Last year, Capital One showed the world why data governance is so important when it was the victim of a massive data breach that exposed the personal data of 106 million customers. It is still one of the biggest hacks ever recorded, and the company has now been fined $80 million by banking regulators. A “what’s in your wallet” meme would work great here, but let’s keep this classy.
No one wants to be the next Equifax. Just thinking about their company’s name being in a headline along with the words “security breach” is enough to keep CISOs up at night. Much like Fight Club, however, the first rule of data breaches is: You do not talk about security breaches...unless you’re mandated by notification laws like GDPR. Even though organizations don’t reveal much publicly, their concern is reflected in the amount of money spent to prevent cyber attacks.
Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.” In football, as in life and IT Security, starting with the basics is the most important step you can take. Don’t assume anything. So, let us begin with the basics. CIS is the Center for Internet Security.
The Cybersecurity Maturity Model Certification (CMMC), drafted by the Department of Defense (DoD), is a new standard set to enhance supply chain security and augment the NIST SP 800-171—Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations. A key difference between the NIST SP 800-171 and a CMMC is the removal of a self-attestation component in favor of a third-party assessor model.
I witnessed the transition from bespoke authentication to standards-based authentication. It’s time to do the same for authorization. Twenty years ago, almost everything in the IT world was on-premises: hardware and software, including the tools you used to verify who your users were and what they could do in your systems.
Healthcare providers heavily leverage technology. In his talk, Seth Fogie, information security director at Penn Medicine takes apart different vendor systems at the “fictitious” Black Hat Clinic. Fogie gives a lot of examples and drives home the point that you shouldn’t just look at network security … you have to dig deep into the applications to ensure the security of your data.
Adversarial machine learning (ML) is a hot new topic that I now understand much better thanks to this talk at Black Hat USA 2020. Ariel Herbert-Voss, Senior Research Scientist at OpenAI, walked us through the current attack landscape. Her talk clearly outlined how current attacks work and how you can mitigate against them. She skipped right over some of the more theoretical approaches that don’t really work in real life and went straight to real-life examples.
In this blog, I will walk you through the process of configuring both Filebeat and Zeek (formerly known as Bro), which will enable you to perform analytics on Zeek data using Elastic Security. The default configuration for Filebeat and its modules work for many environments; however, you may find a need to customize settings specific to your environment.
Remember that high school teacher who was never more than one chapter ahead of their students? Well that is me, in this blog. ¯\_(ツ)_/¯
Chaos is never good for business, but the reality is that it’s the state in which many companies live on a daily basis. The global pandemic shut down offices and dispersed workforces to employees’ homes and other socially-distanced locations. Without data governance plans to support remote workers, employees scavenged for, and used, tools and processes that helped them get their jobs done, often with little regard for long-time implications or risk to the company.
