Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2020

Beware of Google Docs Spam

Netskope Threat Labs is warning users to be careful of spam messages being shared via Google Docs. The spam messages come in the form of a comment on a document or presentations and are sent by [email protected]. Both the comment and the document link the user to a spam or scam website. Because the messages are sent by Google Docs, it is likely that your spam filters do not detect and block these messages. In fact, docs.google.com may be explicitly allowed by your spam filters.

How to Set Up an SSH Jump Server

In this blog post we’ll cover how to set up an SSH jump server. We’ll cover two open source projects. Both of these servers are easy to install and configure, are free and open-source, and are single-binary Linux daemons. An SSH jump server is a regular Linux server, accessible from the Internet, which is used as a gateway to access other Linux machines on a private network using the SSH protocol.

Introducing Advanced Analytics

Every organization is adopting the cloud, but there are some companies that are reaping a larger number of benefits from cloud transformation than others. Making an effort to adopt the cloud is simply not enough to realize the benefits. The organization that prepares for efficiently managing risk will be able to capture a larger percentage of the benefits than one that has not.

4 Considerations for a Secure Cloud Environment

Digital attackers are increasingly turning their attention to the cloud. According to the 2020 Trustwave Global Security Report, the volume of attacks targeting cloud services more than doubled 7% in 2018 to 20% a year later. This growth made cloud services the third most-targeted environment after corporate and e-commerce at 54% and 22%, respectively. These trends highlight the need for organizations to secure their cloud environments.

The Future of Security and The Inevitability of Remote Working

By this time in 2020, you’re probably well past the panic of pandemic cybersecurity. The “New Normal” isn’t very new anymore and what was once perceived as short term crisis management of security is looking more like a long term solution. As we look ahead, it’s important to look at what we’ve learned from this situation, as security professionals and how we can apply that to the long road we still have ahead of us.

10 Takeaways About the Impact of 2020's Uncertainty on Security

This week Netskope hosted our annual executive briefing with the US Embassy in London, converted, in common with many events this year, into an online webinar. We wanted to take the opportunity to consider what impact this year’s unprecedented changes and uncertainty were having on the cybersecurity landscape.

How Netskope NewEdge Takes SD-WAN to the Next Level

With Gartner releasing its latest Magic Quadrant for WAN Edge Infrastructure earlier this month, it seemed an appropriate time to explore the intersection of SD-WAN and SASE. Both of these technological approaches hold great promise and are large, billion-dollar markets, sharing the common goal of connecting users to the data and applications critical to doing their job. The two technologies demonstrate the increasing overlap and tightening linkage between networking and security investments.

Announcing Netskope's Upcoming Integration for Splunk Mission Control

Today’s security operations require coordinated efforts from multiple team members, many of whom are in different roles and technology specializations. Complexity inhibits the ability to conduct time-sensitive operations such as incident response. Security engineers and the threat hunters have to be on the same page when it comes to establishing priorities and conducting investigation, across the entire detection & response lifecycle.

Session Control for SSH and Kubernetes in Teleport 4.4

Teleport 4.4 is here! The major innovation we’re introducing in this version is much improved control over interactive sessions for SSH and Kubernetes protocols. We’ll do a deeper dive into session control later, but for those who aren’t familiar with it, Teleport is an open source project. It provides access to SSH servers and Kubernetes clusters on any infrastructure, on any cloud, or any IoT device, anywhere, even behind NAT.

Teleport 4.4: Concurrent Session Control & Session Streaming

A SSH session can be interactive or non-interactive. The session starts when a computer or human connects to a node using SSH. SSH sessions can be established using public/private key cryptography or can use short lived SSH Certificates, similar to how Teleport works. Organizations often want to know who is accessing the systems and provide a greater level of control over who and when people are accessing them, which is where Teleport 4.4 comes into play.

3 Ways to Ensure Your Security Policies Survive the Transition to the Cloud

By 2025 the amount of data stored in the cloud by both governments, organizations, and individuals will exceed 75 Zettabytes – an estimated 49% of the world’s 175 zettabytes of data at that time. This trend has no doubt been accelerated by COVID, as organizations have been forced to shorten cloud migration timeframes to ensure business continuity during the pandemic.

Strategically Managing Cloud Resources for Security, Fun, and Profit

The first time I created a cloud compute instance, then still called a “Cloud VM”, was an almost transcendent moment. It was like magic. I was at my first organization which had adopted the cloud, in my first DevOps position, and I immediately knew that the world had changed.

