zero day hero

WWCD: Staying One Step Ahead of the Attack

/in /by

Last month, Google announced the existence of CVE-2022-307, a zero-day vulnerability in Chrome and other Chromium-based browsers like Microsoft Edge that was already being actively exploited in the wild. What they didn’t say however, is how long the vulnerability had been exploited, or how long they had known about it before they patched it. Furthermore, while Google released a patch for the vulnerability at the same time as the announcement, the patch still required a browser update before it was remediated. 

With browser zero days being discovered all the time – and frequently not until they’ve already been exploited – how can companies protect themselves during the period between the initial exploitation and when they are able to install the latest browser update? 

What Would Conceal Do (#WWCD)?

Fortunately, infrastructure associated with these attacks is often discovered in the wild even before the zero-day can be fixed and is included in the intelligence sources ConcealBrowse relies on to make security decisions on behalf of the user. In these situations, ConcealBrowse can keep users safe even if their browser is still unable to stop a given attack.

Because ConcealBrowse checks every URL a browser is asked to load, it always has the latest information on indicators of compromise. This means that if a particular piece of infrastructure has already been associated with malicious activity, ConcealBrowse stops it from opening directly in the user’s local browser, and instead opens it in remote browser isolation. Even if the attack is successfully executed, the exploit is run on a virtual machine in the cloud that will be destroyed after the user’s session. The code is never executed in the user’s browser, so it can’t compromise the user’s device or your network. 

ConcealBrowse stays one step ahead of attackers and can protect user’s systems while software vendors discover vulnerabilities and develop and deploy patches. 

#BeCyberSmart – Let’s Talk About Phishing

/in /by

Let’s talk about phishing.  Phishing is the top action variety in social engineering breaches, causing over 60% according to Verizon’s Data Breach Investigation report for 2022.  Since 2016, phishing has seen an exponential increase in both the email click and do not click rates. Let’s be real – , phishing is an issue, and it is not going anywhere.  This week, the National Cybersecurity Alliance has talked a lot about recognizing and reporting phishing and discussed.  how it’s a problem that affects all businesses no matter the size. In fact, 30% of small businesses consider phishing attacks to be their top cybersecurity concern.

Recognize Phishing

According to CISA, phishing is defined as “Attacks that use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cyber Criminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks.”

Luckily, in this day and age, there is a lot that can be done to prevent users from falling victim to a phishing attempt.  First and foremost, users need to understand what they are looking for so that they can ‘see it so that they don’t click it’.  While signs can be subtle, the National Cybersecurity Alliance has provided eight tips on how to clearly spot a fake phishing email:

  1. –       Email contains an offer that is too good to be true
  2. –       Email contains language that is urgent, alarming or threatening
  3. –       Email contains poorly crafted writing with misspellings and bad grammar
  4. –       Email is very generic and not personalized to you as the user
  5. –       Email requests your personal information
  6. –       Email requires you to click on a link or attachment
  7. –       Email contains an odd business request
  8. –       Email address looks odd or unidentifiable

 

While these are not the only identifiable characteristics of a phishing email, these are among the most common.  The main takeaway here is that if you recognize an email as “phishy”, make sure you avoid it and report it.

Report Phishing

So, you think you have been phished?  Recognizing the fake email is the most important part of a phishing attempt.  Once a user has identified the phishing expedition, reporting the email to your IT manager or security officer can help ensure others do not fall victim to the same attempt.  Some companies may even have a built-in plugin as part of their email application to maximize the ease in reporting.  The most important thing here is NOT to click on any links.  After reporting, ensure the email is deleted and does not exist on any of your user devices.

Another important aspect of reporting is to ensure users report a phishing attempt even if they have fallen victim.  Sometimes a user does not realize they have been phished until they have clicked on a link or opened an attachment.  In these instances, users need to feel comfortable and empowered to reach out to their IT contact to report the phish so that the IT team can investigate and remediate ASAP.  This communication can minimize the damage and spread of the malware or other threats that may have been a part of the email.  This reality also highlights the importance of investing in a security tool that can minimize the impact of a malicious email.

Invest Against Social Engineering

The reality is, even with cybersecurity awareness training, users are still going to fall victim to clicking a phishing link.  As a result, it is important for organizations to explore their options to minimize the impact.  Here at Conceal, we are able to isolate a user’s session when they click on a malicious link, keeping the harmful content from ever accessing your organization’s network.  Through the investment of Conceal, you can protect your users from malware, spear phishing and browser-based cyber threats with clientless, zero-trust remote browser isolation.  To learn more, request a demo with one of our experts today!

