Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
  • News

    Does TikTok pose a potential threat to your Network?

     

    TikTok is “unacceptable security risk” and should be removed from app stores, says FCC

     In an article on Malwarebytes labs, we read that Brendan Carr, the commissioner of the FCC (Federal Communications Commission), told Tim Cook and Sundar Pichai that “TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data.”

     

    TikTok’s Data collection and unclear use of that data

    Some of the data that TikTok is said to collect, includes but is not limited to, search and browsing histories; keystroke patterns; bio-metric identifiers—including face-prints. On top of these slices of personal data, TikTok may also collect voice prints—location data; draft messages; metadata; and data stored on the clipboard, including text, images, and videos.

    Now, this is not something unheard of as numerous apps collect and store personal data. This is a non-issue for apps that are clear about collecting data, but these must also say how they use the data they collect. TikTok, it appears, is one of those apps that does not abide by the data collection and storage clause.

    In the letter from Carr, he states:

    “Numerous provisions of the Apple App Store and Google Play Store policies are relevant to TikTok’s pattern of surreptitious data practices—a pattern that runs contrary to its repeated representations,”

    “For instance, Section 5.1.2(i) of the Apple App Store Review Guidelines states that an app developer ‘must provide access to information about how and where the data [of an individual will be used’ and ‘[d]ata collected from apps may only be shared with third parties to improve the app or serve advertising.”

     

    How might this impact Network Security?

    You should consider how TikTok’s unclear data collection might affect your network security in two ways:

    1. Personal TikTok accounts
    2. Business TikTok accounts

    When you see TikTok, some of you will assume this does not apply to you, however whether you have your own TikTok account or not, you should evaluate if anyone else in your family or friends are using their TikTok account on your home network/Wi-Fi. This is a concern where you work from home on the potentially compromised connection or if you have a work mobile phone that is connected to your home network.

    If a hacker uses the data collected from a TikTok account to gain access to your home network, you are already compromised, and give the attacker a way in to your organisations network.

    In addition, when you think of the prevalence of Social Media accounts in digital marketing strategies across industries, it would not be unusual for a company to have a TikTok account. The threat and potential for a network attack is increased ten-fold when you have a member of staff using a device on your organizations network to update a company TikTok.

     

    If you are concerned about your network, you can talk to one of our Ward Solutions Specialists and we can talk you through your best plan of action

    If you would like to do some more investigation into your options, you can download our Infographic on network security.

    We at Ward solutions understand the difficulties in employing an organic model that allows for scalability. Your SOC and NOC team are more than likely at maximum capacity when it comes to dealing with ransomware attacks. Our experts provide a 24 x7 model with OPEX opportunities that allow teams within the organisation feel relaxed knowing our team is there to help.

    Ward Solutions is a full service, full security lifecycle provider. If you don’t have the right manpower, tools and expertise then consider partnering with a Security consultancy and managed cloud security service provider with the knowledge and skills to help supply or augment your CISO, Security engineering and security operations resources. Talk to us today to see how we can help.

     

    News

    What are the benefits of ZTNA & SD-WAN:

     

    What are the benefits of ZTNA & SD-WAN:

    According to our partners Fortinet, Using SD-WAN to improve WAN efficiency does not have to compromise security. The business outcomes deliver several key benefits including:

    • Better application experience
    • Instant ROI benefits
    • Automation for a simple connectivity
    • Consistent security at all edges

    FortinetSecure SD-WAN solution protects an organization’s critical data and applications from a full range of threats, including intrusion prevention, web filtering, and more. IT teams can manage their networks easier than ever but with improved connectivity, increased cost savings, and greater security1

    The right SD‑WAN solution is critical to get the benefits of digital acceleration without putting security or app performance at risk, or affecting end-user productivity. SD-WAN can address:

    • Security
    • Application performance
    • Cloud on-ramp
    • Operations

    The best strategies for address a complex network environment are consolidation and integration. An SD-WAN can be part of a next-generation firewall (NGFW). Deploying a common next-generation firewall (NGFW) platform as the backbone of a unified security strategy enables end-to-end visibility, ease of management and control, and consistent enforcement across the network

    Organizations still use a traditional architecture to bond offices to the data centre for application access. However, with the implementation of Hybrid working and applications scattered across multi-cloud/SaaS, this legacy network design is an obstacle for digital acceleration and creates user experience challenges. Organizations that want to have better user productivity and secure network edges need to invest in a modern network architecture.

     

    How SD-WAN with built-in ZTNA works

    A remote employee opens a cloud-based application from their device. A ZTNA client installed on that device automatically creates a secure connection to an SD-WAN device with an integrated ZTNA access proxy. The SD-WAN solution then creates a secure and optimized connection to the requested application. It provides continuous monitoring to ensure application performance and identify malicious content or unusual user or device behavior. And all of this happens automatically and seamlessly. The user does not have to initiate anything.

    This process uses every element of this third generation of SD-WAN to ensures three things. First, it uses ZTNA to ensure that users can only access those applications to which they are explicitly entitled. Second, ZTNA and the built-in security work together to ensure that every connection is secured end-to-end. And third, SD-WAN constantly monitors connections to ensure that they are being optimized, so the user has the best possible user experience.

    This integrated approach enables organizations to provide consistent quality of experience for users even as they move from one work environment to the next. And because it extends WAN connectivity and security to every remote worker, it increases an organization’s security posture effectiveness. And perhaps just as importantly, it allows organizations to eliminate device sprawl by integrating an entire portfolio of enterprise-grade security, advanced routing, optimized connectivity, and application acceleration tools into a single platform. And when those elements all run on the same operating system, it has the added advantage of providing single-plane-of-glass insight into the entire system, end-to-end. Organizations can create, distribute, orchestrate, and enforce one policy consistently across all edges, including off- and on-network users, to protect the entire digital attack surface.