The Cloud Network Security Gap

Before we dive into the gap in cloud network security, let’s take a step back. If you’ve been in Operations for a while, you might remember how it used to be. “Network” was a team. When you needed to open a port on the network, you had to provide an exhaustive definition of the change, explaining what port you needed, what external addresses should be able to reach it, and where it should be routed to internally.

A Few Minutes More: Add Xray DevSecOps to Artifactory Enterprise on Azure

In a prior blog post, we explained how to install or update Artifactory through the Azure Marketplace in the amount of time it takes for your coffee order to arrive on the counter. Now you can add to your self-managed (BYOL) Artifactory deployment Xray, the cream of software component analysis (SCA) tools, through the Azure Marketplace as well.

Shared Responsibility and Configuration Management in the Cloud: SecTor 2020

A number of high-profile data breaches have resulted directly from misconfigured permissions or unpatched vulnerabilities. For instance, the 2017 Equifax breach was the result of exploiting an unpatched flaw in Apache Struts allowing remote code execution. More recently, the Capital One breach last year stemmed from a misconfigured web application firewall. Verizon’s 2020 DBIR reported that only hacking was more prevalent than misconfiguration errors as the culprit of data breaches.

Featured Post

Container Inspection: Walking The Security Tightrope For Cloud DevOps

Containers are at the forefront of software development creating a revolution in cloud computing. Developers are opting for containerization at an impressive rate due to its efficiency, flexibility and portability. However, as the usage of containers increases, so should the security surrounding it. With containers comprising of many valuable components it is of the utmost importance that there are no vulnerabilities exposed when developing applications, and risks are mitigated before containers, and their contents, reach the end-user.

Detecting Google Cloud Platform OAuth Token Abuse Using Splunk

In a recent post by the Splunk Threat Research team, we addressed permanent and temporary token/credential abuse in AWS and how to mitigate credential exposure. With 94% of Enterprises using a cloud service, and some using at least five different cloud platforms, it’s imperative to stay ahead of threats across multicloud environments. Let’s now turn our attention to Google Cloud Platform (GCP) and how to detect and mitigate OAuth Token Abuse.

10 AWS Best Security Practices Guide

More and more companies choose to migrate to a Cloud infrastructure to take advantage of new resources, an elastic storage power and agile deployment, nevertheless IT professionals are not always trained to secure these new technologies. Like traditional infrastructures, a public Cloud infrastructure services requires the implementation of security measures and controls by their users. Enterprises must adapt their security policy to these new technologies to reap the Cloud benefits without increasing their cyberattacks exposure area.

You Can Run, But You Can't Hide: Detecting Malicious Office Documents

Malicious Microsoft Office documents are a popular vehicle for malware distribution. Malware families such as Emotet, IcedID, and Dridex use Office documents as their primary distribution mechanism. Several recent Emotet attacks used a novel approach to sending email baits and hosted the malicious documents in cloud apps to increase their success.

It's All About Access: Remote Access Statistics for Public Cloud Workloads

“The more things change, the more they stay the same.“ In the recent Equinix breach in September 2020, 74 RDP servers were exposed to the Internet. Any publicly exposed ports are a risk but remote access protocols such as RDP have had their share of critical vulnerabilities (e.g., BlueKeep in 2019).

Securing Cloud Environments: Staying on top of cloud configurations to prevent data leaks.

Securing Cloud Environments: Staying on top of cloud configurations to prevent data leaks with PJ Norris, Senior Systems Engineer. Shares new research Shows common mistakes Offers solutions that help with hardening and compliance in the cloud

Detect Ransomware in Your Data with the Machine Learning Cloud Service

While working with customers over the years, I've noticed a pattern with questions they have around operationalizing machine learning: “How can I use Machine Learning (ML) for threat detection with my data?”, “What are the best practices around model re-training and updates?”, and “Am I going to need to hire a data scientist to support this workflow in my security operations center (SOC)?” Well, we are excited to announce that the SplunkWorks team launched a new add-

The Future of Work: Enabling the Not-so New Normal

At this point in the pandemic, you’re probably tired of everyone referring to remote working as “the new normal.” Large companies like Facebook, Google, and Twitter have already announced that they will be working from home until the end of 2020 at the earliest, or as far out as August 2021. So, if these companies are any indication, we will all still be working from home for the foreseeable future.

What Are Cloud Leaks?

It seems like every day there’s a new incident of customer data exposure. Credit card and bank account numbers; medical records; personally identifiable information (PII) such as address, phone number, or SSN— just about every aspect of social interaction has an informational counterpart, and the social access this information provides to third parties gives many people the feeling that their privacy has been severely violated when it’s exposed.