Phishing scam abusing trust

WWCD: Defending Against Browser App Mode Abuse

/in /by

Bill Toulas at Bleeping Computer recently highlighted a new phishing technique in the wild that is designed to abuse user’s increased likelihood of trusting applications that appear to be desktop applications over those that appear inside a web browser.  As with many other types of attacks in the wild, these are designed to take advantage of the fact that experiences – and most security training – prime users to expect phishing and other malicious sites to look and behave a certain way.

In the attack Toulas describes, threat actors utilize a little-used feature in Chromium-based browsers to launch web pages in “application mode”. In application mode, the website loads in a clean browser window that hides all the tell-tale signs that the user is on a web site. There are no tabs, no URL bar, no toolbars, nor anything else that normally distinguishes a web application from a desktop one. Since users aren’t primed to suspect phishing pages to load in this type of environment, their guard may be down.

So, What Would Conceal Do (#WWCD)?

We have some good news: Conceal would stop this attack. Since ConcealBrowse protects users by scanning URLs and blocking or isolating them as appropriate, the user’s trust – or lack thereof – is irrelevant.

Let’s take a look at how the attack works, and how ConcealBrowse stops it.

  1. An attacker sends a user a Windows shortcut that launches a web page in Chromium application mode when clicked.
    Chromium application mode
  2. When the user clicks on the icon, the malicious page is loaded in a Window that mimics a desktop application but is actually a Chromium window without any of the usual UI elements.
    Desktop mimic
  3. Despite appearances, the page is still a normal web page and ConcealBrowse scans its URL as well as any other URLs it might call or load.
  4. Because Conceal’s decision engine has flagged the URL as malicious, the page is loaded in a virtual environment in the cloud instead of on the user’s computer.
    URL scan
  5. When the page tries to download a malicious file to the user’s computer, the file is scanned and stopped by ConcealBrowse.

ConcealBrowse protects users and organizations from the types of trust abuse that are commonly responsible for successful malware and phishing attacks like this one, regardless of how creative the technique. Want to learn more? Contact us for a demo today!

WWCD: How can ConcealBrowse stop abuse of trust?

/in /by

VirusTotal recently analyzed its trove of malware and associated metadata to identify ways attackers abuse users’ trust of big digital brands. Specifically, attackers focus on co-opting trusted domains and branding materials like official logos and icons to trick users into downloading and installing malware.

Current “state of the art” in avoiding these types of attacks relies on training end users to identify non-obvious signs that trusted brands are being used maliciously, and by scanning files on the endpoint after a user has already downloaded them. We all know from experience that, regardless of how much training users receive, they far too often let down their guard when they believe they are interacting with a trusted party. Fortunately, Conceal takes over the task of distrusting everything and isolating malicious activity regardless of the user’s perception of safety. So, What Would Conceal Do to subvert these types of attacks?

Check Everything

As the VirusTotal report points out, many of these types of attacks rely not only on humans’ propensity to trust certain brands, but also on defensive systems’ propensity to trust certain domains. Fortunately, ConcealBrowse checks every URI accessed by users or loaded in the background by web apps. Even if most resources accessed via squarespace.com are trustworthy, Conceal’s decision engine identifies the specific URI’s that aren’t and isolates them from the user’s machine.

When a URI is flagged as suspicious, it is opened in a container in the cloud where it can’t cause harm to the user’s system. Additionally, any files downloaded from isolated sites are first scanned in the cloud so that they can be blocked before they are ever sent to a user’s device. In these cases, even if a user or a security system trusts a domain, ConcealBrowse doesn’t.

Trust No One

While the VirusTotal report specifically discusses the use of trusted branding in file icons, we’ve also all seen phishing sites that display a trusted logo to lull victims into thinking they can safely enter their credentials. Again, where a user might be tricked into trusting the attacker, Conceal distrusts the attacker for them.

Using computer vision technology, ConcealBrowse can identify when trusted logos and branding are being misused by attackers and can block phishing sites before the user ever has the chance to compromise their information.

What Would Conceal Do (#WWCD)?

Long ago, attackers figured out how to take advantage of peoples’ trust biases to bypass defenses designed to protect us from the untrustworthy. Fortunately, as more and more zero trust technologies – like ConcealBrowse – provide the necessary distrust, these types of attacks will become less and less successful.