    Security is Essential

    As organizations continue to adapt their networks to meet new needs, office space may not be essential anymore, but security is. It needs to follow data and applications from end-to-end, regardless of how rapidly the underlying network changes or adapts. Doing so is critical to enable flexible, anywhere, anytime, secure remote access.

    Because networks are so dynamic and resources have to be protected along the entire data path, security and networking need to function as a unified system. Security and the associated visibility and control required can’t be extended unless you can simplify management and centralize orchestration. But when you have several dozen different security solutions from different vendors deployed in different parts of your network, visibility and control is almost impossible.

    Today, organizations need a suite of advanced security and networking functions that extend to every user, device, or application with centralized orchestration and threat intelligence collection and correlation to enable coordinated responses to malicious attacks across the entire distributed network.

     

    We at Ward solutions understand the difficulties in employing an organic model that allows for scalability. Your SOC and NOC team are more than likely at maximum capacity when it comes to dealing with ransomware attacks. Our experts provide a 24 x7 model with OPEX opportunities that allow teams within the organisation feel relaxed knowing our team is there to help.

    Ward Solutions is a full service, full security lifecycle provider. If you don’t have the right manpower, tools and expertise then consider partnering with a Security consultancy and managed cloud security service provider with the knowledge and skills to help supply or augment your CISO, Security engineering and security operations resources. Talk to us today to see how we can help.

    “Fortinet Cloud Security empowers organizations to achieve digital acceleration by securing every application journey on any cloud. Delivering consistent policies and centralized management and visibility, along with security automation across all clouds and hybrid clouds, organizations can securely build, deploy, and run applications while reducing deployment complexity and increasing effective security and response. With tight integrations across cloud platforms, flexible consumption models, and wide range deployment choices across hardware and virtual appliances, and SaaS, Fortinet Cloud Security supports all cloud use cases, no matter where the customer is in their application journey and how those journeys evolve. 2022 Fortinet. All Rights Reserved.”

     

    1: https://www.hcltech.com/blogs/realigning-network-and-security-cloud-migration-making-business-case-cloud-mindset

    2: Fortinet

     

     

     

    News

    XDR: Expectation Vs Reality

    Last year XDR was listed as one of Gartner’s Top 10 Security Projects for 2020-2021. XDR (extended detection and response) had freshly emerged as a new approach to proactive protection against modern attacks. Now in 2022, Cybersecurity environments are becoming more complex and as a result, security teams have to navigate a multitude of security threats.

     

    So that raises the question, how does XDR differ from a traditional SIEM?

    The concept of XDR had shown promise to transform the scale and efficiency of a security operations function.  While tackling the ever-evolving threats within the cybersecurity landscape, Security Operation Centres (SOCs) are constantly adapting and modernising their technology foundations.

    Extended detection and response (XDR) should be a cornerstone of every security strategy, for its ability to focus on networks, identities, and cloud. Powered by machine learning, analytics and automation, XDR detects and prevents cyber security threats.

     

    A brief review, what is XDR?

    It is an approach to security that, as the name suggests, extends detection and response throughout the company. It starts with the user, continually monitoring through the network and into the cloud. Using machine learning, analytics and automation, it can provide security operations teams with threat visibility wherever data and applications reside.

     

    According to IBM:

    “Core components of an XDR architecture include federation of security signals, higher-level behavioral and cross-correlated analytics, and closed-loop and highly automated responses. This creates a truly unified experience supported by a solutions architecture that equals more than the sum of its parts”

     

    What are the benefits of XDR?

    XDR is an integrated, cross platform detecting and response solution. A security operations team must view XDR as an alternative to traditional reactive approaches that provide only layered visibility into attacks, such as endpoint detection and response, network traffic analysis and SIEM.

    As IBM explains it:

    “XDR is not just a place where you consolidate security signals but a place where you can run more advanced, correlated analytics”

    As per the Forrester Wave for Security Analytics Platforms Report, security analytics and endpoint detection and response have been on a “collision course” for some time. Meaning that intertwining these areas of a security strategy can bring about

    “Highly enriched telemetry, speedy investigations, and automated response actions.”

     

    With XDR, security teams can:

    • Identify hidden, stealthy, and sophisticated threats proactively and quickly.
    • Track threats across any source or location within the organisation.
    • Increase the productivity of the people operating the technology.
    • Get more out of their security investments; and,
    • Conclude investigations more efficiently.

    From a business perspective, XDR can enable organisations to prevent successful attacks as well as simplify and strengthen security processes. This, in turn, enables them to better serve users and accelerate digital transformation initiatives – because when users, data and applications are protected, companies can focus on strategic priorities.

     

    Ward Solutions is a full service, full security lifecycle provider. If you don’t have the right manpower, tools and expertise then consider partnering with a Security consultancy and managed cloud security service provider with the knowledge and skills to help supply or augment your CISO, Security engineering and security operations resources. Talk to us today to see how we can help

    Is your network secure enough to undergo a Cloud Migration (1) News

    Is your network secure enough to undergo a Cloud…

    Is your network secure enough to undergo a Cloud Migration (1)

     

    The current Cloud landscape:

    “Experts predict that the cloud service market will be worth a whopping USD 623.3 billion by 2023. Among the several factors enterprises consider when choosing cloud services, optimising costs is right on top. After all, successful cloud transformation allows an organisation to shift operational costs from a CAPEX model to an OPEX model.”  1

    Many industry leaders are moving to the cloud for a number of reasons. Some of the top motivators are:

    • Maintain regulatory reporting requirements and compliance
    • Deliver innovative products and services for customers
    • Reduce costs and increase operational efficiency
    • Modernize legacy infrastructure
    • Gain insights and detect fraud through advanced analytics and machine learning

    As organizations chase their digital acceleration initiatives, it is critical they successfully secure and execute their cloud migration journey. To be competitive and successful in today’s business landscape, the execution of a secure cloud migration journey is key

    Even when institutions are aiming to move to a cloud native network there will be critical applications that will need to be maintained on-premises for legacy. In the long run, this creates complexity, overhead, and security challenges that work against the spirit of digital acceleration.

