CSOonline: Microsoft Azure’s Russinovich sheds light on key generative AI threats

Generative AI-based threats operate over a huge landscape, and CISOs must look at it from a variety of perspectives, said Microsoft Azure CTO Mark Russinovich during Microsoft Build conference this week in Seattle. “We take a multidisciplinary approach when it comes to AI security, and so should you,” Russinovich said of the rising issue confronting CISOs today. I cover his talk, which was quite illuminating, about AI-based threats here for CSOonline.


CSOonline: It is finally time to get rid of NTLM across your enterprise networks

It is finally time to remove all traces of an ancient protocol that is a security sinkhole: NTLM. You may not recognize it, and you may not even know that it is in active use across your networks. But the time has come for its complete eradication. The path won’t be easy, to be sure.

The acronym is somewhat of a misnomer: it stands for Windows New Technology LAN Manager and goes back to Microsoft’s original network server operating system that first appeared in 1993.

NTLM harks back to another era of connectivity: when networks were only local connections to file and print servers. Back then, the internet was still far from a commercial product and the web was still largely contained as an experimental Swiss project. That local focus would come to haunt security managers in the coming decades.

In this analysis for CSOonline, I recount its troubled history, what Microsoft is trying to do to rid it completely from the networking landscape, and what enterprise IT managers can do to seek out and eliminate it once and for all. It will not be a smooth ride to be sure.

CSOonline: An update on IAM

Comedian Colin Quinn says identity is a big thing. “Your id is who the government says you are. Your personality is the people who know you think you are, your reputation is the people who don’t know you think you are, your social media profile is who you think you are, and your browser history is who you really are.”

While my writing about identity management isn’t going to make the comedy circuit, I  recently updated my explainer piece for CSOonline. Identity is even more important these days, as enterprises move into more cloudy and virtual infrastructures, federate apps with their partners and customers, and try to protect themselves against supply-chain attacks that can tie them in knots for weeks and months.  And thanks to poor multi-factor implementations, more sophisticated phishing methods, more automated credential stuffing techniques and numerous legacy IAM systems that haven’t been updated, bad actors can often find easy entries with minimal effort into corporate systems to ply their exploits.

IAM needs to be a well-integrated fabric or mesh of architectures and processes that connect everything together into a coherent whole that can protect the entire digital surface of an enterprise. This fabric uses adaptive risk assessments to authenticate and connects both people and machines and uses information collected from continuous threat detection and operations visibility. My post explains how to get to this state, and some things that enterprise IT managers need to consider in their evaluations.

Dark Reading: New Tool Shields Organizations From NXDOMAIN Attacks

Attacks against the Domain Name System (DNS) are numerous and varied, so organizations have to rely on layers of protective measures, such as traffic monitoring, threat intelligence, and advanced network firewalls, to act in concert. With NXDOMAIN attacks on the rise, organizations need to strengthen their DNS defenses.

Akamai has released a new tool to help, as my story for Dark Reading describes.

Dark Reading: Electric vehicle charging stations still have major cybersecurity flaws

The increasing popularity of electric vehicles isn’t just a favorite for gas-conscious consumers, but also for cyber criminals that focus on using their charging stations to launch far-reaching attacks. This is because every charging point, whether they are inside a private garage or on a public parking lot, is online and running a variety of software that interacts with payment systems and the electric grid, along with storing driver identities. In other words, they are an Internet of Things (IoT) software sinkhole.

In this post for Dark Reading, I review some of the issues surrounding deployment of charging stations, what countries are doing to regulate them, and why they deserve more attention than other connected IoT devices such as smart TVs and smart speakers.

CSOonline: A dozen of the top data security posture management tools

Tracking down sensitive data across your cloud estate can be vexing. By their very nature, cloud computing is dynamic and ephemeral. Cloud data is easily created, deleted or moved around. Correspondingly, the cloud attack surface area is equally dynamic, making protection measures more difficult. Over the past few years, a group of tools called data security posture management (DSPM) have been developed to discover both known  and unknown data, provide some structure and manage the security and privacy risks of its potential exposure. In my post for CSOonline today, I look at a dozen different tools from Concentric AI, Cyera, Eureka Security, Normalyze, OneTrust, Palo Alto Networks, IBM, Securiti, Sentra, Symmetry Systems, Varonis and Wiz. (A summary comparison table can be found here.)

These tools will require a significant amount of staffing resources to evaluate because they touch so many different aspects of an enterprise’s IT infrastructure. And that is a good thing, because you want them to seek out and find data no matter under what digital rock they could be hiding. So having a plan that prioritizes which data is most important will help focus your evaluation. Also a good thing is to document how each DSPM creates its data map and how to interpret it and subsequent dashboards. Finally, you should understand the specific cloud services that are covered and which ones are on the vendor’s near-term product roadmap too.

Dark Reading: Corporations With Cyber Governance Create Almost 4X More Value

Public corporations have mostly ignored SEC regs published years ago for improving cybersecurity governance. And while the requirements can be difficult to satisfy, companies that have made the effort created nearly four times their shareholder value compared to those that haven’t. That’s the conclusion of a new survey jointly conducted by Bitsight and Diligent Institute, entitled “Cybersecurity, Audit, and the Board.”  According to the Bitsight report, having separate board committees focused on specialized risk and audit compliance produces the best outcomes. 

You can read my analysis of this report for Dark Reading here.

Dark Reading: Cloud Email Filtering Bypass Attack Works 80% of the Time

A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.

Computer scientists have uncovered a shockingly prevalent misconfiguration in popular enterprise cloud-based email spam filtering services, along with an exploit for taking advantage of it. The findings reveal that organizations are far more open to email-borne cyber threats than they know, and will be presented at a conference in May. My post for Dark Reading explains the situation.

Red Cross Volunteer Gives Back as Service to Armed Forces Resiliency Volunteer

There aren’t too many people who have become modern models for dolls produced by the American Girl company, let alone women who have had a long volunteer career with the American Red Cross. But Dorinda Nicholson – the real-life archetype behind the Nanea Mitchell doll – is very much a true story of grit, determination, and turning her survivor’s story into one of exceptional service wherever she goes. I recently wrote a profile of her for our local chapter blog.

Dark Reading: NIST’s Vuln Database Downshifts, Prompting Questions About Its Future

Since 2005, the National Vulnerability Database (NVD) has been posting details about the hundreds of daily common vulnerabilities and exposures (CVEs) discovered by security researchers from around the globe. But last month, the critical government-sponsored database went from being an essential tool to a nearly dark destination. That is when any details in the NVD have been omitted, details that make the vulnerability data useful to enterprise security managers and to the numerous vulnerability management tools that can help prevent potential damages from attackers. My story in Dark Reading tells this sad tale.