We are excited to empower every individual to protect their personal data from cybercrime throughout this cybersecurity education campaign.  Stay in the loop on all the great content we will be releasing by bookmarking our NCAM landing page.

Visit the NCSAM landing page

Welcome to National Cybersecurity Awareness Month!

/in /by

We are thrilled to announce that we are an official champion of National Cybersecurity Awareness Month (NCSAM)!  What is NCSAM you ask?  It’s only the best month of the year for the cybersecurity community!  NCSAM started 19 years ago as a partnership between the National Cybersecurity Alliance (NCA) and the U.S. Department of Homeland Security (DHS).  The campaign gives our industry the opportunity to collaborate between government and the private sector so that the importance of online security can be addressed.  Each year, a new theme is strategized and shared with the public. This year the theme is…

See Yourself In Cyber

While most of the cybersecurity news articles are about massive data breaches and hackers, it can be overwhelming, leaving you feeling powerless. Cybersecurity Awareness Month is a great reminder that there are all kinds of methods to keeping your data protected and can make a huge difference even by practicing the most basic cybersecurity measures. Each week we will release a series of content on how you can instill one of the four healthy habits that the NCA and DHS has outlined and encourages individuals to take control of their online lives:

  1. Enable Multi-Factor Authentication
  2. Use Strong Passwords and a Password Manager
  3. Update Your Software
  4. Recognize and Report Phishing

Each behavior will be the star of the show for a week in October.  This week we are starting with Multi-Factor Authentication (MFA).  Foreshadowing the details to come regarding MFA, NCA found that nearly half (48%) of US/UK respondents say they have “never heard of MFA.”  As an important aspect of any identity and access management (IAM) strategy, this reality highlights the need to have a conversation surrounding IAM.  The following three weeks recognize security behaviors with similar statistics.

We love the concept of NCAM.  The tools and tactics discussed throughout the month are helpful to not just educate yourself but also useful for employees, customers, families and friends.  Every weekday this month, Conceal will be providing content relevant and in line to what NCA and DHS are featuring.

We are excited to empower every individual to protect their personal data from cybercrime throughout this cybersecurity education campaign.  Stay in the loop on all the great content we will be releasing by bookmarking our NCAM landing page.

Visit the NCSAM landing page

WWCD: Could Conceal Have Stopped Lapsus$?

/in /by

Could Conceal have stopped Lapsus$?

Several multinational companies have been in the news in recent months thanks to being victims of the prolific data extortion group known as Lapsus$. The most recent victims are Uber and Grand Theft Auto videogame producer Rockstar Games. However, Lapsus$ has been in the news for a majority of 2022 with successful attacks on Okta, Microsoft, Samsung, and others.

One of the group’s earliest high-profile attacks was against authentication management firm Okta, which is used by many companies to control access to all the software used by employees. Its role in the security chain meant that Okta’s security reputation is paramount to keeping the trust of its customers. Although Okta claimed it was able to contain the breach quickly, the high-profile attack meant that the company’s reputation suffered permanent damage.

Modus Operandi

So how does Lapsus$ operate? The group relies heavily on a combination of stolen credentials and social engineering to gain access to privileged accounts within a company. They then use that access to obtain sensitive data and demand a ransom to prevent the data’s release. The ransom demand is usually accompanied by a release of a sample of the data on publicly accessible channels, like Telegram, to put added pressure on the company to pay up.

The initial target of the attacks are typically peripheral employees or contractors that may be less knowledgeable about social engineering or might be less inclined to stringently follow security protocols. If the group can access sufficiently valuable data from this initial access, that could be the end of the attack. Otherwise, they use this initial access as a foothold to gather targeting information for further social engineering attacks against better-placed individuals in the target company.

Could these attacks have been prevented?

Lapsus$ expertly leverages the fact that people are not perfect. Regardless of training, they can be tricked into clicking malicious links, open malicious files, or provide multi-factor authentication tokens to third parties. The interactions between attacker and victim can happen on several channels, some of which are controlled by an organization and others that are not. There are several techniques that can be employed to prevent access escalation and limit what can be accessed once an attacker is in your network.  But, ten times out of ten, it’s better to keep them from ever getting access in the first place.

How could Conceal have helped?

