Tag Archive for: Understand

What Your SSE’s CASBs Don’t Understand

/in


What Your SSE’s CASBs Don’t Understand

Ten years ago, SaaS data security was not a big concern—since most corporate data was stored in on-prem or homegrown applications. Then, SaaS adoption exploded thanks to improved productivity, lower operational costs and ease of use. Today, SaaS applications are standard across all major verticals and industries worldwide. Every organizational department uses SaaS applications to push business. Moreover, SaaS consumption patterns have evolved over time from internal-only access to collaborative, external access, as well as programmatic, API-based access.

However, early SaaS security solutions called cloud access security brokers (CASB) haven’t evolved alongside the new SaaS era. Initially, CASB solutions offered reverse and forward proxy modes, intended to sit between the end-user’s device and the web to enforce access controls on a network level. While effective in meeting multiple compliance requirement checkboxes and visualizing end-user activity, CASBs in proxy mode don’t understand how SaaS applications work.

Over the years, CASB vendors have introduced secure access service edge (SASE) and zero trust network access (ZTNA) capabilities, eliminating the need for a physical VPN and enabling secure remote access from any network and device. This opened an enormous market for disruption that eventually put SASE at the forefront of leading security vendors.

From there, a new cross-product category emerged to combine ZTNA, CASB and secure web gateway (SWG) into one consolidated offering: security service edge (SSE). Vendors are incentivized to sell as a platform, which makes sense for many reasons (low total cost of ownership, single interface, single support team, single documentation, etc). Yet this bundle still relies on 10-year-old CASB API technology and, again, doesn’t understand how SaaS applications work.

SSE vendors offer a so-called modern CASB in API mode; however, technological gaps in their implementation and architecture pose significant risks in preventing SaaS application data breaches.

SSE vendors had begun to use the SSL proxy capabilities of SWG in front of SaaS applications to decrypt, inspect and…

Source…

Elastio uses reverse engineering to better understand increasingly sophisticated ransomware

/in


Ransomware is on the minds of most corporations today, with a big concern about the impact of getting hit on day-to-day operations. Various solutions have emerged to help mitigate those headaches, including when it comes to cloud-native and cloud services.

The operating model in the cloud is much different than it is on-prem, according to Najaf Husain (pictured), founder and chief executive officer of Elastio Software Inc. That means there’s a very different strategy in place when it comes to technologies in the cloud to make things work, scale and be cost-performant for customers.

“We started out with the cloud in mind. All our technologies [are] focused on the cloud,” Husain said. “We work today on Amazon, you’ll see us go to multiple clouds soon — namely Azure, [Google Cloud Platform], the big triumvirate — but that’s where we start. Usually, the personas we focus on are the cloud security folks. Also, the infrastructure people get involved as well because it’s data. So, we’re kind of in between both of them.”

Husain spoke with theCUBE industry analyst John Furrier at the “Cybersecurity” AWS Startup Showcase event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the secret sauce of Elastio’s solutions and technology, along with the problems it aims to solve. (* Disclosure below.)

Knowing what’s in the data

Elastio is available out of the AWS Marketplace and works with a lot of Microsoft Corp. partners currently. The company also has a team that works with customers directly to get them deployed, with the product installed in 10 minutes through a cloud formation template, according to Husain.

“One thing that’s very unique about what we do, everything’s operated in the customer VPC,” he said. “So, it lives in the customer account, so the data never leaves that account. That’s a very important component of the platform.”

When it comes to Elastio’s core technologies, there are several areas at play, including the company’s deep inspection, its data integrity engine, and its ability to finally detect ransomware, malware and corruption inside data, according to…

Source…

Ransomware’s a bigger threat — to business and beyond — than many understand

/in


One of the most under-reported — and harmful — phenomena in Canada is ransomware attacks.

Recent high-profile ransomware attempts, the most common form of cyberattack, have obscured how pervasive the problem is, and how urgent the need to better guard against it.

It is estimated that in Canada this year there will be such an attack every 11 seconds. Most of them go unreported to law enforcement, and the problem will get worse if that continues.

A ransomware attack occurs when cybercriminals install malware in your computer network that encrypts your data so that you no longer have access to it. They then demand a ransom, usually payable in Bitcoin or another cryptocurrency, to “unlock” it.

Until recently, almost all ransomware victims in Canada were small and medium-sized businesses (SME). In fact, a 2019 survey of Canadian SMEs found that every one of them had faced a cyber threat, and 58 per cent reported that their data systems had been breached. (Some leading SME protections against ransomware appear near the end of this article.)

Three major shifts in ransomware activity are now underway.

First, cyber-thieves are raising their sights. They’re targeting bigger enterprises — in the public, private and non-profit sectors — and average ransom demands have skyrocketed, from an average of $5,000 in 2019 to the $82-million ransom paid in 2020 by attack victim United Health Services Inc., one of America’s largest hospital chains.

Second, ransomware attackers are no longer merely encrypting data, but stealing it as well. That way, if the victim refuses to pay the ransom, the attacker can threaten to sell your data on the black market or post it all over the internet.

That, in turn, opens the door to regulatory censure and class-action lawsuits against the victim over its failure to protect sensitive data on customers, suppliers, financial institutions and others with whom it does business. The victim’s data in the wrong hands is not only a problem for the victim, but for countless third parties whose own data, in the victim’s care, has also been compromised.

And third, information technology (IT) systems and operational technology (OT), once segregated, have…

Source…