runs a very detailed digital footprint (DFP) discovery and mapping process which we believe fundamental.

Also, Digital Risk Protection (DRPS) and Cyber Threat Intelligence (CTI) take to the stage of course. Again, to give an example by using auto-discovered digital assets including brand keywords, unified DRPS and CTI technology start collecting and analyzing data across the surface, deep, and dark web to be processed and analyzed in real-time.

The foremost benefit of XTI is that it provides a continuous hacker-view visibility into blind spots to make you proactive against cyber threats. DRPS, EASM, and CTI do not merely coexist within a single platform but it is the close interoperation of these three modules.

Other advantages of XTI are:

• Centralization of external threat intelligence
• Reduced acquisition costs
• Certified Threat Intelligence Analysts (CTIA) who act as an extension of your security team in terms of remediation and response
• Actionable and holistic threat prevention perspective beyond the perimeter
• Eliminated daunting DFIR and threat investigation processes
• Ease and speed of onboarding to defend your enterprise against threat actors and cyber criminals immediately
• Actionable and holistic threat prevention by integrating with your SIEM/SOAR platforms
• Shorten the time and effort of your threat hunting activity with built-in big data platform

from Help Net Security https://ift.tt/EnSDlVR

During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals. These attacks represent a 3% decrease from the record number set during the height of the pandemic but continue at a pace that’s 14% above pre-pandemic levels.

The report details how the second half of 2021 established high-powered botnet armies and rebalanced the scales between volumetric and direct-path (non-spoofed) attacks, creating more sophisticated operating procedures for attackers and adding new tactics, techniques, and methods to their arsenals.

“While it may be tempting to look at the decrease in overall attacks as threat actors scaling back their efforts, we saw significantly higher activity compared to pre-pandemic levels,” said Richard Hummel, threat intelligence lead, NETSCOUT.

“The reality is that attackers are constantly innovating and adapting new techniques, including the use of server-class botnets, DDoS-for-Hire services, and increased used direct-path attacks that continually perpetuate the advancement of the threat landscape.”

Other key findings

DDoS extortion and ransomware operations are on the rise. Three high-profile DDoS extortion campaigns simultaneously operating is a new high. Ransomware gangs including Avaddon, REvil, BlackCat, AvosLocker, and Suncrypt were observed using DDoS to extort victims. Because of their success, ransomware groups have DDoS extortion operators masquerading as affiliates like the recent REvil DDoS Extortion campaign.

VOIP services were targets of DDoS extortion. Worldwide DDoS extortion attack campaigns from the REvil copycat were waged against several VOIP services providers. One VOIP service provider reported $9M-$12M in revenue loss due to DDoS attacks.

DDoS-for-Hire services made attacks easy to launch. NETSCOUT examined 19 DDoS-for-Hire services and their capabilities that eliminate the technical requirements and cost of launching massive DDoS attacks. When combined, they offer more than 200 different attack types.

APAC attacks increased by 7% as other regions subsided. Amid ongoing geopolitical tensions in China, Hong Kong, and Taiwan, the Asia-Pacific region saw the most significant increase in attacks year over year compared to other regions.

Server-class botnet armies arrived. Cybercriminals have not only increased the number of Internet-of-Things (IoT) botnets but have also conscripted high-powered servers and high-capacity network devices, as seen with the GitMirai, Meris, and Dvinis botnets.

Direct-path attacks are gaining in popularity. Adversaries inundated organizations with TCP- and UDP-based floods, otherwise known as direct-path or non-spoofed attacks. Meanwhile, a decrease in some amplification attacks drove down the number of total attacks.

Attackers targeted select industries. Those hardest hit include software publishers (606% increase), insurance agencies and brokers (257% increase), computer manufacturers (162% increase), and colleges, universities, and professional schools (102% increase)

The fastest DDoS attack recorded a 107% year-over-year increase. Using DNS, DNS amplification, ICMP, TCP, ACK, TCP RST, and TCP SYN vectors, the multi-vector attack against a target in Russia recorded 453 Mpps.

from Help Net Security https://ift.tt/h2IWS1C

Styra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during their digital transformation journeys.

As organizations increase adoption, the report outlines why developers and IT decision-makers need a unified approach in addressing security and compliance.

Styra surveyed 350 IT decision-makers and 350 developers that work with cloud-native environments to learn how they view their responsibilities when contributing to digital transformations at their organizations.

Having a unified approach between IT decision makers and developers during the transition to cloud-native is paramount to making internal processes and innovation more efficient.

According to the findings, cloud-native and open-source are booming with IT decision makers (97%) and developers (96%) stating that their organizations plan to expand use over the next 12 months. With this increase in use comes a greater need for security due to rising compliance regulations and ever-evolving cyberattacks.

Both parties stated that they have high confidence in their organizations’ ability to manage security for cloud-based applications, with 97% of IT decision-makers and 96% of developers rating their abilities as strong.