No single product is a cyber security panacea, but ConcealBrowse could have blocked some of Lapsus$’s credential-stealing techniques before they started. One of Lapsus$’s techniques is to steal credentials to gain their initial access, including getting users to click on malicious links that download the credential theft software to the user’s computer. The group also buys credentials from the dark web, and many times the groups selling those credentials have used the same technique.

The most common methods to prevent these attacks include training users to identify the links and not click on them. As we’ve seen, this method relies on teaching 100% of users to make the correct decision 100% of the time. ConcealBrowse eliminates this need. ConcealBrowse is the eyes, ears, and brain that protect users regardless of where they click and isolate questionable websites in a remote browser in the cloud, where any software downloads or zero-day exploits can’t affect a user’s device.

Regardless of what decision they make, ConcealBrowse keeps them safe. #WWCD

Are You Ready for Mandatory Cybersecurity Disclosure?

/in /by

Here are the top 4 ways to prepare for the SEC’s recent cybersecurity proposal

Earlier this year, the SEC released recommendations for organizations suggesting disclosures surrounding cybersecurity. In the 129-page proposal, the SEC proposed rules for cybersecurity risk management, strategy, governance, and incident disclosure by public companies.  If accepted, these rules would be put in place as amendments to existing reporting and disclosure requirements. The goal of the proposed amendments is to better inform investors on an organization’s risk management strategy and governance surrounding cybersecurity incidents.

Amendment Details

Mandatory cybersecurity disclosures can seem daunting for organizations. Here is the breakdown of what you need to know about the three key aspects of the proposed amendment:

Governance

The overall governance surrounding an organization’s security program is a major component of the proposed amendments. While we will get to the governance surrounding risk management and cyber incidents in a minute, from a broader perspective, these proposed rules would require transparency to determine if organizations are investing and prioritizing cybersecurity as a key business function and value. By requiring disclosure on cybersecurity expertise on an organization’s board of directors, investors can draw many conclusions as it relates to the priority level the organization is giving to cybersecurity.  Understanding the board-level experience provides awareness to the board’s ability to provide guidance and insight to the CIO, CISO and other cybersecurity stakeholders.

Risk Management

Identifying and managing cybersecurity risk is currently not a required disclosure for organizations. Without an understanding of an organization’s approach to risk management, such as the policies and procedures for identification and management, investors are unable to use cyber risk management as a data point when deciding whether to invest in a company. For organizations that have a strong policy and procedure for cybersecurity risk management, this reporting requirement would add substantial value to a potential investor. For those that don’t, if the proposed amendment is approved, there will be significant benefit to investing in the improvement of the cyber risk management program.

Cybersecurity Incidents

With the proposed amendment, organizations would be required to report material cybersecurity incidents as well as provide updates on previously reported cybersecurity incidents. While the reporting of a cybersecurity incident brings risk to reputation, stock, public opinion and more, the way an organization handles the disclosure and overall response can also improve reputational opinions and business outlook. Nowadays, cyber incidents are likely to hit the media with or without the organization’s intent to publicly disclose the event. As a result, this portion of the proposed amendments does not have to be a daunting task, just something organizations can invest in as a proactive security task so that they are confident in their disclosure strategy when they do fall victim.

How to Prepare

  • Assess Organization’s Current Priority of Cybersecurity
    At the end of the day, the purpose of the recommended disclosures is to give investors an understanding of where cybersecurity falls on the priority list of an organization.  Looking at an organization’s board to see where cybersecurity experience sits or where there is an opportunity to invest is an effortless way to prepare for the proposed amendments. Additionally, the investment will provide value beyond meeting a requirement, giving the organization the upper hand to improve overall cyber resiliency.
  • Assess Current Risk Management Approach
    What policies and procedures are currently in place to guide the cyber risk management workstream?  Being able to quantifiably show the risk management approach’s success and continuous improvement will be a key advantage to getting investors on board but also to minimizing cybersecurity risk across the enterprise. Showing investments that are made to minimize risk, such as investing in proactive products, will allude to the dedication and priority of cybersecurity in an organization.
  • Assess Current Incident Response Program
    Primarily, organizations must have the mindset that it is not a matter of if but when their organization will fall victim to a cyber-attack. Once this mindset is understood, organizations can invest in a proactive incident response program to best prepare themselves to respond to a crisis. Drafting their overall response plan, playbooks for certain incidents, and disclosure statements, will minimize the inevitable stress and workload that comes with crisis management. Being ahead of the necessary disclosures required by the proposal will ensure your organization is able to handle their public disclosure and overall response strategy tastefully and at the best interest of the organization.
  • Ensure a Level of Assurance
    The ability to quantify the overall success of an organization’s cybersecurity strategy, specifically as it relates to risk management, incident response, and overall governance, will be key for the SEC’s proposal. Investing in solutions that can provide a level of assurance to risk management will speak even louder to investors than showing a document with a written policy or procedure.