    To successfully secure and achieve your digital acceleration goals without compromise, a flexible, well-integrated security solution should be considered an essential investment.

    “Not only will this allow organizations the ability to secure any application journey on any cloud, but it will also empower them with the freedom and flexibility to evolve as needed, building upon today’s investment for tomorrow’s journey. “ 2

    Challenges and solutions when expanding to the cloud:

    1. The Challenge: To take advantage of the services, solutions, and scale it offers, we want to move to the Cloud. However, our business runs on critical workloads that contain valuable data we cannot afford to lose.

    Solution: Your cloud migration needs to be secure. To confidently move your business-critical workloads and data to the cloud, it is essential to incorporate resilience, security and speed into your migration plan

    1. The Challenge: We have data and applications running everywhere, from legacy workloads on-premises, to various SaaS applications, to new deployments in multiple clouds

    Solution: Defending is essential in protecting your digital landscape. A unified operating environment and consistent policies will be key in creating a strong defence. Simple and automated threat defences will create a smooth path for deployment in multiple clouds.

    1. Challenge: We operate in a hybrid environment with people working anywhere and using various devices to access data and services in multiple places. How do we help employees securely access the tools they need from anywhere on any device?

    Solution: Empower distributed and hybrid workforces. Deliver a seamless and secure user experience independent of location or device.

    1. Challenge: We need to quickly iterate on customer feedback and respond to new market forces. The cloud lets developers work faster but introduces the potential for new risks

    Solution: Encourage and Foster a culture of innovation. Allow your developers to invest in time to build, test, and iterate quickly in any cloud environment with built-in security by design.

    1. Challenge: We need to provide customers with personalized experiences based on what we know about them from data gathered across multiple channels

    Solution: To combine data sources and tailor new experiences for customers in real time create engaging, seamless, personalized experiences for customers by securely unlocking the value of data in real time.

    We at Ward solutions understand the difficulties in employing an organic model that allows for scalability. Your SOC and NOC team are more than likely at maximum capacity when it comes to dealing with ransomware attacks. Our experts provide a 24 x7 model with OPEX opportunities that allow teams within the organisation feel relaxed knowing our team is there to help.

    Ward Solutions is a full service, full security lifecycle provider. If you don’t have the right manpower, tools and expertise then consider partnering with a Security consultancy and managed cloud security service provider with the knowledge and skills to help supply or augment your CISO, Security engineering and security operations resources. Talk to us today to see how we can help.

    “Fortinet Cloud Security empowers organizations to achieve digital acceleration by securing every application journey on any cloud. Delivering consistent policies and centralized management and visibility, along with security automation across all clouds and hybrid clouds, organizations can securely build, deploy, and run applications while reducing deployment complexity and increasing effective security and response. With tight integrations across cloud platforms, flexible consumption models, and wide range deployment choices across hardware and virtual appliances, and SaaS, Fortinet Cloud Security supports all cloud use cases, no matter where the customer is in their application journey and how those journeys evolve. 2022 Fortinet. All Rights Reserved.”

    1: https://www.hcltech.com/blogs/realigning-network-and-security-cloud-migration-making-business-case-cloud-mindset

    2: Fortinet

    Image: Secure any application on any cloud with Fortinet: Fortinet inc.

     

    Network security assessmentCan your network protect you against current Ransomware trends

     

     

    Careers

    I love that rainbow flag momma!

    Sharon Walsh, Enterprise Account Manager

    “I love that rainbow flag Momma” came the chirpy little voice of my 5-year-old son from behind me in his car seat on our morning drive to playschool. Head tilted, admiring the flag in front of the secondary school on our route. “Me too Ben” I reply. Then the question “What’s it for? Which country?, “Oh, it’s not for any country Ben” I reply ”Its, eh…it stands for equality…you know, that everybody is equal and we all deserve to be treated fairly”. “Haha that’s funny Momma, I just like the colours anyway”, His bemused little face quickly moving on to the next pressing topic of the day, why his bagel got more toasted on one side than the other!

    Long after he had run off happily with his friends however his question was still swirling around my head, something about my answer really niggling and irritating me a few hours into my work day. He asked me a direct question, why did I not give him a direct answer? My internal chatter was now on overdrive, with the volume up. I didn’t lie, the flag does represent equality but it was not the answer to the question. The answer was ‘It’s the Gay Pride flag’. I’m a gay woman, married to another woman and since our two boys were babies we’ve told them the story of how they came to be, we’ve explained about all of the different family dynamics that exist and the fact that they have two Mums doesn’t cost them a thought. They are blissfully and beautifully unaware that our family dynamic might be considered unusual or different to others. So again, I wonder, why I answered him in a roundabout way earlier that morning. Like a politician swerving the actual question. Giving a bland and ‘safe’ answer. And I realised eventually that it’s a habit that I’ve become so adept at over the years that I don’t even realise I’m doing it at times- circling around an answer, being vague, not correcting someone on their presumption- not lying but not always telling the truth.

    I have not experienced a lot of homophobia in my life, at least not the aggressive sort. The odd leery comment in a bar or a jeer walking down the street if holding hands with someone. Nothing that has kept me awake at night luckily. I know not all gay people in this country are so fortunate and that horrendous abuse and hate crimes still go on sadly. Overall, though, Ireland has come a long way in the last 20 years, the vast majority of gay people can live their lives openly and freely without fear or prejudice, and I’m so grateful to those who have gone before me and paved the way. I am grateful to work for an organisation where diversity is valued and people are absolutely treated fairly and with respect. However, I do think, at least for me, that sometimes from a place of fear and self-preservation that you might not even be aware of, comes a mental toll you pay. That is in the unsaid. The younger me who didn’t exactly lie to my parents but didn’t tell the truth either. The me who didn’t correct the person who presumed I had a husband and not a wife. The me who swerved the work event where significant others were invited… I’m laughing internally at the level introspection that one little question this morning has caused for me! For me though, that moment of clarity…probably combined with that thing that happens as you get older where you don’t care as much about what anybody thinks has made me more conscious of the importance of being honest with yourself, of answering the question you’re asked. By not doing so, in ways that may even seem irrelevant, you are denying part of you and over a long period of time that causes wounds. Not lying is not the same as telling the truth.

