Step up your security posture with real time threat response.

Author: Keshav Kamble

Introduction

Incidence Response (IR) is a thought-provoking topic for discussions with CISO/CIOs and security architects. Consider a scenario where a burglary is in progress. The alarms are sounding and the monitoring cameras are recording the act in real time. Unfortunately, the burglars are masked men acting swiftly. They complete their crime and flee even before the first responders arrive at the scene. This, despite the fact that the Response Time (RT) is supposed to be under 4 minutes in parts of California.

Now consider the same scenario but the burglars are 10 million times faster and the response time is still a few minutes. Not much would be left to salvage.

This is the state of many Enterprise Security Operations Centers (SOC) today. Incidence response is a critical part of the SOC’s responsibilities but the Security Operators are not equipped with the right tools to respond to data breaches and application security threats in micro-seconds versus at best, minutes.

What are the problems?

The Advanced Security Operations Center’s primary tasks are continuous monitoring, incident & breach response, and upgrading the enterprise security posture based on a continuous feedback loop. For such complex tasks, there is a multitude of tools and monitoring platforms available. Aided with Security Information and Event Management (SIEM), log analytics, transaction co-relations, behavior analytics and other tools, SOCs have been constantly trying to stay ahead of the threats. Despite the availability of these tools, three main problems with SOC’s responses still remain unresolved:

  1. Incidence response is very slow.
  2. Incidence response is based on limited or no understanding of the affected application and threats.
  3. Large numbers of false positives.

 

Mr. Rishi Shah, CEO of AptusCare, provided a great analogy based on his deep knowledge of the healthcare business. “Medical doctors and surgeons diagnose and perform surgeries with deep knowledge and visibility into organs and cells. To respond to emerging threats in enterprise applications, security professionals also need tools for deep visibility into application ecosystems and threats in real time!”

What are the options?

I completely agree with Mr. Shah as he pointed out the recent example of the ransomware attack on Fetal Diagnostic Institute of the Pacificwhich affected more than 40 thousand patient records. For security professionals to respond to emerging threats in real time, they require powerful platforms with real time capabilitiesthat identify threats, remediate the threats and provide deep application visibility.

Unfortunately, current methods for threat interception are inadequate.  They are too complicated, too analytical, and too slow and too often fail.If intercepting threats is so critical, why don’t existing solutions do it better?

Colonel USAF (Ret.) Mr. Michael Hodgeemphatically suggests, “For real time incidence response, any viable solution must optimize on the following two variables:

  1. The certainty of threat interception 
  2. The time it takes to mitigate the threat

In addition, these capabilities must be available with zero impact to application architecture, performance and DevSecOps.

To learn more about Avocado and how we can help you stepup your security posture with real time threat response, visit http://www.avocadosys.com. You can also email us at: hello@avocadosystems.netto set up a personalized demo.

Step up your threat detection with a deterministic security platform.

Author: Keshav Kamble

Introduction

Over the past few months, I have spoken withdozens of partners, customers, and security visionaries. Everyone believes that the data center and cloud security ecosystems are evolving rapidly. While everyone has a different opinion on how to approach their security issues, they all agree on one central point: If we can catch a threat, we can deal with it.

What companies need now are smart approaches to threat detection.

Unfortunately, current methods for threat interception are inadequate.  They are too complicated, too analytical, and too slow and too often fail.

If intercepting threats is so critical, why don’t existing solutions do it better?

It’s clear that you can’t deal with something you don’t know exists. As a result, any viable solution must optimize on two variables:

1) The certainty of threat interception 

2) The time it takes to intercept the threat

Cloud Security requires innovative approach to threat detection focused on getting these two variables right.

First step requires identifying the threat deterministically. Deterministic threat detectionalso means solving grey-area problems related to the growing number of false positives that security staffs deal waste resources dealingwith.

Second step involve, extraction ofthe right detail from the event to understand the threat and its source. There is a delicate balance here: too little detail about a threat means dealing with it poorly; too much means dealing with it too slowly.  That is why we group threats efficiently and collect the right amount of information to trigger the right actions.

What comes after threat interception?

Next, keep the threat in suspension until the right action is identified. This has to be lightning fast. Clearlywithout fast suspension, applications are slowedand scalability is reduced.

Finally, isolate the threat using a granular approach.  Current methods of preventing the lateral movement of threats inside the application eco-system are ineffective. Granular segmentation, on the other hand, does stop the lateral spread of threats and also protects the application and data systems.

So keep monitoring, interception, and mitigation in mind when you consider your application security.  Look for a reliable threat identification and interception system that gives you greater control over how you mitigate your threats.

For more information, read the Forrester report on the New Wave of Security Technology.

https://www.forrester.com/report/The+Forrester+New+Wave+Runtime+Application+SelfProtection+Q1+2018/-/E-RES142077

 

The Emergence of Deep Application Security, Segmentation and Compliance

Introduction

Various business regulatory bodies have defined methods of sensitive data handling based on the nature of the business. Rapidly changing compute, network and storage environments such as private, public and hybrid cloud necessitate constant upgrades in the security and compliance clauses. Highly scalable and dynamic application architectures such as containers, micro-services and third party API driven architectures are making DevOps efficient but at the same time increasing the complexity of security, segmentation and business compliance. In such environments, preparing for business compliance audits, producing all the required monitoring data and passing the compliance audits has become excruciatingly painful and expensive.

Read More

How to protect applications from third party services and APIs?

Introduction

Application architecture is rapidly changing from monolithic virtual machine based to containerized micro-services based. Micro-services provide the perfect agility and DevOps freedom that IT managers need. Scaled-out distributed applications consume local as well as web based services by service commissioning and subscription models. Web based services and REST APIs for consumption of those services have been largely accepted as an ideal model by the development and security operations community.

Read More

How to protect when credentials are stolen?

Introduction

Every CIO, CISO or CxO’s worst nightmare is the theft of their or their staff’s credentials and subsequent attacks and abuse using those credentials. Unfortunately, the problem is complex and two fold. First, the victim does not know when the theft occurred and second the theft comes into light only after performing forensics analysis of the attack which used those credentials.

Read More

Why are MongoDB deployments under attack?

Critical observations and thoughts.

Today, I wanted to discuss the most pressing problems which MongoDB based applications are suffering with. Worldwide the attacks on MongoDB including taking the database for hostage grew multi-fold in 2017 only. By some analysis, within one week of January 2017, these incidents grew to 28000.

Read More