Here at Conceal, we can provide a level of assurance to both incident response and risk management. By undertaking activities to prevent, detect and minimize the effects of a cybersecurity incident through the web, we lower an organization’s overall cybersecurity risk while also maximizing the value and success of an organization’s incident response when they do fall victim. Our product’s ability to minimize the effect of an incident will make the overall disclosure and public backlash minimal. Find out how ConcealBrowse, ConcealSearch, and ConcealCloud can each provide unique value to achieving the SEC proposed amendments by scheduling a demo today.

“CONCEALing” Browser Context Through our Patented SDN

/in /by

Threat actors can’t attack you if they can’t find you. With an additional layer of protection, you can make it much more difficult for attackers to trace web activity back to your organization or to find cloud applications and infrastructure that are critical to your business.

Key Characteristics

Conceal’s patented SDN removes digital context and physical attributes from data flowing over the internet and internet-accessible infrastructure. The extra layer of protection minimizes the likelihood of risky traffic compromising your network. In Verizon’s 2022 Data Breach Investigations Report, web applications were the number one vector of entry for bad actors and are connected to the highest number of DoS attacks. The Verizon report found that Basic Web Application Attacks (BWAA) largely focus on attacks that directly target an organization’s most exposed infrastructure, such as Web servers. Conceal’s patented SDN helps to minimize the opportunity for attackers to find exposed infrastructure by increasing privacy using intermediaries to acquire the commercial infrastructure used to implement the network. The dynamic design of our patented SDN removes context and provides extra layers of privacy and security to users and enterprises.

Conceal’s patented SDN helps organizations identify and isolate risky web traffic before it compromises your network through the monitoring capability as part of the additional layer of protection. Additionally, Conceal is able to move identified risky web traffic without affecting a user’s current session. The fidelity of the protection’s ability to monitor and isolate without affecting a user’s ongoing communications helps provide security assurance for web activity. The extra layer of protection moves the web traffic into a remote browser in an isolated environment without a user having to decide if they believe the web traffic is risky.

Our patented SDN encompasses all of Conceal’s offerings; from ConcealBrowse and ConcealSearch to ConcealCloud, our patented SDN was deliberately and carefully intertwined throughout our product suite to bring an unparalleled solution to the market to address web security.

Use Case

Law Enforcement agencies are faced with the insecurities surrounding intelligence collection. Whether the intelligence collection surrounds dark web monitoring, open-source intelligence, social media research, financial crimes, or internet crimes against children, these investigations come with a level of risk while leveraging the internet. Conceal fully supports operational mission capabilities aligned to law enforcement. Currently, Conceal is deployed in state and local law enforcement agencies and other investigative organizations. To help combat risks associated with mission-critical investigations, the following is accomplished through our product suite:

  • Open-Source Intelligence – Through the investment of our zero-trust browser isolation, ConcealSearch, users can conduct non-attributable, protected open-source research.
  • Social Media Research – By removing attribution of users through our ConcealSearch product, investigators can anonymously monitor social media sites and updates in real-time.
  • Financial Crimes and Intelligence – By leveraging ConcealSearch, users can conduct “follow-the-money” operations and capture and archive financial information without worrying about malicious sites or internet activity entering the network.
  • Internet Crimes Against Children – With ConcealSearch, law enforcement agents can investigate, track and conduct operations to combat crimes against children without jeopardizing their network or identity.
  • Dark Web Monitoring – Engage in dark web monitoring and activities without exposing your network and identity by investing in ConcealSearch.

Conceal’s patented SDN role in cybersecurity will continue to expand as the value of hiding user identities and technical information while simultaneously searching the web grows in importance.

4 Key Threats

4 Key Information Security Threats of 2022

/in /by

Vulnerabilities are one of the four key paths to your crown jewels. Here’s what you need to know to avoid exploitation.

