Tag: asset | Page 2

Tag Archive for: asset

CrowdStrike Introduces CrowdStrike Asset Graph to Help Organizations Proactively Identify and Eliminate Blind Spots

June 11, 2022/in Mobile Security

AUSTIN, Texas and RSA Conference 2022, SAN FRANCISCO – June 6, 2022 – CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today introduced CrowdStrike Asset Graph, a new graph database powered by the CrowdStrike Security Cloud that provides IT and security leaders with a 360-degree view into all assets (both managed and unmanaged) alongside unprecedented visibility into their attack surface across devices, users, accounts, applications, cloud workloads, operational technology (OT) and more to simplify IT operations and stop breaches.

As organizations accelerate their digital transformation, they are expanding their attack surface exponentially. This has dramatically increased their risk exposure to adversaries who are discovering and exploiting these soft targets and vulnerabilities faster than IT and security teams can discover them. Visibility is one of the foundational principles of cybersecurity because you cannot secure and defend the assets you don’t know exist. This, in turn, creates a race between adversaries and companies’ IT and security teams to find these blind spots. According to a 2022 report from Enterprise Strategy Group (ESG), “69% of organizations have experienced a cyberattack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.”

CrowdStrike Asset Graph solves this problem by dynamically monitoring and tracking the complex interactions between assets, providing a single holistic view of the risks those assets pose. While other solutions simply provide a list of assets without context, Asset Graph provides graphic visualizations of the relationships between all assets such as devices, users, accounts, applications, cloud workloads and OT, along with the rich context necessary for proper security hygiene and proactive security posture management to reduce risk in their organizations.

“Digital transformation has led to an equal and pronounced acceleration of security transformation in the modern enterprise. For companies furthest along on this journey, IT operations and security teams – once distinct silos – are…

Source…

3 steps to better asset management in healthcare

December 19, 2021/in Internet Security

In part one of this series, we identified the many challenges to proper asset management in healthcare. In part two, we cover solutions to help hospitals and healthcare systems improve asset management and medical device security.

With the proliferation of IoT and connected OT devices in hospitals, asset management – the process of creating an inventory of the devices connected to a network – is increasingly difficult. Yet, it is a crucial component of healthcare cybersecurity. In fact, asset management ranks as a top priority for cybersecurity preparedness by the National Institute of Standards & Technology (NIST), Center for Internet Security (CIS), and the European Banking Authority.

Further, the Covid-19 pandemic has stretched hospital resources thin, with the influx in patients, staffing shortages, and shrinking budgets. It has also introduced new security challenges, with ransomware attempts on hospitals increasing 123% last year, impacting revenue, healthcare practitioners’ ability to provide care, and patient outcomes, as evidenced by the 2019 attack on Alabama-based Springhill Medical Center resulting in the first potential ransomware-related death. Visibility into hospital networks and the devices connected to them has become life or death – after all, you can’t secure what you don’t know is there.

However, despite its importance, many hospitals still don’t have the IT or security resources needed to accurately track device inventory. New processes, policies, and tools are needed to ensure an accurate and holistic inventory so that hospital networks and devices can be secured. It is worth noting, however, that asset management is just one component of improving security for healthcare systems, and additional steps and tools are needed to improve the overall security posture of our critical healthcare infrastructure.

Challenges to asset management in healthcare

Cybersecurity Ventures estimates that the healthcare industry in total will spend only $125 billion annually on cybersecurity by 2025, while the financial services industry spends an average of 10% of revenue or $2,300 per employee on cybersecurity per year, with Bank of America’s costs reaching…

Source…

Judge Rips Drug Task Force For Going On Asset Forfeiture ‘Shopping Sprees’

April 4, 2019/in Internet Security

A Pennsylvania judge has delivered an earful to the York County Drug Task Force and its handling of property forfeitures. Christopher Hawkins, represented by Korey Leslie (who was kind enough to email me the ruling the York Dispatch couldn’t be bothered to post with its article), challenged the seizure of two vehicles and a bunch of electronics from his house. Hawkins was arrested after a controlled heroin purchase. There appears to be no question Hawkins participated in drug dealing. But that doesn’t excuse the government’s decision to take two cars and some TVs from him as “evidence.”

Judge Craig T. Trebilcock doesn’t like anything about the Task Force’s seizures, since it appears to be more concerned with taking things with resale value, rather than property with an actual nexus to drug distribution. The opinion [PDF] repeatedly calls Task Force detectives out for their lack of credibility and the dollar signs continually dancing in their eyes. The Task Force originally seized four vehicles from Hawkins before returning two of them for a lack of drug nexus. But it still couldn’t connect the two it kept.

