Tag Archive for: Unified

Unified API Protection for Telcos and Mobile Carriers – Time to Value

/in


Largest Mobile Carrier Identified 4,600 APIs
in Days, not Weeks, or Months

The security team at the nation’s largest mobile carrier had a problem trying to obtain a consistent and complete inventory of the company’s sprawling API footprint. Business critical API-based applications were driving the mobile carrier’s day-to-day business of managing their mobile network, but the number of APIs were quickly outstripping their ability to keep track of them all.

Key Objectives: A Complete API Catalog

A 2021 security team objective was to obtain a complete running inventory of all their APIs within their organization to ensure that they understood their entire API footprint. Across the organization, they had software groups that supported API application development but worked independently of each other. What resulted was shadow APIs that were not cataloged and were without the oversight of the security team. However, because so many teams were associated with API development, and in the absence of API protection solutions, the cataloging process for both managed and unmanaged APIs was difficult, time-consuming, and lacked accuracy.

AppSec/API Security 2022

Scratching the Surface

When asked how many APIs they had, the security team replied that they had roughly 100 APIs that had been documented manually. They intuitively knew that they were only scratching the surface as there were (likely) hundreds if not thousands of APIs still unaccounted for and not within their existing API catalog.

API Sentinel Automates API Discovery

Cequence introduced API Sentinel to the security team and a proof of concept (PoC) was kicked off. By deploying API Sentinel, in just a matter of days, they were able to discover over 4,600 API endpoints that were active across their infrastructure – a 98% increase in API visibility and inventory over what the security team had just days prior to the introduction of Cequence. Moreover, they were able to obtain deep security insights that included the following:

  • 6 sensitive data exposure incidents where customer ID, account number and other related business sensitive data was exposed.
  • 5 instances of user authentication issues where username and passwords were exposed in cleartext,…

Source…

OIG: DHS Needs a Unified Strategy to Counter Disinformation

/in


The Office of Inspector General (OIG) says the Department of Homeland Security (DHS) needs a unified strategy to counter disinformation campaigns.

Cyber attacks, intellectual property theft, and state-sponsored disinformation campaigns against the United States have increased significantly in recent years. DHS began internal and external coordination efforts in 2018 when former DHS Secretary Kirstjen Nielsen established the Countering Foreign Influence Task Force to focus on election infrastructure disinformation appearing in social media. Also in 2018, the Cybersecurity and Infrastructure Security Agency (CISA) started notifying social media platforms or appropriate law enforcement officials when voting-related disinformation appeared in social media. These early efforts were predominantly focused on disinformation campaigns that pertained to election infrastructure before also including COVID-19 bogus claims and other mis-, dis- and malinformation (MDM). 

Today, internet users can be vulnerable to a wide variety of MDM and propaganda campaigns that appear in social media. False news, such as misinformation, disinformation, and malinformation are used to shape public opinion, undermine trust, amplify division, and sow discord. Mobile devices and smartphones further enable individuals and groups to rapidly share content, including disinformation and misinformation. This content may include hyperlinks to media articles and other web-based content, such as images and videos, that may have been manipulated to spread disinformation and misinformation, referred to as “deepfake” information. Deepfakes could be used to generate inflammatory content such as convincing video of U.S. military personnel engaged in war crimes intended to radicalize populations, recruit terrorists, or incite violence.

Certain countries were far more likely than others to be targeted by foreign disinformation operations. Based on publicly available information from Facebook and Twitter, the three countries most targeted by foreign actors were the United States, the United Kingdom, and Egypt. Disinformation campaigns that targeted the United States include a foreign entity offering to pay social media…

Source…

Unified cyber security task force by March: Source | India News

/in


NEW DELHI: Alarmed at the growing danger from cyberattacks and threats to national security, the government is in the process of setting up a unified national-level cyber security task force with a special focus on the risks emanating from the telecom sector.
The move comes at a time when the government is also finalising a “trusted sources” list for procuring telecom gear as the country moves towards 5G and other sophisticated telecom and immersive technologies, but with negligible procurement from China and other countries inimical to India’s security interests.

“The PMO has been informed about the efforts to explore the possibility of setting up a sub department for Telecom Cyber Security under a unified national level cyber security task force instead of setting up a separate task force under the telecom ministry,” a source said, adding that the task force is expected to be in place by March next year.
The telecom department will develop an internal task force with the relevant skill sets and capabilities required specifically for the telecom sector. “This sub task force will work in conjunction with the unified national-level cyber security task force that has been envisaged,” the source said, adding that 20 officers have already been identified for getting embedded into the project. “There are also plans to add more officers, with specialised skills sets, to this team as we move forward,” the source said.
The current cyber threats are handled by the specialised Indian Computer Emergency Response Team or CERT-In, which operates under the Ministry of Electronics and IT. It is the nodal agency to deal with cyber security threats like hacking and phishing, and strengthens security-related defence of the Indian internet domain. However, with the cyberattacks getting more sophisticated, the government has increasingly felt the need to have a specialised unified task force that acts on inputs not only from security and cyber forces from within the country, but also from inputs from ‘like-minded friendly countries’ from across the world.
Speaking at the Sydney Dialogue recently, PM Narendra Modi had also called for democracies to work together in cyberspace to…

Source…

Taking a unified approach to delivering WiFi connectivity and security

/in


Nowadays, teleworking or following a hybrid work model has become commonplace. The question we need to ask ourselves is, is our remote connection secure? The National Security Agency (NSA) in the United States has published a best practices info sheet for government workers and contractors working in areas related to national security and defense. The info sheet supplies advice on how to avoid cyber attacks due to a compromised or unsecured wireless connection.

The dangerous weakness of public WiFi

Public networks are always the weakest link in the chain and hackers know this. Hacking into a WiFi connection is very simple and doing so can give cyber criminals access, in the worst-case scenario, to corporate servers where they can inject malware. Moreover, a wireless connection breach is very expensive: TJ Maxx quantified the cost for a corporation of a single security breach at $1 billion.

Given the sensitive nature of the information handled by the NSA, the NSA provides a list of do’s and don’ts to follow for remote connections:

  • First, avoid, if possible, connecting to an unreliable WiFi network and, failing that, use a corporate access hotspot with a strong encrypted connection. But if there is no alternative, protect the connection as outlined below.
  • Use a trusted VPN connection that encrypts data transmission. The agency points out that public WiFi connections are not usually encrypted and, in some cases, do not even require an access password. Some hackers create malicious wireless networks as bait, which emulate existing ones and use them to access the connected device.
  • The NSA also recommends only connecting to websites that use the HTTPS protocol.
  • Finally, the agency recommends disabling Bluetooth in public places as there are too many risks involved.

In addition to the complexity of achieving a secure remote connection, there is the challenge of using many security solution providers, which is a huge obstacle to effective security service management. Currently, 96% of MSPs surveyed by Pulse and WatchGuard are consolidating vendors to IT products and services or planning to start the process in 2021/2022 to help this situation.

New WiFi 6 access points now in…

Source…