Let’s be real, vulnerabilities are a main reason we are all here, employed in the field of cybersecurity. Organizations invest in cybersecurity as threats and vulnerabilities continue to advance and become more sophisticated in an ever-changing threat landscape. In this blog, we will explore common characteristics of vulnerabilities to help aid your strategy against exploitation in the future.

Market Outlook

In the past year, vulnerability exploitation, as the entry point of threat actors, has doubled according to Verizon’s Data Breach Investigation Report. To find these vulnerabilities, threat actors are leveraging a wide variety of techniques, including scanning IPs and open ports, crawling for specific services, testing specific CVEs from the catalog discussed above, and running remote code execution.

With an ever changing threat landscape comes an ever evolving vulnerability market. As vulnerabilities are discovered and shared publicly, threat actors are forced to become more sophisticated in their approach to exploit weaknesses in a timely manner. Every year, the Top 25 Most Dangerous Software Weaknesses are analyzed by the CWE community. One trend seen in The 2022 Top 25 release surrounds out-of-bounds write and cross-site scripting (XSS), which continue to be two of the most dangerous weaknesses from year to year. The full list of the top 25 vulnerabilities can be found here.

So What?

As one of the four key information security threats of 2022, vulnerability exploitation must remain a priority in an organization’s security strategy. If a weakness is leveraged by a threat actor and they are able to gain unauthorized access to their network, an organization risks network compromise, data exfiltration, unplanned system downtime, ransomware, and more. Such cybersecurity risks can have debilitating effects across the organization, including financially, operationally, reputationally, and economically. As a result, it is crucial for organizations to do what they can to avoid vulnerability exploitation. By understanding how vulnerabilities are identified and categorized, as well as understanding standard conventions for information that can be used to measure and mitigate the risks to your organization, you can avoid exploitation all together.

Detect. Defend. Isolate.

Besides the efforts identified above to discover and disclose information security vulnerabilities, there are efforts to proactively protect against vulnerabilities on the market. Here at Conceal, we are doing our part to help you avoid vulnerability exploitation online. By pushing the boundaries and maximizing web-based security, web vulnerabilities become a non-issue.

By identifying risky web traffic before it compromises your network, Conceal minimizes the opportunity for a vulnerability to be exploited. Detecting vulnerabilities early in the kill chain allows remediation to be taken before any damage is done. Once detection of risky behavior is identified, Conceal allows the user to finish out the activity in an isolated environment unassociated with your network. This independent network will keep your organization’s data safe from threat actors who may be trying to use the web activity to exploit a vulnerability. Learn more about protection through isolation in one of our recent blog posts here.

Vulnerability exploitation will continue to be a key entry point into your organization’s network. As a result, security teams must explore proactive security measures and tools that can be leveraged to minimize threat actors’ ability to take advantage of a vulnerability. Conceal provides part of the necessary proactive security measures by stopping malware before it has a chance to exploit unpatched vulnerabilities. Request a demo today to learn how Conceal can be a part of your organization’s strategy to protect against vulnerabilities.

Vulnerabilities risk the confidentiality, integrity and/or availability of data within an organization. When coming up with a strategy to protect against vulnerabilities, it is imperative to understand the characteristics and values of common vulnerabilities.

Characteristics

Common values that are important to understand as it relates to a vulnerability include Common Vulnerability and Exposure (CVE) values, Common Weakness Enumeration (CWE) values, and Common Vulnerability Scoring System (CVSS) values. These characteristics provide organizations with a common set of nomenclature to leverage throughout the industry, providing ease when developing their strategy to protect against vulnerabilities.

CVE

CVEs refer to a database that catalogs publicly disclosed vulnerabilities specific to an explicit occurrence. Thousands of new CVE’s are published every year for the good of the security industry. The goal of CVE’s is to provide organizations with a repository of known vulnerabilities to ease information sharing. The database gives organizations a starting point when it comes to vulnerability management as well as creating and implementing a proactive security strategy. The catalog serves as a baseline to evaluate current coverage against the known vulnerabilities. Keeping up with the current vulnerability market is the first step towards proper cyber hygiene.

CWE

Beyond understanding the vulnerability, organizations can benefit from understanding the characteristics of the building blocks that lead to the vulnerability. While CVE refers to the instance of a vulnerability, CWE focuses on the cause of the vulnerability type. For the security community, CWE’s provide common nomenclature for discussing weaknesses and categorizing them by software, hardware or use case. The list of weakness types provide a baseline for identification, mitigation and prevention of a weakness.