    So if you’ve managed to read this far without dying of boredom, well done and a reminder for all, not least myself this Pride month –

    Be Proud. Be honest. Speak your truth. Be you!

    Can your network protect you against current Ransomware trends News

    Can your network protect you against current Ransomware trends?

    Can your network protect you against current Ransomware trends (1)

    The current ransomware landscape:

    As most companies are now aware, Ransomware has become one of the top threats to an organisations infrastructure and security. Ransomware is malicious code that renders the files and/or operating environment of an endpoint unavailable until a payment is made to the cyber criminal.

    According to Gartner, the rapid evolution and sophistication of cyber attacks and the migration of assets to the hybrid multi-cloud create a perfect storm. IT leaders must integrate security tools into a cooperative, consolidated ecosystem using a composable and scalable cyber security mesh architecture (CSMA) approach. 1

    Every organisation has multiple opportunities to stop a ransomware attack before it steals any data and creates locks on computers and files. The more sophisticated ransomware is becoming, the more stages there are within an attack. In the ideal world, the objective is to prevent an attacker from gaining a foothold that will allow them to begin their attack. Prevention is the key phrase here, and is a step some organisations can forget about. However, if an attacker does get in, the next stage would be equipping the organisation to detect, identify and respond to the early stages of an attack, such as network discovery, command and control communications, lateral movement, data collection and staging, ex-filtration and encryption are critical.

    By 2024 Gartner envisions that organisations adopting a CSMA to integrate security tools to work as a collaborative ecosystem will reduce the financial impact of individual security incidents by an average of 90%.1 Backing this with well-trained, -skilled, and -practiced employees, staff, and service providers helps organisations greatly reduce their risk of ransomware.2

     Key steps in reducing ransomware risk:

    We have seen a huge move in digital organisations to enable work-from-anywhere and utilise cloud services. While we all know the benefits of this model, it can also open up a greater range of possible entry points for ransomware campaigns.

    According to our partners Fortinet, the entirety of the attack surface must be identified and security controls distributed across it, including office and home work spaces, corporate and public networks, hybrid and cloud applications, workloads, user and IoT devices, and more.3

    Isolation: According to Network security experts the first step that should be taken, is to isolate the ransomware to prevent the spread from one device to another through their network connections. To do this you should shut down the system that has been infected. Shutting it down prevents it from being used by the malware to further spread the ransomware.

    As ransomware becomes more sophisticated, and organisation become more susceptible to multistage ransomware campaigns that are designed to evade traditional technologies, organisations need to complement strong threat prevention with ongoing inspection for attacks that may have slipped through.

    Identify: The next step is to identify the type of malware the attack is using. This will highlight the specific case of ransomware used to infect your system. In most cases within Ward solutions, knowing the kind of malware used can help an incident response team find a solution. We are familiar with all the latest strains of ransomware and when a new strain appears, we ensure we are educated as soon as possible. It is important for your team to have the same level of familiarity if possible.

    Our partners Fortinet say, “The decryption keys of some ransomware attacks are already known, and knowing the type of malware used can help the response team figure out if the decryption key is already available. If it is, they can use it to unlock your computer, circumventing the attacker’s objective.” 4

    It is important to note that your IT team or a Ward solutions security consultant can determine other ways of dealing with the attack once the malware has been identified.

    To understand your remediation options, your IT team or outside consultant will need to know what kind of malware they are dealing with, making early identification a critical step.” 5

    Integration: Another key component in protecting your network from ransomware attacks is to close the gaps within departments and break down silos. Doing this removes the ambiguity of identifying individual aspects of a ransomware attack or cyber campaign components. The quality of individual controls will always remain an important factor in network security, it is vital that the sharing of this knowledge is seamlessly integrated throughout the company.

    Ensure scalability: As ransomware attacks and threat volumes increase, and are currently at the highest recorded levels, team and network design must be enabled for high scalability.

    “Utilise artificial intelligence (AI) and other advanced analytics to supplement human security experts. But don’t overlook the human element—augment teams with outsourced expertise for after-hours coverage or specialised security skill sets and continue to raise security awareness among employees.” 6

    We at Ward solutions understand the difficulties in employing an organic model that allows for scalability. Your SOC and NOC team are more than likely at maximum capacity when it comes to dealing with ransomware attacks. Our experts provide a 24 x7 model with OPEX opportunities that allow teams within the organisation feel relaxed knowing our team is there to help.

    Ward Solutions is a full service, full security lifecycle provider. If you don’t have the right manpower, tools and expertise then consider partnering with a Security consultancy and managed cloud security service provider with the knowledge and skills to help supply or augment your CISO, Security engineering and security operations resources. Talk to us today to see how we can help.

     

    Network security assessment

     

    Careers

    I still get nervous when I interview

    Verona Daly, People & Talent Partner

    I still get nervous when I interview.

    I thought that when I was the one doing the interviewing, I wouldn’t be nervous anymore, that for some magical unknown reason, I’d suddenly be super cool and confident. I guess I assumed that once I had done it enough, it wouldn’t make me nervous anymore.

    I do have a couple of theories as to why I felt this way. Maybe it was the theatre kid in me – once I was off book, had my scripted memorised and I stepped on stage, I wasn’t nervous. Maybe mistakenly, I thought that recruitment would be similar to that. I suppose in some ways it is, recruitment is a performance. It’s not quite the same as playing a fictional character, but it’s a performance nonetheless and a performance I’m still nervous for.

