Insights For Success

Strategy, Innovation, Leadership and Security

Cyber

Want to be a cyber super spy, try the Shin Bet intelligence challenge

GeneralEdward KiledjianComment
sergiu-nista-265785-unsplash.jpg

Shin Bet (also known as Shabak) is the Israeli Security Agency, and they are looking for technologically savvy intelligence agents. To discover these rough diamonds, they have created a new online challenge website called the "Shabak Challenge."

You can access this challenge website here. Visitors are challenged to identify a group of terrorists known as “White September”. The introduction on the page says

White September (WS) is a group of arch-terrorists. They are connected to the global Jihadist movement, and are funded by Iran and Hezbollah. Several weeks ago, they used the darknet to declare their intentions of carrying out a mega terror attack in Israel. They nicknamed the operation “Israeli September 11th”. These people are highly sophisticated and utterly merciless.

According to Channel 2, 150,000 would be analysts (from Russia, France, USA, the UK, Turkey, Iraq, etc) have already visited the site but only 2 have successfully completed the challenge. The challenge requires familiarity with advanced hardware and software technologies.

Here is a Youtube ad for the Security Service

Continuous authentication is the future

GeneralEdward KiledjianComment
eye-2771174.jpg

User authentication is one of the most important and fundamental building blocks of security. Authentication is built on username, password, token, biometrics or any combination of these. Regardless of the model, authentication is performed when the user starts his/her interaction with the target system.

What do you do if you require a higher level of authentication? What if you need to make sure the user interacting with your system is always whom they say they are. This is where the concept of continuous authentication comes in. We started to see this concept implemented for the mass-market with the Apple Watch and Apple Pay. You authenticate Apple Pay once and as long as the watch stays on your wrist (validated with a pulse), you do not need to re-authenticate. Apple pay can be sure that the person wanting to make a payment is the user that authenticated originally.

Continuous Authentication is a paradigm shift moving authentication from an event to a continuous risk management process.

Dynamic risk-based authentication means the system is continuously monitoring changes to environmental parameters and can decide the trustworthiness of users continually.

The shift to continuous authentication is inevitable. Not only will it make authentication more natural for the user but it will allow security administrators to implement much tighter security models.

As an example, if the user walks away from the computer, the system could notice and freeze the interactive session. Another example is a user working on a PC is tricked and launches malware. The system could be intelligent enough to know that a rogue process is attempting to masquerade as the user and block access.

Continuous authentication is to use the full array of modern technologies and others that have yet to be released. Parameters such as keyboard typing speed and style, how the user swipes on a touchscreen device, how the user moves the mouse, the camera input (from modern day cameras), gait analysis using the accelerometer in a smartphone or smartwatch, etc.

Although continuous authentication will be easy for users, expect it to be very complicated for developers. Expect this to be a burgeoning market in the coming years, something most security professionals have to start thinking about. We expect to start seeing serious mass market products around 2020-2021.

US bans use of Huawei technology through Defense Authorization Act

GeneralEdward KiledjianComment
Capture.PNG

US President Donald Trump has signed the Defense Authorization Act into law. Section 889 ( PROHIBITION ON CERTAIN TELECOMMUNICATIONS AND VIDEO SURVEILLANCE SERVICES OR EQUIPMENT) bans use by government agencies and contractors of Huawei or ZTE technologies. 

The language of the act is ambiguous and doesn't clearly list what technology is or isn't covered by the prohibition. 

procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system

ZTE and Huawei should not be used to access government systems that display personal data, therefore it is safe to assume that most agencies and contractors will purge their networks of systems designed or that use these technologies.

I have not yet seen an official response from either of the tech complanies.

Stay tuned. 

Google Chrome's Spectre Mitigation is consuming 10% more RAM

GeneralEdward KiledjianComment
data-2793195.jpg

Google Chrome has always been a resource hog, but you may have noticed it's been consuming just a little bit more RAM lately (on your desktop).

This new more demanding Chrome is because of the Google's Spectre mitigation efforts.
The Google Chrome security team has enabled site isolation as a default (in Chrome v67 for desktops). Justin Schuh, head of Google Chrome Security, explained that site isolation separates each website process thereby preventing a malicious tab from stealing data from another.

When Site Isolation is enabled, each renderer process contains documents from at most one site. This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using “out-of-process iframes.”

Don't expect to see this update on the Android version anytime soon, the resource consumption requirements are too high (for now).

Chrome is obviously my browser of choice but I have been concerned at the amount of resources it requires and this move (although right from a security perspective) further pushes Chrome in the wrong direction. 

Additional reading:

Chronicle Security launches under the Alphabet family of companies

GeneralEdward KiledjianComment
Capture.PNG

Alphabet Inc., the parent company of Google, has launched a new cybersecurity intelligence company called Chronicle.

The company promises to bring Alphabet's advanced machine learning capabilities and large cloud computing footprint to cyber intelligence. The soft launch was confirmed via a blog post on Medium called "Graduation Day: Introducing Chronicle". A quote from the blog entry says:

Organizations deploy dozens of security tools to protect themselves, and their security teams are highly skilled and extremely dedicated, but they can’t keep up with the growing number, sophistication and ambition of attacks.
— Astro Teller

Another Medium blog article is entitled "Give Good the Advantage".

Based on all the blog entries, Chronicle Security will be some kind of large, in the cloud, data collection and analytics platform that will leverage machine learning to deliver 10X efficiency improvements to security teams. 

Data collection and correlation tech aren't new in the security theater, we call this type of tech a security information and event management platform. Competitors in this space include LogRythm, Splunk, IBM QRadar, AleinVault, McAfee Enterprise Security Manager, SolarWinds Log & Event Manager and more. 

The company says their main differentiators will be :

  • "should be able to help teams search and retrieve useful information and run analysis in minutes, rather than the hours or days it currently takes"
  • "Storage — in far greater amounts and for far lower cost than organizations currently can get it — should help them see patterns that emerge from multiple data sources and over years."

Traditional SIEM technologies are very expensive so it looks like Chronicle Security will dramatically bring down the price, making attainable for small to medium size businesses. In addition to the cost, they promise to add machine learning to help find useful information faster and make that information more actionable. This is the piece currently missing in all SIEM products (regardless of what the marketing material says). If Chronicle can deliver Google grade machine learning that helps reduce the burden on security teams and makes the information analysis more automatic, then this could be a big break for security teams around the world.

It is difficult to peg down the exact offering Chronicle will have very little information about the technology or platform is provided. They have promised to keep customer information separate from other Alphabet companies (namely Google) and will have their own privacy policy.

Obviously, Alphabet believes the tech is good enough to turn an idea incubated in their moonshot factory into a real company. Now we wait and see if it is really as good as they are promising.