CVSS

Once an organization understands relevant vulnerabilities and the underlying weaknesses, understanding the severity of the vulnerability is extremely valuable. CVSS provides a consistent score for vulnerabilities, regardless of the industry. By leveraging the CVSS, organizations can understand the severity of the vulnerability in their environment as well as let them prioritize the remediation of each vulnerability.

As vulnerabilities continue to grow in sophistication and rigor, these common attributes will allow organizations to openly talk about and understand the vulnerabilities relevant to their industry. These values will allow continued collaboration when developing an organization’s security strategy. Make sure to check out Conceal’s offerings that can be used to strengthen your organization’s strategy to protect against vulnerability exploitation by requesting a demo today.

Now All Together

/in /by

A 2020 research paper by cybersecurity think tank USENIX highlights a key problem with cyber intelligence data: Even though commercial threat data is expensive, it paints an incomplete picture of the risk to your company.

The research looked at two unnamed commercial cyber threat intelligence (CTI) providers and four unnamed free intelligence providers. The researchers discovered that, even in cases where CTI providers provided data on the same threat, there was very little overlap in that data. The study found the same gap between free and paid providers. The researchers concluded that, because even top-tier threat intelligence providers can’t provide the complete picture of risks to a business, there is limited value in purchasing the high-priced data.

Clearly, a single source of truth doesn’t exist for risks surrounding cyber threats. That’s why there are so many players in the marketplace. It’s also the reason that most organizations have to invest in multiple intelligence sources, and struggle to integrate those into various points within their security stacks. Still, the right investment in the security tools that can successfully leverage all available paid and free sources to eliminate or mitigate cyber risk can make an organization far safer.

I Want You, Correct Data

There is a multitude of data available to feed the security tools used by CISOs and other IT leaders. Free data provides basic information crowdsourced from attacks that happen globally every day. These can provide an invaluable baseline resource, and should be fully utilized in security tools and endpoint protection solutions that make decisions about blocking or allowing traffic.

Still, other data is only available via vast and expensive networks of sensors, through human sources, or through analysts and collectors with specialized and hard-to-find skills. This data can provide critical insights and predictive information that can help fill in some of the gaps in the free data, as well as provide predictive data that can enable a more proactive IT security stance. Unfortunately, these datasets are expensive to collect, and this fact is often reflected in the price to an organization.

It’s easy, especially for organizations with small cybersecurity budgets, to look at the facts and determine the free data is good enough. That the added value of a more thorough, though admittedly still incomplete, picture of the threat landscape is less than the cost. Still, it’s clear that specialized premium data sources can take a company’s ability to stop threats and strategically reduce risk to the next level.

Together We are Strong

One of the USENIX paper’s main arguments against the use of paid data feeds is the fact that, despite their cost, the data remains incomplete. This is true. However, with the right security tools in place, an organization can transparently benefit from a more complete picture provided by a combination of paid and free intelligence feeds to protect them from a host of known and unknown threats.

These tools can take several forms. Depending on how the data from multiple sources is combined and utilized, the result can either be a coherent risk assessment that allows a platform to make good security decisions transparently and with limited effort by your organization, or an IT nightmare trying to make tools and data sources from different vendors play nicely together.

In today’s post-COVID environment, workforces are dispersed and conducting work on a multitude of public and private networks, and on a number of devices. More and more of this work is being done on web applications inside the browser. Because the work environment is becoming heterogeneous and dispersed, the traditional security models are no longer effective. Keeping users safe in this environment requires a Zero-Trust security model at the browser level, and it requires being able to bring every possible outside source of intelligence and network data to bear on the risk mitigation process.

Conceal Can Do It!

Fortunately for your IT security team, ConcealBrowse provides a simple, cost-effective way to utilize all your existing security tools and data sources to make intelligent decisions about risk mitigation and safety in a Zero-Trust browser. While investments in user training around phishing and online safety can be beneficial, the reality is that no one is perfect and no one will make the right security decision 100% of the time. You want your people to be able to do their jobs and think as little as possible about security. That’s all possible with ConcealBrowse.

ConcealBrowse has plugins for a number of free and paid intelligence services and security tools that feed information to our “brain,” which determines the best risk mitigation methods for every clicked link or visited URL. ConcealBrowse lets you get the full benefit from combining all the free and paid data sources that, when combined, create a much fuller risk picture.

Learn more about how Conceal is influencing the future of cybersecurity.