The recent SolarWinds hack marks an important milestone for the cyber landscape

Not only does it demonstrate the growing sophistication of supply chain attacks equally, it highlights the urgent need for appropriate and comprehensive combative solutions such as NDR.

Physical security solutions stretch far beyond the perimeter of a building.

While access control systems and security personnel may often be deployed to control comings and goings, other technologies are regularly deployed within the confines of a property as a more holistic way of monitoring activity and ensuring occupant safety. From identification cards and surveillance systems, to automated central locking systems and alarms, you dont have to look far to find a multitude of measures in place.

The question is, why should this be any different for cyber security?

Data breaches are becoming increasingly hard to spot, the recent SolarWinds supply chain incident being a case in point.

During the attack, hackers successfully imbedded malicious code in an update scheduled for SolarWinds Orion software platform, used by many high-profile organisations including Fortune 500 companies and US government agencies. When the update was released, 18,000 firms installed it, providing the hackers with the means to further infiltrate their chosen networks.

The incident has demonstrated the growing sophistication and complexity of cyber attacks. Not only was a trusted software from a major software enterprise leveraged to allow attackers to hide in plain sight, but the dwell time that they achieved is alarming. It is said that Orion updates launched as early as March 2020 had been infected, yet the breach was not publicly reported until December 2020 nine months later.

Such a lengthy period shows the competency of hackers in staying incognito.

In supply chain attacks, access is typically first gained through phishing techniques, such as an email that has been crafted to look like its from a reliable internal or external source.

If successful, the attacker gains access and unless impeded can move laterally throughout a network while avoiding detection by exploiting native tools in what is called a living off the land strategy. In the case of the SolarWinds breach, the threat actors compromised the firms Microsoft 365 environment, for example.

Living off the land is often slow and methodical, so as to not raise suspicion. Investigations into the SolarWinds breach showed that commercial cloud servers were used to mask communications in otherwise monotonous traffic by acting as the command-and-control centres for the attack. Further, signature-based detection solutions, reliant on historical data, did not raise any alarm as newly created malware was used.

The case for network detection and response tools

If nothing else, the Orion compromise has shown the shortcomings of signature-based detection technologies and the need for organisations to adopt a more resolute cyber protection posture.

The acceptance that security breaches occur because of a vulnerability being exploited by attackers is simply outdated. Indeed, the Orion instance demonstrates how breaches may be executed through highly effective insidious engineering techniques.

Old school defence solutions such as signature-based anti-virus software, sandboxing, IDS and firewall are no longer adequate, providing little to no protection beyond a breach. Likewise, security operations centres (SOCs) still focus on identifying anomalies in user activities through logs that are often too simplistic to effectively identify sophisticated lateral movement.

Given the intricacy of the SolarWinds attack, comprehensive detection solutions capable of identifying extremely subtle changes are needed in the modern environment.

So, what is the answer?

There is a strong case to be made for network detection and response (NDR) tools. Powered by cutting-edge artificial intelligence and analytics capabilities, these technologies can flag any sign of suspicious activity by offering holistic oversight of an entire organisations IT and cloud network infrastructure.

They can be the difference between shutting down an attack before the exfiltration of data and extensive lateral movement and compromise.

NDRs use of AI is crucial. Capable of analysing vast amounts of data in a matter of moments, they provide real-time early warning and continuous visibility across the attack progression without any dependency on IoCs, signatures, or other model updates.

They are able to see through evasion tactics and detect the emergence of tunnels immediately, giving SOC teams the best opportunity of tracking and stopping attackers early in the kill chain.

For technology providers like SolarWinds, NDR solutions can provide an effective means of preventing source code from being tampered with. For end-users, meanwhile, they will prevent lateral movement should a Trojanised product slip through the net.

Supply chain attacks remain a challenge. As recently as February 2021, an ethical hacker managed to breach the systems of 35 firms including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla and Uber via a novel software supply chain attack.

They are highly lucrative and there is no doubt they will continue to persist through 2021 and beyond. Being proactive with the deployment of appropriate technologies such as NDR is, therefore, critical.

About the Author

Greg Cardiet is Senior Director of Security Engineering at Vectra. Vectra enables enterprises to immediately detect and respond to cyberattacks across cloud, data center, IT and IoT networks. As the leader in network detection and response (NDR), Vectra uses AI to empower the enterprise SOC to automate threat discovery, prioritization, hunting and response. Vectra is Security that thinks. http://www.vectra.ai

Featured image: 20Twenty

Here is the original post:
The missing link securing the supply chain - TechNative

Any time a server maker comes into the global market and bypasses Cisco Systems, Lenovo, and IBM to become the third largest seller of machines in the world, you should pay attention. This is precisely what Inspur Information, the server unit of Chinese IT supplier Inspur Group, has accomplished, and it has done so with a combination of joint engineering with customers, high volume economics, and tight partnerships such as the one that the company has with server chip and chipset maker Intel.