Detective S. testified that the Dodge Neon and the Mercedes were kept by the police because “we thought there was clear and convincing nexus between drugs and those vehicles” However, no credible facts were provided by Detective S. to substantiate these conclusions. During cross examination. Detective S. indicated the vehicles did not play any role in the drug transactions on the 22nd or 23rd.

The only thing Detective S. offered as evidence of this drug nexus was a statement by Hawkins that he used the Mercedes to “meet people for money primary for drugs.” But, as the court notes, this statement was not corroborated by any other detectives involved in the arrest and seizure, nor was it recorded in any fashion. The court, however, knows exactly why these two vehicles were seized, even if the Task Force members won’t admit it.

Detective S. testified that there was no lien on either the Neon or Mercedes Benz, the apparent sole distinguishing factor as to why they were seized, instead of the other vehicles.

The detectives also couldn’t offer a good explanation for the seizure of two flatscreen TVs from the house. One claimed Hawkins wasn’t working, so he couldn’t have purchased them with legal funds. Again, the court points out Hawkins offered proof of his employment with a temp agency and lived with his girlfriend, who had a full-time job. And again, the court knows the Task Force just took the TVs because it thought it could turn them into cash quickly.

[T]here was no factual evidence to support the conclusion that Mr. Hawkins (or another resident) could not legitimately afford a television being present in his home. The task force seized the property simply because it had resale value.

The judge also calls out the perverse incentives that have led to the task force appearing before him repeatedly to forfeit televisions, video game systems, and vehicles — all without making much of an effort to tie these items to illegal activity.

Forfeitures… result in additional income streams to the very officers seizing the property, a source of concern to this Court.

The court notes that the state’s forfeiture laws are Constitutionally sound. But not when they’re applied the way the York County Task Force applies them. The court says the task force engages in “arbitrary” seizures that violate citizens’ due process rights. Then Judge Trebilcock hammers the point home:

This case is being decided on the facts of this case alone. It is important to note, however, that overzealous forfeiture actions by the Drug Task Force in the time frame of this case have not been isolated in nature. Dozens of forfeiture actions are brought before this court each year. While the property seized may vary from case to case, with some cases involving automobile, firearms or other property, a disconcerting pattern is evident that Drug Task Force officers seize big screen TVs that are present in the property regardless of any link to drug money or illegal activity. In addition, they disproportionately seize all game systems and video games, present in the property. The decision as to which property to seize is driven, in the words of Detective S., by which property has resale value.

The Drug Task Force does not seize furniture or clothing, silverware, or other items that have low resale value. They focus upon items that have high resale value. That is not a problem in itself, until the police begin to ignore that there must be a nexus to drug dealing or drug money to seize those higher high value assets. […] In this case the Drug Task Force personnel ignored the need for such a nexus and engaged in a shopping spree, for the benefit of their budget, based solely on the property’s resale value.

The court goes even further than this. It suggests the Drug Task Force also uses these seizures to coerce confessions or plea deals from defendants. It says it may not have happened in this case, but the court is sure it has happened in the past. Going forward, the York Drug Task Force will be under the microscope every time it tries to forfeit property.

[I]n the absence of reform and a greater demonstration of responsibility in future Drug Task Force practices, this issue will remain to be decided to the voluntariness of plea deals, questions of double jeopardy, and the personal or institutional liability/culpability of those officers who seize private property unlawfully.

In the future, Trebilcock’s court will also be requiring hearings for all forfeiture — hearings that defendants will be allowed to attend and testify at on their own behalf, even if they’re currently incarcerated. Trebilcock signs off his scathing opinion with this:

Taken in its entirety, the testimony of the officers in this case indicates that the police made the subjective assessment that the Defendant is too poor, absent drug dealing, to have nice possessions. This was nothing more than a hunch, unsupported by any investigative rigor, and clouded by an overzealous desire to forfeit the possessions.

Not enough judges are willing to go this far when criticizing law enforcement’s abusive practices. This probably won’t result in a come-to-Jesus moment for the Task Force, unfortunately. It may decide these drug cases now have a federal nexus and ask Uncle Sam to help them keep robbing people. But at least they know they’re no longer welcome to pull this bullshit in Trebilcock’s court, so it’s a start.

Permalink | Comments | Email This Story

Techdirt.

Supreme Court Says Civil Asset Forfeiture Violates Constitutional Protections Against Excessive Fines

February 22, 2019/in Internet Security

Great news on the asset forfeiture front, courtesy of the highest court in the land. The Supreme Court has ruled that forfeitures can violate the Eighth Amendment’s protections against excessive fines.

The case the Supreme Court ruled on deals with Indiana native Tyson Timbs. Timbs sold $ 260 worth of heroin to undercover officers. He pled guilty to criminal charges. The state decided to forfeit his $ 42,000 Land Rover via civil asset forfeiture, routing around the criminal system to make it easier for cops to make off with his vehicle. Timbs challenged this forfeiture as an excessive fine, given that the max fine for his criminal charges was $ 10,000.