    Now obviously, I’m not nervous for myself these days, but that doesn’t mean I don’t remember how those nerves felt. I’m a big believer that nerves are good, and we should appreciate them for what they are. Nerves are not a sign of weakness or insecurity; nerves are a sign of passion. Of genuine interest, of a desire to have something go well. It all depends on what you do with those nerves that make or break you.

    In order to not break with the nerves, I dance. I’d really like to stress here that I am in no way coordinated, rhythmic or a talented dancer, nor am I claiming to be. What I mean when I say ‘I dance’ is that I dance it out. If you’ve ever seen Grey’s Anatomy, you’ll understand what I’m talking about. Meredith and Christina – when things get tough – they dance it out. I have to say, it works. It works spectacularly well, because for however long you’re dancing it out, your mind is not thinking about what’s to come.

    I’m not talking about a perfectly choreographed dance either, I really mean just mean shaking it off, being messy and just moving your body to get that blood flowing, and it’s something you can do anywhere. For my final interview for this very role, I was in work. I couldn’t get the time off, couldn’t book a private room anywhere, so I ended up doing my final interview with my now manager, surrounded by shoe boxes in the corner of a stockroom. I still danced it out, even in that tiny space, sitting in an office chair I’d taken with me. Our Stockroom Manager saw me dance for 4 minutes and 21 seconds to ‘August’ by Taylor Swift, just before I hopped onto a final round interview for a job I really wanted.

    Even now, six months into my job, I still dance it out when I get nervous. If I have a candidate moving to a final round interview, if I have a screening call with someone that I’ve been trying to get, I’ll still shake it off, because I still get nervous in these situations. If you thought I was nervous when I was interviewing for my own job, you should’ve seen my first ever screening call. I could feel the nerves in my stomach waiting for the moment I could call my candidate. What did I do? I set aside a few minutes, and I danced around my room. Similarly, to when I was on the other end of the phone, it worked; I was less nervous and felt I gave my candidate a better screening call because of it.

    I would really like to stress, my dear reader, that I’m not saying that I got a job because I danced to Taylor Swift just before a final round interview (although, I have managed to work her in to every project I’ve done since). I’m not even attempting to say that I got this job because I was relaxed in the interview and not stressed. It’s not a fool proof method, I’ve used it many times and didn’t get the job I wanted, but I’ve always felt that I’ve given a better interview after it, and felt like a better interviewer because of it.

    Being honest, it very well could be a placebo effect of sorts. In my mind though, I was much more relaxed while doing my interview, I was much less nervous than I would have been, and I was able to concentrate more on being in the moment instead of fretting over what I had just said and immediately wishing I could swallow my own words.

    No one is confident and cool all of the time. No one is above nerves. No one has the right to take your nerves are use them against you. You should be in control of your own nerves, and embrace them. Use them as motivation, as a lesson, or break them. Maybe for you, it won’t be dancing, it could be meditating, it could be deep breathing exercises, it could be going for a walk. It could be anything in the world that isn’t just sitting still, 5 minutes before an interview, letting your mind wander into what if’s and overly rehearsed answers.

    So, to circle back to my original point, I still get nervous when I interview and that’s okay! That’s what separates me from a robot; it’s me, a real person, sitting behind the screen. It makes me flawed and human, it makes me invested into my candidates. I want the candidate I’m talking with to do well. I want them to succeed, I want them to have the perfect interview experience / candidate journey (whether or not that exists is a topic for a different blog) and want them to walk away from our interview thinking that they could be happy here. That they can tell the kind of people we are and the kind of environment we work in, and it’s one they want to join.

    The best thing about these nerves? I have the ability to feel this way at Ward, to be emotional, to be nervous, to advocate for my candidates, ask ridiculous questions (like how to pronounce SIEM!) and dance it out, and never once feel judged or look down upon. It’s scary to do an interview, from both sides of the interview table, so do what you need to make it more comfortable for you.

    News

    The top 6 things CISO needs to do to…

    Whether you are a CISO actively pursuing a cloud security transformation or a CISO supporting a wider digital transformation, you are responsible for securing information for your company, your partners, and your customers.

    Enabling a successful digital transformation and migration to the cloud by executing a parallel security transformation ensures that not only can you manage risks in the new environment, but also you can also fully leverage the opportunities cloud security offers to modernize your approach and net-reduce your security risk.

    To secure your organisation from cloud transformation risks, CISO’s should channel their efforts in the following 6 major areas:

     

    Build and sustain a security culture that transcends all deployment and technology models

    Cloud adoption offers the CISO both opportunities and risks. A significant business driver for cloud adoption is to accelerate development and time to market timelines, with reduced time to release and between releases. Cloud also offers the opportunity to organisations to partially outsource some roles – for example hardware, network architects etc. Cloud adoption offers organisations the option to dispense with legacy perimeter based security models and embrace new security paradigms such as Zero Trust.  Speed, simplicity should not compromise security. Regardless of model, driver or paradigm you need an appropriate security culture. The following principles are universally applicable, in the cloud, on premise or hybrid:

    • Secure by design, secure by default
    • Follow a risk based approach
    • Security is your responsibility not someone else
    • Everyone needs to be security and risk aware
    • It’s not if but when you will have a security incident
    • You need a structured and sustainable approach to security
    • You need a continuous improvement mind-set
    • Don’t reinvent the wheel – use existing frameworks, standards, controls such as ISO27001, NIST, Cloud Security Alliance (CSA) and Common Controls Framework (CCF)

     

    Research and verify your cloud providers capabilities and collaborate

     Understanding a cloud security vendors in-cloud security capabilities is important in both cloud vendor selection but also in term of your strategy to secure your services in that particular tenancy.  Its safer to assume your cloud provider does not provide the security controls you require, until your due diligence activities prove differently. You need to consider the basic security functionality of the vendor e.g. access controls, authentication, encryption, etc. You should consider the vendors security philosophy e.g. whether secure by design, secure default etc. You also need to review features such as data retention and backup plans, disaster recovery capabilities, data residency options and features. You should assess the vendors commitment to security in terms of their current and historic investment, their security innovation, the maturity and rating of their own in cloud security features and their partnerships and alliances. Just because a vendor has a cloud native security technology baked into their cloud offering, does not mean that that particular security technology is good or effective. So look to truly independent ratings and assessment of security technologies to select the most appropriate technology and vendor for your cloud security needs. Be careful of “security awards” type ratings. The commercial operations of some of these award type of ratings can compromise the independence and objectivity of their assessment or review content.