Inspur has more than tripled its server revenues in 2020 to $7.7 billion from levels it had only four years earlier, driven in part by key server supplier relationships with the big three hyperscalers in China Alibaba, Baidu, and Tencent as well as an expanding presence in North America, Europe, and Africa. In early 2018, according to market data from IDC, Inspur was roughly the same size as a growing Lenovo, which has since plateaued, and in a dead heat with IBM and Cisco, both which Inspur has left in the dust. If current trends persist, in another four years Inspur will rival the server market leaders Dell Technologies and Hewlett Packard Enterprise.

One of the secrets to Inspurs success, as Rong Shen, vice president and general manager of the server product line at Inspur Information, tells The Next Platform, is its Joint Design Manufacturing, or JDM, approach, which brings together the best elements of an OEM and ODM under the same roof to serve customers. In the wake of the launch of the Ice Lake Xeon SP processors from Intel, we sat down with Shen and Anurag Handa, vice president in the Cloud and Enterprise Solutions of Intels Data Platforms Group, to talk about these new processors and the Inspur M6 server line that uses them.

We wanted to know more than feeds and speeds about the new processors and the systems that use them. We wanted to understand how much differentiation Inspur can offer truly compared to other server makers, and how much better bang for the buck it can deliver, too, as part of the overall value equation that it is bringing to bear to eat market share.

We also had a long talk about the challenges of being a server maker in the modern era. The days when you could build a two-socket server in a 1U and a 2U form factor with the difference mainly being memory and storage and I/O capacity are over. These days, systems have to be tuned for virtualized, containerized, AI, HPC, and even edge applications and they have very different requirements. This means server families are broader than they have been in the past, and it probably also means customers have to make tougher choices and manage a diverse mix of machines. Given all of this, what advice do Inspur and Intel have for customers? Find out by watching the interview.

Commissioned by Inspur

Featuring highlights, analysis, and stories from the week directly from us to your inbox with nothing in between.Subscribe now

See the article here:
Talking Servers With Inspur And Intel - The Next Platform

The business-driven explosion of demand for cloud-based services has made the need to provide highly secure cloud computing more urgent. Many businesses that work with sensitive data view the transition to the cloud with trepidation, which is not entirely without good reason.

For some time, the public cloud has actually been able to offer more protection than traditional on-site environments. Dedicated expert teams ensure that cloud servers, for example, maintain an optimal security posture against external threats.

But that level of security comes at a price. Those same extended teams increase insider exposure to private datawhich leads to a higher risk of an insider data breach and can complicate compliance efforts.

Recent developments in data security technologyin chips, software, and the cloud infrastructureare changing that. New security capabilities transform the public cloud into a trusted data-secure environment by effectively locking data access to insiders or external attackers

This eliminates the last security roadblock to full cloud migration for even the most sensitive data and applications. Leveraging this confidential cloud, organizations for the first time can now exclusively own their data, workloads, and applicationswherever they work.

Even some of the most security-conscious organizations in the world are now seeing the confidential cloud as the safest option for the storage, processing, and management of their data. The attraction to the confidential cloud is based on the promise of exclusive data control and hardware-grade minimization of data risk.

Over the last year, theres been a great deal of talk about confidential computingincluding secure enclaves or TEEs (Trusted Execution Environments). These are now available in servers built on chips from Amazon Nitro Enclaves, Intel SGX (Software Guard Extensions), and AMD SEV (Secure Encrypted Virtualization).

The confidential cloud employs these technologies to establish a secure and impenetrable cryptographic perimeter that seamlessly extends from a hardware root of trust to protect data in use, at rest, and in motion.

Unlike the traditional layered security approaches that place barriers between data and bad actors or standalone encryption for storage or communication, the confidential cloud delivers strong data protection that is inseparable from the data itself. This in turn eliminates the need for traditional perimeter security layers, while putting data owners in exclusive control wherever their data is stored, transmitted, or used.

The resulting confidential cloud is similar in concept to network micro-segmentation and resource virtualization. But instead of isolating and controlling only network communications, the confidential cloud extends data encryption and resource isolation across all of the fundamental elements of IT, compute, storage, and communications.

The confidential cloud brings together everything needed to confidentially run any workload in a trusted environment isolated from CloudOps insiders, malicious software, or would-be attackers.

This also means workloads remain secure even in the event a server is physically compromised. Even an attacker with root-access to a server would be effectively prevented from seeing data or gaining access to data and applicationaffording a level of security traditional micro-segmentation cant today.

A strong argument can already be made that reputable major cloud providers deliver both the resources and focus needed to secure a vast majority of internal IT infrastructure. But data-open clouds bring the risk of greater data exposure to insiders, as well as the inability to lock down a trusted environment under the total control of the CISO.

Data exposure has manifested itself in some of the most publicized breaches to date. CapitalOne became the poster child for insider data exposure in the cloud when its data was breached by an AWS employee.

Implementing a confidential cloud eliminates the potential for cloud insiders to have exposure to data, closing the data attack surface that is otherwise left exposed at the cloud provider. Data controls extend wherever data might otherwise be exposedincluding in storage, over the network, and in multiple clouds.

