BeyondCorp Weekly 16
Ivan Dwyer - April 18, 2017
The Shadow Brokers leaks have certainly dominated the headlines, bringing out all the security researchers to investigate the scope of vulnerabilities – most notably the SWIFT network and a number of Windows 0-days. A good list of all the exploits is up on GitHub here. What still seems to be unclear, however, is when and how Microsoft was alerted to the numerous CVEs affecting their products given that they were able to patch the exploits a month before the leaks surfaced. An interesting case to say the least, but I’ll leave the speculation to others.
Most interesting to me this week is a fascinating story in ArsTechnica detailing the tumultuous endpoint protection business, which has vendors going head-to-head in a cutthroat manner by manipulating malware tests and gaming product comparisons. The detailed expose reads much like a he said/she said, but what’s abundantly clear is that the market is ripe for disruption. It’s a trend happening throughout the entire security industry, on the heels of the IT transformation already brought forth by the cloud. Without picking any category winners, what I’ll say is that those who provide visibility into their products are those who will survive. I’ve said that Zero Trust will have a profound impact on the VPN market by providing visibility into what has traditionally been a black box. From this ArsTechnica story, I’d say the same will apply to the endpoint protection market.
Here are a few additional things that caught my eye this past week.
Detecting insider threats is easier than you think [CSOOnline]
Google began their BeyondCorp initiative because they recognized that the changing landscape of a distributed workforce meant the attack surface was changing as well. Rather than beef up the perimeter, as so many would do, they took a holistic view of the challenges and designed a system where access controls can adapt to changing environments. The model is clearly catching on, as a number of security experts provide backup to the principles in this series of interviews.
95% of Organizations Have Employees Seeking to Bypass Security Controls [DarkReading]
One of the defining characteristics of BeyondCorp is that Google gave much thought to how the employees would end up using the system. After all, you don’t want to hinder productivity by blocking work. Access control systems that provide a poor user experience, such as the corporate VPN, often lead to workaround attempts, which in turn lead to vulnerable systems. A strong case for a Zero Trust architecture.
Employees lack confidence in keeping their company networks secure [SC Magazine]
It’s a good thing we’re looking past the network perimeter as the primary security mechanism considering that a study by FutureLearn found that nearly half of the respondents weren’t confident that they could keep the company network secure. Removing access controls from the network will lead to more secure systems, provided that authentication and authorization are properly implemented.
Protecting connected corporate fleets against cyber attacks [Windows ITPro]
With the rise of connected devices and IoT systems, sensitive company resources are not limited to traditional applications and databases. David Geer reports that vehicle fleets are becoming a target for hackers, as they are not well locked down and contain valuable data. Geer continues to make the case for Zero Trust as a security model to protect the connected car in a similar manner as you might a corporate app.
Software Engineer Arrested For Attempted Theft Of Proprietary Trading Code From His Employer [DOJ]
In what bears a striking resemblance to the Anthony Levandowski case, a well known open source developer has been arrested for allegedly stealing sensitive company information. Reading through the Complaint, it appears as though his company closely monitored activity, and has the logs to back it up. More proof points that a closely monitored corporate network can mitigate insider threats, but still all evidence is reactive. I’m waiting for a proactive story… but then again, that wouldn’t make the news.
Upcoming Events
I’ll be speaking at the Rocky Mountain InfoSec Conference next month, with a session titled BeyondCorp: Google Security for Everyone Else. It looks like it’ll be a fun conference so I encourage anyone able to come hang out. I’m not sure if it’ll be recorded, but I’ll share the slides at a minimum.
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT
Ivan Dwyer
Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.