    Understanding the responsibilities, your cloud providers have, and the responsibilities you retain, are important. Equally, so are the methods you will use to assure the responsibilities that both parties have, including working with your cloud service provider to consume solutions, updates and best practices so that you and your provider have a “shared fate”.

    Review careful the cloud vendors policies, service levels agreements and contracts with respect to security. Consider security from whole of cloud life scenarios – e.g. selection, proof of concept, on-boarding, BAU operation, change management, crisis management and exit.

    Major cloud vendors typically no longer allow discrete due diligence on the part of customers such as security audit and penetration testing of their services. Organisation typically need to rely on accreditations, 3rd party security audit and testing reports commissioned by the vendor. CISO need to satisfy themselves that these are adequate in scope, frequency and completeness to their needs, including not just certification compliance audits and penetration tests but other disaster recovery tests, customer service audits, incident response reporting etc.

     

    Focus on security management and inter-operability

     Most organisations will have multi and hybrid cloud solutions. You need to be able to operationally and economically manage your cloud estate from a security perspective. Best of breed, cloud native, vendor specific highly innovate security solutions rapidly lose their value and security effectiveness to a CISO if they cannot be easily managed and interoperate with other security technologies and security management solutions. Organisations are striving where feasible for “single pane of glass” visibility, single or small number of policy management, security administration, security operations, reporting monitoring and response solutions. Given factors such as increased risks, threat actors, incident costs and sophistication of attacks cyber security skills shortages etc. organisations are also looking for increased security automation and response.  Disruptive solutions that don’t neatly fit these requirement need to be critically assessed to see whether the disruptive/innovative nature of that security solution adds sufficient value to the likely extra security management overheads that the CISO and their staff may incur in utilising them.

     

    Transferring security risks

     As services are moved into infrastructure as a service (IaaS) hosting models, the business assumes less direct risk regarding hardware provisioning. The risk isn’t removed, instead it’s transferred to the cloud vendor. Should a cloud vendor’s approach to hardware provisioning provide the same level of risk mitigation, in a secure repeatable process, the risk of hardware provisioning execution is removed from corporate IT’s area of responsibility and transferred to the cloud provider. This reduces the overall security risk that corporate IT is responsible for managing, although the risk itself should still be tracked and reviewed periodically.

    As solutions move further up the stack to incorporate platform as a service (PaaS) or software as a service (SaaS) models, additional risks can be avoided or transferred. When risk is safely moved to a cloud provider, the cost of executing, monitoring, and enforcing security policies or other compliance policies can be safely reduced as well. CISOs need to assure themselves of the competence, capability and risk management of the vendors as well as the details of the contracts, service levels and insurances in order to ensure that these risks are actually transferred and managed.

     

    Focus on knowledge, skills and quality assurance to minimise Cloud Security misconfiguration risks

     Rapid new cloud, multi-cloud, shadow IT adoption coupled with rolling cloud development and releases increase the likelihood of cloud misconfigurations that can compromise your  security. According to the Fortinet 2021 Cloud Security Report, 67% of surveyed cybersecurity professionals stated that misconfigurations remain the most significant cloud security risk facing their companies. This is because when a user or team specifies settings that fail to provide adequate cloud data security, attackers can exploit those misconfigurations to compromise or steal data. Misconfigured cloud-based resources create risks for critical environments that can result in unexpected costs and disrupted services.

    Ease of purchase and apparent ease and speed of deployment and configuration often means that your own or 3rd party administrative or development resources are not adequately trained or experienced on designing, deploying or operating appropriately hardened services.

    Threat actors increasingly target misconfigurations as part of their attacks because they can move laterally within an organization’s infrastructure. This should be top of mind for CISOs as they look to secure their organization’s cloud environments.

    To address this CISOs should focus on ensuring that:

    • You use an appropriate secure systems development lifecycle (SSDLC) to risks assess and specify security requirements, to ensure secure design, secure by default deployments and change and to ensure quality control/testing tests for security as well as functionality and performance.
    • Your own and any 3rd party resources involved in design, deployment, development, administration and support of cloud services have appropriate security, secure administration, secure development and secure support skills and experience in each of the relevant cloud vendors that they service. Most vendors have a range of accredited training for architecture, design, administration, development, operations, support and security of their cloud services. Ensure resource have appropriate accreditation, but also look at their experience and their performance to service levels including security service levels.
    • You perform regular audit and testing pre deployment and during operation to identify and remediate security weaknesses, misconfigurations
    • You deploy appropriate include security technologies and controls as well as 3rd party solutions commensurate with appropriate remediation of identified risk
    • You perform regular security operations such as security monitoring, vulnerability management, security auditing, backup and disaster recovery testing etc.

     

    Evolving your security architecture and how security roles are performed

    In addition to working with new collaborators in your cloud service providers, your security organisation will also change how it works from within.  While every organization is different, it is important to consider all parts of the security organisation, from policies and risk management, to security architecture, engineering, operations and assurance, as most roles and responsibilities will need to evolve to some extent. There most likely will be a need for rapid new security skills acquisition. Your security models and frameworks may also need to change e.g. SecDevOps to reflect the shortened release cycles and deployment models. Similarly you may have new security paradigms such as Zero Trust, cloud native SIEM/XDR and integrated SOAR, adaptive authentication etc that you may wish to exploit in your cloud services.

    Some of these paradigms may be adaptable across your multi vendor and hybrid environments and thus may result in a paradigm shift across your whole digital estate. Some may not and thus you may need to operate different paradigms in different environments and manage user and customer experiences as well as administrative, operational and support models accordingly.