OEM software and SaaS vendors are already building confidential clouds today to protect their applications. Redis recently announced a secure version of their high-performance software to run over multiple secure computing environmentscredibly creating what may be the worlds most secure commercial database.

Azure confidential computing has partnered with confidential cloud vendors to enable the secure formation and execution of any workload over existing infrastructure without any modification of the underlying application. Support for similarly transparent multi-cloud Kubernetes support isnt far behind.

Taking advantage of confidential computing previously required code modifications to run applications. This is because initial confidential computing technologies focused on protecting memory. Applications had to be modified to run selected sensitive code in protected memory segments. The need to rewrite and recompile applications was a heavy lift for most companiesand isnt even possible in the case of legacy or off the shelf packages.

A new lift and shift implementation path enables enterprises to create, test, and deploy sensitive data workloads within a protected confidential cloud without modifying or recompiling the application. Nearly all cloud providers, including Amazon, Azure, and Google, offer confidential cloud-enabling infrastructure today.

Confidential cloud software allows applications and even whole environments to work within a confidential cloud formation with no modification. Added layers of software abstraction and virtualization have the advantage of making the confidential cloud itself agnostic to the numerous proprietary enclave technologies and versions developed by Intel, AMD, Amazon, and ARM.

A new generation of security vendors has simplified the process to implement private test and demo environments for prospective customers of the public cloud. This speeds the process to both enclave private applications and generate full-blown confidential cloud infrastructure.

Data security is the last barrier to migrating applications to the cloud and consolidating IT resources. The resolution of cloud security flaws took a great step in migrating all but the most sensitive application and data. Eliminating data vulnerability opens a broad new opportunity for businesses to simply deploy a new and intrinsically secure hosted IT infrastructure built upon the confidential cloud.

Excerpt from:
The next big thing in cloud computing? Shh It's confidential - Help Net Security

Cybersecurity

The Cybersecurity and Infrastructure Security Agency has pilot programs underway with multiple departments and agencies to experiment with aggregating cloud logs to a warehouse which in turn will feed the agency's data analysis efforts.

CISA wants to "see if it's possible to send their logs to our aggregation point and make sense of them as a community together," Brian Gattoni, CISA's chief technology officer, said on Wednesday at an event hosted by FCW. "We've run pilots through the [Continuous Diagnostics and Mitigation] program team, through our capacity building team to look at end point visibility capabilities to see if that closes the visibility gap for us."

So far what the agency has learned, Gattoni said, is that "technology is rarely the barrier. There's a lot of policy and legal and contractual and then just rote business process things to work out to make the best use of features in technology that are available to us."

Network visibility is a hot topic among government officials and lawmakers in the wake of the intrusions involving SolarWinds and Microsoft Exchange servers. CISA officials in public settings have made clear the government's current programs were not designed to monitor the vectors that Russian intelligence agents exploited during their espionage campaign.

At the same time, top intelligence chiefs such as Gen. Paul Nakasone, the head of the National Security Agency and U.S. Cyber Command, have warned foreign operatives are exploiting the fact the U.S. intelligence community is unable to freely surveil domestic infrastructure without a warrant.

Nakasone has also signaled he will not make any request for new authorities to monitor domestic networks, despite several lawmakers inviting him to do so.

This has prompted CISA to begin seeking out new capabilities that give the cybersecurity watchdog a clearer picture on individual end points in agency networks.

"For this reason, CISA is urgently moving our detective capabilities from that perimeter layer into agency networks to focus on these end points, the servers and workstations where we're seeing adversary activity today," Eric Goldstein, a top CISA official told House lawmakers at a March hearing.

Gattoni said during his panel discussion that some cloud providers already have the infrastructure built into their service that would aid CISA in gathering the security information it wants to aggregate, but he also said the federal government can't depend on that always being the case.

"There's a lot of slips between the cup and the lip when it comes to data access rights for third party services, so we at CISA have got to explore the use of our programs like [CDM] as way to establish visibility and also look at possibly building out our own capabilities to close any visibility gaps that may still persist," he said.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.

See the article here:
CISA experiments with cloud log aggregation to ID threats - FCW.com

A Systemic Approach

Business analytics and data visualization applications, database software, data science and data engineering toolsall are critical components of a comprehensive initiative to leverage a business data assets for competitive gain.

But all those components run on hardware servers, operating software and cloud platforms that pull all those pieces together.

As part of the 2021 Big Data 100, CRN has compiled a list of major system and cloud platform companies that solution providers should be aware of. They include major computer system vendors like Dell Technologies, Hewlett Packard Enterprise and IBM that provide servers and operating software packaged for big data applications; cloud service providers like Amazon Web Services, Google and Snowflake that offer cloud-based big data services; and leading big data software developers including Microsoft, Oracle and SAP.

This week CRN is running the Big Data 100 list in slide shows, organized by technology category, with vendors of business analytics software, database systems, data management and integration software, data science and machine learning tools, and big data systems and platforms.

(Some vendors market big data products that span multiple technology categories. They appear in the slideshow for the technology segment in which they are most prominent.)

See the article here:
The Coolest Big Data Systems And Platform Companies Of The 2021 Big Data 100 - CRN