Cloud-native technology security responsibilities

Even with confidence in an organization’s security, IT decision makers and developers need to increase alignment on who owns policy, compliance and cloud security responsibilities in order to make operations seamless. Here is where they currently stand:

Defining policies that control how cloud applications are secured and managed:

• 21% of developers believe IT Infrastructure and Ops Team teams are responsible
• 45% of IT leaders believe its the IT Infrastructure and Ops Team

Proving that applications are compliant internally:

• 22% of developers believe that IT Infrastructure and Ops teams are responsible
• 41% of IT decision makers believe that IT Infrastructure and Ops teams are responsible

Meeting and proving compliance to external auditors:

• 42% of developers said it is the security teams’ job
• 25% of IT decision makers believe it is the security team’s job

“With organizations increasing their investment in cloud-native and open-source technologies, it’s important that teams are aligned when it comes to security,” said Tim Hinrichs, CTO at Styra.

“We’re seeing firsthand in our community the changing dynamics around security and policy, especially with new trends like shift left, everything-as-code and DevSecOps. While it’s great to see both developers and IT decision-makers aligned around the importance of cloud-native security, they need to start looking at it with a unified approach.”

Additional findings

Cloud-native and open-source adoption leads to different challenges:

• Over the next 12 months, 63% of IT decision makers believe training employees to use cloud-native and open-source tools is the biggest challenge
• Over the next 12 months, 70% of developers believe onboarding each piece of new technology and phasing out old technology is the biggest challenge

IT decision makers and developers have different priorities in mind:

• Developers believe migrating legacy applications to the cloud (67%) and building production, customer-facing cloud applications (66%) should come first
• IT decision makers slightly differ, believing enhancing data privacy security measures (77%) and then migrating legacy applications to the cloud (59%) should be prioritized
• Both parties (IT leaders – 57%, developers – 65%) believe building a proof-of-concept application in the cloud should come third

“These findings prove that IT decision makers and developers need to work together as they take on accelerated adoption of open-source and cloud-native tools,” said Hinrichs.

from Help Net Security https://ift.tt/AEaKodq

A research from Bright Data has highlighted the importance of data in virtual environments such as the metaverse.

The survey, conducted by Vanson Bourne, generated insights from 400 IT and technology industry leaders across the US and UK, showed 54% of respondents believe that data will be vital in sustaining the metaverse.

To support their metaverse strategy, 84% of leaders across the IT, telecom, and technology sectors say they are planning to look at procure data intelligence solutions to be deployed inside virtual worlds in the next two years. Such technologies are important to tech industry leaders and their businesses as they measure data outputted by AR and VR technologies as well as capture any other publicly available data.

Since first being discussed in 2021 the metaverse has been a hot topic and is widely seen as the next frontier in business and technology. Although we are in the early days of these virtual spaces, many respondents expressed concerns around data ‘compliance and standards’ (47%) and ‘employee experience of time and space’ (38%) inside metaverses. These concerns demonstrate the need for unified metaverse standards and practices as well as a code of conduct for collecting different types of data.

Data is essential to the success of the metaverse

60% of all IT and technology leaders planning to integrate business operations within the metaverse are worried about ‘data’ and ‘security’. The findings are the latest of many to suggest that – though data is essential to the success of the metaverse – there remain serious unresolved questions about how it will be captured and used.

“This is nascent technology, unfamiliar to consumers and business leaders alike, which is why we’re thrilled to be leading the conversation around data use in the metaverse”, said Or Lenchner, CEO at Bright Data.

“We now know that organizations rely on public web data to support the most strategic decision-making. The metaverse will add a new layer to this – revealing millions of additional public data points. As such, it is clear that data solutions will play a key role in connecting organizations to their customers or employees in the metaverse, helping to uncover hidden insights”, added Lenchner.

“However, I must caution and stress the need to collect data responsibly and intelligently in the metaverse and avoid at all costs harming the overall data ecosystem. It’s an exciting frontier for all, especially for those within the data space. But we must be prepared to measure exactly how much as well as the types of data that organizations require in planning their future business direction”, concluded Lenchner.

Other key findings

• 57% of IT and technology leader respondents claim to be fully up to speed with how he metaverse operates.
• 89% of respondents consider data generated by the metaverse will either be very important (55%) or quite important (35%) for their business operations.
• 97% of respondents think data will either be vital (54%) or quite important (43%) to sustaining the metaverse in general.

from Help Net Security https://ift.tt/S1m2AiC

The global operational risk management solution market size is expected to grow from $1,656.4 million in 2021 to $3,098.0 million by 2028; operational risk management solution market share is estimated to grow at a CAGR of 9.4% from 2021 to 2028, according to ResearchAndMarkets.

After the COVID-19 pandemic, corporate players have introduced changes in their operations by enabling flexible work schedules, allowing remote working, and enhancing the employee experience. The hybrid work models are defined as a more flexible, digital, and rewarding future for their employees.

According to an article published by GENESIS INTEGRATION, 55% of the US workers want a work pattern that allows the mix of working from home and office. The article data also reveals that more than 2 in 5 working adults (42%) are willing to give up some percentage of their salary for higher flexibility at work.