This case made its way to the state’s Supreme Court, which overturned the lower court’s decision finding in favor of Timbs and the US Constitution, which Indiana had incorporated. The state’s highest court stated that this clause of the Eighth Amendment did not apply to civil asset forfeiture. This was a bizarre position to take, as the Supreme Court pointed out during oral arguments.

JUSTICE GORSUCH: Well, whatever the Excessive Fine Clause guarantees, we can argue, again, about its scope and in rem and in personam, but whatever it, in fact, is, it applies against the states, right?

MR. FISHER: Well, again, that depends.

JUSTICE GORSUCH: I mean, most — most of the incorporation cases took place in like the 1940s.

MR. FISHER: Right.

JUSTICE GORSUCH: And here we are in 2018 -

MR. FISHER: Right.

JUSTICE GORSUCH: — still litigating incorporation of the Bill of Rights. Really? Come on, General.

The Supreme Court’s decision [PDF] makes it clear the US Constitution protects citizens from excessive fines, even if those fines are meted out at the state level. If the Constitution has been incorporated by the states (and it has!), the protections apply.

Held: The Eighth Amendment’s Excessive Fines Clause is an incorporated protection applicable to the States under the Fourteenth Amendment’s Due Process Clause. Pp. 2–9. (a) The Fourteenth Amendment’s Due Process Clause incorporates and renders applicable to the States Bill of Rights protections “fundamental to our scheme of ordered liberty,” or “deeply rooted in this Nation’s history and tradition.” McDonald v. Chicago, 561 U. S. 742, 767 (alterations omitted). If a Bill of Rights protection is incorporated, there is no daylight between the federal and state conduct it prohibits or requires.

The state tried to argue the protections only covered in personam (vs. a person) forfeiture — the kind normally seen in criminal cases where property is seized as compensation for fines or as direct, provable ill-gotten goods obtained as the result of criminal activity.

In rem forfeiture — the civil route — lowers the evidentiary bar law enforcement must meet to take property away from citizens. In most cases, there are no criminal charges involved — only accusations of criminal origin that force citizens to prove a negative to reclaim their seized property.

Here’s where this decision has the chance to disrupt a majority of states’ civil asset forfeiture programs: the Supreme Court says these incorporated protections also apply to in rem seizures.

As a fallback, Indiana argues that the Excessive Fines Clause cannot be incorporated if it applies to civil in rem forfeitures. We disagree. In considering whether the Fourteenth Amendment incorporates a protection contained in the Bill of Rights, we ask whether the right guaranteed—not each and every particular application of that right—is fundamental or deeply rooted.

Indiana’s suggestion to the contrary is inconsistent with the approach we have taken in cases concerning novel applications of rights already deemed incorporated. For example, in Packingham v. North Carolina, 582 U. S. ___ (2017), we held that a North Carolina statute prohibiting registered sex offenders from accessing certain commonplace social media websites violated the First Amendment right to freedom of speech. In reaching this conclusion, we noted that the First Amendment’s Free Speech Clause was “applicable to the States under the Due Process Clause of the Fourteenth Amendment.” Id., at ___ (slip op., at 1). We did not, however, inquire whether the Free Speech Clause’s application specifically to social media websites was fundamental or deeply rooted. See also, e.g., Riley v. California, 573 U. S. 373 (2014) (holding, without separately considering incorporation, that States’ warrantless search of digital information stored on cell phones ordinarily violates the Fourth Amendment). Similarly here, regardless of whether application of the Excessive Fines Clause to civil in rem forfeitures is itself fundamental or deeply rooted, our conclusion that the Clause is incorporated remains unchanged.

So, the rhetorical question posed by this decision is one that’s going to be asked of hundreds of state-level civil asset forfeiture programs: if there are no criminal charges, wouldn’t ANY seizure of property be “excessive?” It certainly appears a lack of criminal charges would be fatal to in rem seizures, which almost always happen without accompanying charges. This case may not have been specifically about civil asset forfeiture, given Tyson Timbs’ guilty plea, but the state made it about it by refusing to acknowledge its incorporation of the Bill of Rights.

This may start a scramble by law enforcement to suss out just how much of the Bill of Rights their particular state has incorporated. Given the Supreme Court’s disdain for arguments to the contrary, pushing legal challenges to forfeiture programs uphill is a non-starter. This case was a 9-0 rout in favor of protecting Americans from excessive fines and fees — in this case taking the form of civil asset forfeiture. This hopefully will be the starting point for nationwide reform of these abusive programs.

Permalink | Comments | Email This Story

Techdirt.