    Your transformation to cloud security is an opportunity to rethink your security-operating model. How should security teams work with development teams? Should security functions and operations be centralized or federated? As CISO, you should answer these questions and design your security-operating model before you begin moving to the cloud. Our whitepaper helps you choose a cloud-appropriate security-operating model by describing the pros and cons of three approaches.

    Each organization’s cloud strategy is tailored to its own needs, meaning that no one-size-fits-all approach to security exists. Most companies use more than one cloud service provider to mitigate the potential for a single-point-of-failure.

    For example, organisations may use different cloud providers for:

    1. Data backup
    2. Application resiliency
    3. Disaster recovery
    4. Global coverage

     

    Supporting this, the Fortinet cloud security survey found that:

    73% of organizations are pursuing a multi- or hybrid cloud strategy

    33% of organizations are running more than half of their workloads in the cloud

    56% of organizations will be running more than half their workloads in the cloud over the next 12-18 months

    The cloud provides the scalability, integration, and business continuity capabilities that companies need. While many will continue to maintain an on-premises presence, hybrid accounts for more than one-third of deployments.

    Organisations operate in a diverse and expanded digital landscape. Because of this, CISOs and security teams often struggle to manage and secure the various private and public cloud workloads and environments. Despite the benefits of multi-cloud adoption, the current strategies and multiple tools add extra layers of management complexity. And they only become more complex when organizations add cloud services in an ad hoc manner, creating management and operational challenges that also increase operational costs.

    On top of this, few IT teams have the expertise needed to manage a hybrid deployment that includes multiple public clouds, private cloud, and on-premises environments, leaving CISOs struggling to get ahead of any potential issues.

    Ward Solutions is a full service, full security lifecycle provider. If you don’t have the right manpower, tools and expertise then consider partnering with a Security consultancy and managed cloud security service provider with the knowledge and skills to help supply or augment your CISO, Security engineering and security operations resources. Talk to us today to see how we can help.

     

     

    News

    The top 6 things CISO’s should be doing to…

    Every organisation works or partners with key suppliers to provide non-core services or resources to their organisations. Supply chains are often large and complex. Securing your supply chain is important. Disruption or compromise to your supply chain may affect your brand, your revenue, core business operations, your customers, your staff, and legal, regulatory, contractual compliance. To protect your organisation from supply chain risks CISO’s should channel their efforts in the following 6 major areas:

    1. Clarify your CISO supply chain scope

    Supply chain security is a whole of business issue, not just an IT issue.  CISO’s rightly have a specific role in managing the risks associated with IT and digital related suppliers and services. It is very important to agree with the enterprise risk and procurement roles within your organisation the exact scope of CISO responsibility for supply chain assurance and controls. Grey areas such as shadow IT services, building management systems, integrated or managed services needing to “plug in” to your enterprise infrastructure services such as network, remote access, email, API access etc. needs agreed demarcation points,

    You also need a process for selecting, assuring, on and off boarding, operation, change management etc. Shadow IT SaaS services also needs particular CISO attention, business awareness and compliance. Ensure you generate awareness of supply chain risk, the need for processes and controls within your organisation and what your standard requirements and policies are.

    2. Use risk and maturity assessment based approaches

    Security budgets, time and personnel are all scarce resources. You need to ensure that you are spending wisely, optimising your security controls effectiveness. One of the best methods to prioritise your efforts and spend is to use a risk-based approach. Supply chain risk management should be part of your overall organisations enterprise risk management process. Use risk management tools to identify high-risk, high-impact suppliers and target your efforts and security controls to mitigate those risks first. High-risk high impact suppliers from a cyber-risk perspective are not always key strategic suppliers to your business. So you need to be mindful for example that a relatively low profile HVAC supplier credential compromise was the ingress point to the Target retail network in the US, resulting in one of the largest data breaches in history.

    You should use recognised processes and methodologies such as ISO28000 – specification for security management for the supply chain, ISO31000 for risk management and ISO27001 for Information Security Management, coupled with some maturity models such as CMM and CPNI to rank or rate supplier information security and supplier’s personnel capabilities. You also need a reasonably deterministic way of assessing your IT and digital suppliers based on parameters relevant to your organisation such as the value and sensitivity of the information or assets, which they processes, hold, supply or have access to.

    3. Know your suppliers and the risks they pose

    In order to properly risk asses you need to know who your suppliers are. You need to work with procurement and risk functions so that you have a comprehensive inventory of existing suppliers and your team are part of the process for identifying existing and new suppliers and services of relevance to your CISO supply chain scope. Using the methodologies above you need to assess the capabilities and the security arrangements of your suppliers and their sub suppliers. Also assess whether your own CISO and IT organisation are a supplier to your organisation and to your own customers and ensure that you enforce and meet any requirements that you are asking your supply chain to meet on your own service supply. This consistency helps ensure your controls and standards are relevant and your whole organisation is familiar with your standard.

    • Know the critical information assets your supplier supply or have access to

    You need to know, from your overall enterprise risk assessment the inventory and classification of your information assets and the controls to be applied to manage the risks you have identified to these assets. Your supplier due diligence then need to assess which supplier has access to these assets and their capability maturity. You then assess and define the controls they apply or propose applying to these assets to determine whether they are adequate or not.

    You need to know and understand the sensitivity of the contracts you are or will be letting and the information assets impacted by these contracts and suppliers

    4. Establish workable supply chain controls

    Set supply chain security goals. Clearly communicate both your minimum and desirable security requirements and supplier responsibilities at procurement stage. Ensure security requirements and capabilities are appropriately weighted metrics in your evaluation, selection and renewal criteria and in supplier contracts. Control your supply chain by establishing the right to audit and any reporting requirements. You should have regular interaction, visibility and reporting of BAU and exceptions from suppliers as to their security status prior and in addition to conducting any supply chain security audits.