Further, 74% of newer generation would prefer either working from home or splitting work time between home and work, as per the article published by GENESIS INTEGRATION. The rising adoption of a potentially permanent hybrid workforce has led to an increase in operational risk management solutions due to the rise in cybersecurity attacks with remote working.

Further, businesses also need to address the increasing risk of internal fraud. According to the article by Risk Management Intelligence in October 2021, employee fraud cases in Asia Pacific region have increased over the past year in the COVID-19 pandemic. Some of the essential risks include procurement fraud, cash theft, and falsification of expense claims.

Operational risk management solutions demand increase

Business processes will continue to transform in hybrid working environments, thereby increasing the demand for operational risk management solutions due to high risks. Internal controls and business continuity plans need to be reassessed and audited to ensure that operational and process risks are correctly mapped out and mitigated. Also, with increasing reliance on third-party service providers, including technology and business process outsourcing providers, organizations need to strengthen their third-party risk management strategy.

Hence, with the rising adoption of the hybrid workforce model in the current scenario, several risks are also increasing, such as cybersecurity, internal fraud, and business process risks. Therefore, the growing implementation of hybrid work culture is creating significant opportunities for the future growth of the operational risk management solution market industry players.

In 2020, the COVID-19 pandemic had contributed to the operational risk management solution market growth, as millions of employees worked remotely. Such standard protective measures have resulted in the increased usage of third-party networks, digital platforms, and personal computing devices.

Further, such network connectivity solutions increase the risks of cyberattacks and other malware. Furthermore, the surge in digital traffic presented an opportunity to numerous online frauds, phishing attacks, denial of inventory, and ransomware attacks.

According to the Global DNS Threat report, in 2021, 79% of global organizations experienced domain name system (DNS) attacks in 2020. Furthermore, the top DNS attacks included DNS phishing (~39%), DNS malware (~34%), distributed denial of service (DDoS) attacks (~27%), DNS hijacking/attacks (~12%), DNS tunneling (~17%), zero-day vulnerabilities (~16%), and cloud instance misconfiguration abuse (~13%)., Enterprises are adopting advanced operational risk management solutions to detect and manage any abnormal behaviour in the networks due to the increased risks of cybercrimes.

Reasons to buy

• Save and reduce time carrying out entry-level research by identifying the growth, size, leading players, and segments in the operational risk management solution market
• Highlights key business priorities in order to assist companies to realign their business strategies
• The key findings and recommendations highlight crucial progressive industry trends in the operational risk management solution market thereby allowing players across the value chain to develop effective long-term strategies
• Develop/modify business expansion plans by using substantial growth offering developed and emerging markets
• Scrutinize in-depth global market trends and outlook coupled with the factors driving the market, as well as those hindering it
• Enhance the decision-making process by understanding the strategies that underpin commercial interest with respect to client products, segmentation, pricing, and distribution

from Help Net Security https://ift.tt/T9jpzPg

(ISC)² published the agenda for its SECURE London event taking place on April 7, 2022 at BMA House.

With a focus on the most topical issues impacting organisations of all sizes, this one-day event will bring together information security professionals from across the UK and further afield to network with peers and explore the issues impacting cybersecurity today. Attendees can expect interactive breakout sessions focused on important topics such as:

• Ransomware incidents: How to prepare, how to respond featuring real-world examples
• Never trust, always verify: The Benefits and challenges of zero trust migrations
• Which leading cloud provider has the most effective security features – AWS, Azure or Google Cloud (GCP)?
• How should we deal with users causing cyber breaches?
• Cyber resiliency and the power of a diverse ecosystem

“While many cybersecurity challenges transcend geographical borders, there are issues specific to each region,” said Clar Rosso, CEO, (ISC)². “In the UK, cybersecurity professionals juggle evolving data privacy and cybersecurity regulations on top of dealing with a cybersecurity workforce gap of 33,000 professionals. With SECURE London—and all SECURE events—we’ll bring together industry professionals to learn new approaches and share real-world insights that address the complex cybersecurity challenges across organisations.”

The event also includes expert presentations from:

• Laurie-Anne Bourdain, Data Protection Officer, Isabel Group
• Joseph Carson, Chief Security Scientist and Advisory CISO, Thycotic
• Dave Cartwright, Head of IT Risk and Security, Standard Bank
• Alex Haynes, CISO, CDL
• Heather Lowrie, Head of Security, Risk, and Resilience (Interim), National Records of Scotland
• Paul Schwarzenberger, MSc, CISSP, CCSP, Cloud Security Specialist, Celidor
• Jon France, CISO of (ISC)²

SECURE London is open to both (ISC)² members and non-members. Members can earn Continuing Professional Education (CPE) credits for their attendance. Cybersecurity professionals in every stage of their career are encouraged to participate, from those new to the field, to established experts and seasoned practitioners.

from Help Net Security https://ift.tt/n4hYNtm