    Security controls only work in your own or any third party organisation when they meet Specific Measurable, Achievable, Realistic, Timely (SMART) criteria. Some controls may not be economic to implement and other risk management mechanisms such as transference (insurance) or acceptance of the risk may be required.

    Consider whether it is necessary to integrate your suppliers into your cyber security incident handling and response processes. If this integration is required then ensure that the supplier understands their roles and responsibilities in this process. Identify if any required systems integration is needed in your IR process (e.g. helpdesk etc) and that contact matrices are fully documented and kept up to date. Consider whether suppliers need to be exercised and tested as part of any incident response rehearsals that your perform.

    5. Systemically operate controls

    Define processes for on boarding of suppliers, continuous monitoring and validation of in particular high risk, high priority suppliers.  Aim for consistency and sustainability of compliance with your supply chain controls and service levels over the lifecycle of supply. Identify conformity, reward consistently compliant suppliers. Remediate non-conformity by either allowing the supplier improve their performance or terminating and substituting with a better performing supplier. For newer suppliers or immature suppliers you may need to train and provide guidance, tools and processes to assist with controls. Ensure you have mechanisms for regularly reviewing your risks and modifying your controls as appropriate to remediate newly identified risks. Your supplier contracts need to cater for re-assessment and changes to required controls. For critical suppliers you should have resilience and redundancy in your supply chain. Best practice is to ensure regular contract renewals at appropriate intervals with reassessment of risks and improvement to existing supplier capabilities and value add.

    Establish continuous improvement and consider initiatives such as supplier collaboration and security information and threat intelligence sharing, outputs of after action reviews etc. to promote better understanding of emerging supply chain attacks

    6. Validate, Trust, Validate

    For newer supply relationships you may wish to satisfy your organisation as to the suppliers conformance and performance through references, independent audits prior to and shortly after on boarding. Once a pattern of performance and compliance is established, you may be able to “trust” this supplier depending on self-reporting with more limited or less frequent audits. For problem suppliers you may need audits that are more regular and increased self-reporting. For critical suppliers you may need higher levels of assurance, regardless of “trust”. In the event of supply chain compromise or non-conformance, you may need to either terminate or replace. Alternatively, you may default back to lower levels of “trust” with higher levels of audit and reporting until appropriate equilibrium is re-established. Supply chain breaches, similar to any breach, should always have after action review, assessment of the issue/vulnerability across the entire supply chain with appropriate risk management and control adjustments as required.

    Ward Solutions is a full service, full security lifecycle provider. If you don’t have the right manpower, tools and expertise then consider partnering with a Security consultancy and managed cloud security service provider with the knowledge and skills to help supply or augment your CISO, Security engineering and security operations resources. Talk to us today to see how we can help.

     

    News

    Security Advisory – Spring users face two new zero-day…

    What is ‘Spring’?

    The Spring Framework is an open-source application framework that provides infrastructure support for developing Java applications. A framework is a large body of predefined code to which developers can add code to solve a problem in a specific domain.

    Vulnerability Overview

    CVE-2022-22963 (CVSS 9.8 (Unofficial) – Critical) – Remote code execution in Spring Cloud Function by malicious Spring Expression

    A Critical severity vulnerability impacting multiple versions impacts Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions was disclosed publicly on March 28th.

    In Spring 3.1.6, 3.2.2 and older version when using routing functionality, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

    CVE-2022-22965 (CVSS – 8.1 – High) – Spring Framework RCE via Data Binding on JDK 9+ “Spring4Shell”

    A High severity vulnerability was responsibly reported to VMware on 29th March. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Spring Framework version 5.3.0 to 5.3.17 & 5.2.0 to 5.2.19 are reported as being vulnerable. Older, unsupported versions are also affected.

    It is worth noting that certain prerequisites are required to benefit from Spring4Shell. That is, the code needs to be exploitable. For the Spring4Shell vulnerability, those who use the following may be at risk:

    • Java Development Kit 9 and higher
    • Spring-Beans package
    • Spring parameter binding
    • Spring parameter binding using non-basic parameter types like POJOs

    Recommendation – Prevention

    • Apply appropriate vendor patches
    • (CVE-2022-22965) If you’re using the Spring Framework, upgrade to versions 5.3.18+ and 5.2.20+.
    • (CVE-2022-22963) If you’re using the Spring Cloud Function library, you must upgrade to 3.1.7+ or 3.2.3+ to prevent an RCE attack.
    • Ensure NGEN Firewall / IPS has appropriate signatures
    • Ensure EPP/EDR policies are set to block all types of malware from executing

    Spring has released a critical update for its system in the wake of vulnerability being discovered. Cybersecurity company Praetorian has also issued advice to technical teams to help them spot and block dangerous code.

    Recommendation Detection

    For those hosting applications using Spring, you can detect this vulnerability by:

    • Performing vulnerability scanning on your environment, prioritizing the network perimeter
    • Monitoring and performing threat hunting activities

    For application developers you can detect this vulnerability at three different phases of the application lifecycle:

    • Build Process: Use and image scanner to analyze contents and build processes of a container in order to detect security issues, vulnerabilities, or bad practices.
    • Deployment Process: Implementing image scanning on the admission controller, it is possible to admit only the workload images that are compliant with the scanning policy to run in the cluster
    • Runtime Process: Using a Runtime detection engine tool like Falco, you can detect attacks that occur in runtime when your containers are already in production.

    If you believe you are affected or vulnerable based on the criteria above, consider shutting down a service if it is exposed to the internet, and follow our recommended prevention actions.

    For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices, where applicable.

    A list of indicators of compromise has been added to all Ward SIEM tenancies to detect threat activity. This is being updated as more are published.

    If you would like additional information or would like support in assessing and protecting your environment:

    For managed services customers, they can contact our service desk via https://servicedesk.ward.ie or by phone:

    or alternatively for those with formal support agreements contact your account manager, as appropriate.

    Please share this information with any other IT professionals that you are working with.

    Further Reading: