Visibility is Key to Security Monitoring for IT, OT, and Cloud

Visibility is Key to Security Monitoring for IT, OT, and Cloud

With the rapid pace and complexity of business transformation coupled with ever-increasing threat sophistication targeting hybrid environments, IT & Security teams are looking for trusted security partners who can help increase visibility, reduce complexity, and address critical talent shortages.

Large-scale breaches have impacted millions of people. The once-fringe subjects of ransomware, malware, denial of service attacks and phishing scams have captured public interest, impacted the bottom line, and earned the attention of leaders in public and private institutions around the globe. The increasing sophistication of threats has taken the risks of data and reputational loss to new heights – costing companies an estimated USD 1.5 trillion worldwide in 2018 alone.[1] At the same time, organizations’ computing environments are rapidly transforming to deliver business outcomes for modern consumers in the modern world. Network perimeters continue to erode to enable this transformation and include mobile devices, cloud applications and platforms, operational technologies (OT) such as sensors and controls, and industrial IoT devices (IIoT).

In order to produce these business outcomes while protecting critical assets, data, and reputation, IT & IT security teams need visibility across the enterprise stack. They require trusted cybersecurity partners who can help them reduce the complexity of managing cybersecurity programs in multi-technology environments while maximizing the value of their investments

Challenge the status-quo: every organization should assume breach

The question is not if or when security will be breached – it is how quickly you can identify and mitigate a threat that’s already inside your organization. Executive Boards are more involved and looking for reassurance that the business is resilient against the most current events. To deliver the expected results, threat detection, containment, and remediation must be rapid and effective, but currently, most threats go undetected for an average of 101 days. A deeper level of intelligence is needed – superior visibility into threats and adversaries, greater contextual relevance, and a dynamic understanding of an evolving threat landscape.

Detect Faster, respond efficiently

Traditional Managed Security Services Providers (MSSPs) solutions lack the advanced capabilities required to combat advanced adversaries. An effective approach to threat detection needs to provide visibility and be non-linear, imitating the ad-hoc way an attacker moves through an environment. This requires specific skill sets and capabilities that should be continuously updated to stay ahead of the curve and detect and respond more rapidly to attacks.  Such capabilities require a new way of monitoring and detection – a service that combines visibility, expert analysts, threat detection frameworks, and intelligence sharing.

Threat hunting approach

However good the technology and processes are, threats can still get through the net. The most advanced managed security requires dedicated teams of threat hunters – analysts with the mindset of a hacker who will investigate and research anomalous behavior, activity, and files to unearth unknown threats. With an international shortage of cybersecurity professionals close to 3 million worldwide,[2] companies will have difficulty recruiting the talent directly.

Don’t stop at traditional IT security monitoring. Regardless of the environment – cloud, IT, or OT – it needs visibility and appropriate protection

Attack vectors are expanding with digital transformations, making it harder to reduce risk and maintain accurate visibility across the enterprise. The number of new platforms and applications collecting, storing and mining data is on the rise. Critical infrastructure is becoming more reliant on the Internet and IT environments to operate effectively. This combination provides security teams with a complex mission, attackers with new targets, and regulators with a new scope.

  • Cloud platforms Visibility and Security monitoring

According to Gartner, 75 percent of businesses will use a multi-cloud or hybrid cloud model for their businesses by 2020. While migrating to the cloud can save time and money in the short term, cloud adoption presents unique challenges when it comes to long-term data visibility and security, particularly in hybrid environments. Businesses need a way of monitoring, detecting and responding to threats regardless of where their data is stored.

  • Visibility and Security Monitoring of Operational Technologies & Industrial Systems Controls

Operational Technology (OT) and Industrial Control Systems (ICS) networks represent a growing risk. Malicious activity is increasing, as evidenced by the growth in threat activity from ICS attack groups and the emergence of ICS-specific malware, such as Triton or Trisys. Prominent breaches in critical infrastructures, including water and energy utilities, have highlighted the need for better security. Nevertheless, many organizations still struggle to have the visibility needed to monitor their industrial environments effectively.

Protecting businesses against sophisticated cyber attacks is an ongoing process for IT & IT security teams. Given the complex business drivers, threat landscape, and IT talent shortage, most organizations are working with trusted cybersecurity partners who can bring the critical visibility, solutions, resources, and intelligence to minimize these risks.

  1. Is my data safe in the cloud? Or would it be safer on premise?

    Interview with Olivier Spielmann, Director of EMEA Managed Security Services, Kudelski Security

Information security relies on data confidentiality, integrity and availability. With proper security controls, all three aspects can be protected on-premise or in the cloud. Equally, all three can fail in the cloud or on-premise as well. Transition to the cloud means that solution responsibility is divided. Some parts are delegated to a third party while others remain the company’s responsibility (e.g. data accountability).

One key action is to adapt the security architecture design of your solution to the target environment (cloud vs on-premise) and support it with a solid contractual base. A cloud solution can’t be designed as an on-premise solution – it’s very different, for several reasons, e.g. data ubiquity and elasticity.

Today, data breaches of cloud environments are mainly due to human configuration errors, exposing unprotected data to the Internet.

The widest risk of cloud environment usage for storing company data can be addressed by:

  • Properly designing a secure cloud architecture that addresses confidentiality, availability and integrity aspects
  • Performing due diligence on the cloud provider
  • Putting in place a solid service contract

Whatever the stage of your cloud journey, Kudelski Security has services and solutions to support you – from cloud design, due diligence, security monitoring, to incident response in the cloud.

  1. Does it really make a difference whether I keep my data in Switzerland or in a foreign cloud?

No, as long as you don’t infringe the relevant regulations and you have a strong contract in place with your cloud provider. If you use cloud services to deliver business services, accountability remains your responsibility.

What does change when your data is stored in another country is the regulation enacted in case of a breach or to protect your data against a search. When storing the data at a cloud provider, the client should find out which governing laws apply and assess whether they are adequate.

  1. The cloud is becoming more hybrid and varied. How does one maintain the visibility needed for a secure environment?

The cloud is completely fuzzing the borders of data processing and storage. While appreciated for its flexibility, speed and ease of use, cloud services can become a freeway for voluntary or involuntary data exposure and vast amounts of confidential data have been exposed as a result.

Risks can be addressed by training cloud user teams, properly architecturing and configuring cloud professional environments and monitoring company clouds for configuration errors.

Alternatively, companies can use the capabilities of Managed Security Service providers, like Kudelski Security. We monitor risks and configuration 24/7 and have reduced threat detection time from the average of 78 days to a few hours, in many cases.

  1. What new challenges does the IIoT create for IT-security providers?

Protecting IIoT environments is not the same as protecting IT environments. Industrial systems are built differently yet are now exposed to similar threats through their connection to IT networks. Industrial systems present new threats that can’t be handled by standard IT security measures. For example, scanning an industrial system with a vulnerability scanner may shut it down, stopping the manufacturing process.

In addition, IT security skills and solutions aren’t adapted to IIoT environments. Vendors and service providers need to offer new solutions to cover these newly exposed environments of critical service providers, e.g. energy. Companies looking to protect their assets in an IIoT environment can get support from Kudelski Security’s Cyber Fusion Center, which offers advisory, threat monitoring, hunting and incident response around the clock.

  1. Who watches the watchmen: How do these cybersecurity partners keep themselves safe?

At Kudelski Security, clients regularly challenge us to demonstrate we’re applying robust security controls and appropriate security governance processes. Cybersecurity partners should always practice what they preach by applying defense-in-depth security controls, threat monitoring and hunting and incident response to their own environments.

This article was originally featured in Netzwoche and can be read by clicking here.

[1] Maguire, M. Dr. (2018)

[2] Cybersecurity Workforce Study (2018)

Bei der Sicherheitsüberwachung ist die Visibilität entscheidend

Bei der Sicherheitsüberwachung ist die Visibilität entscheidend

Angesichts des hohen Tempos und der Komplexität bei der Transformation von Unternehmen sowie der ständig steigenden Sicherheitsbedrohungen für hybride Umgebungen wünschen sich IT- und Sicherheitsteams vertrauenswürdige Sicherheitspartner, die dabei helfen können, die Visibilität zu erhöhen, die Komplexität zu reduzieren und dem Fachkräftemangel entgegenzuwirken.

Olivier Spielmann, Director of EMEA Managed Security Services, Kudelski Security.

Millionen von Menschen sind von Datendiebstahl im grossen Stil betroffen. Cybersicherheit – die Abwehr dieser Bedrohungen – rückt deshalb überall zunehmend in den Mittelpunkt des Interesses. Zugleich steigt aber auch die Komplexität der Cyberbedrohungen, was die Gefahr für Daten und die Reputation der betroffenen Firmen auf eine neue Stufe hebt. Allein Unternehmen kosteten Cyberattacken im Jahr 2018 weltweit rund 1,5 Billionen US-Dollar. Gleichzeitig passen Organisationen ihre IT stetig den steigenden Erwartungen der Konsumenten an.

Netzwerkperimeter werden dabei immer weiter ausgehöhlt, um eine solche Transformation zu ermöglichen. Um die Sicherheit kritischer Firmendaten weiterhin gewährleisten zu können, müssen IT-Sicherheitsteams über eine unternehmensweite Visibilität verfügen. Dafür benötigen sie vertrauenswürdige Partner, die sie bei der komplexen Verwaltung von Cybersicherheitsprogrammen in Multi-Technologie-Umgebungen unterstützen und helfen, den Investitionswert zu maximieren.

Immer von einem Datendiebstahl ausgehen!

Die Frage ist nicht, ob oder wann ein Datendiebstahl erfolgen wird, sondern wie rasch eine Bedrohung erkannt werden kann, die bereits im Netzwerk ist. Die Geschäftsleitung involviert sich stärker, sie will die Gewissheit, dass das Unternehmen vor den aktuellen Bedrohungen geschützt ist. Dennoch bleiben die meisten Bedrohungen im Schnitt 101 Tage unerkannt. Ein höheres Mass an Informationen ist erforderlich – eine bessere Übersicht über Bedrohungen und Gegner, eine grössere kontextuelle Relevanz und ein dynamisches Verständnis in Bezug auf eine sich wandelnde Bedrohungslage.

Den traditionellen Lösungen von Managed Security Services Provider (MSSP) fehlen die fortschrittlichen Funktionen, die erforderlich sind, um fortschrittliche Gegner zu bekämpfen. Ein effektiver Ansatz für die Erkennung von Bedrohungen darf nicht linear sein, muss Visibilität generieren und die Ad-hoc-Bewegungen eines Angreifers im System widerspiegeln. Dies erfordert spezifische Fachkenntnisse und Fähigkeiten, die kontinuierlich aufgefrischt werden müssen, um immer einen Schritt voraus zu bleiben.

Ansatz Threat Hunting

Egal wie gut Technologie und Prozesse sind, Bedrohungen können dennoch unentdeckt bleiben. Eine fortschrittliche Sicherheitsabteilung erfordert spezialisierte Teams aus Threat Hunters, also Analysten mit der Denkweise eines Hackers, die ano­male Aktivitäten und Dateien analysieren, um unbekannte Bedrohungen aufzudecken. Da weltweit knapp drei Millionen Cybersicherheitsexperten fehlen, werden Unternehmen allerdings Mühe haben, die benötigten Talente zu rekrutieren.

Mit der Digitalisierung nimmt die Anzahl der Angriffsvektoren zu. Auch gibt es stetig mehr Plattformen und Anwendungen, die Daten sammeln, speichern und auswerten. Dies macht es schwieriger, die Risiken zu reduzieren und eine hohe Visibilität im gesamten Unternehmen aufrechtzuerhalten. Kritische Infrastrukturen sind für einen wirksamen Einsatz immer stärker vom Internet und von den IT-Umgebungen abhängig. Die Kombina­tion dieser Faktoren bedeutet für Sicherheitsteams eine komplexe Mission, für Angreifer neue Ziele und für Aufsichtsbehörden eine völlig neue Dimension.

Visibilität und Überwachung von Cloud-Plattformen: Laut Gartner werden 75 Prozent der Unternehmen bis 2020 ein Multi-Cloud- oder Hybrid-Cloud-Modell implementieren. Eine Migration in die Cloud mag zwar kurzfristig Zeit und Geld sparen. Jedoch ist der Einsatz der Cloud in Bezug auf langfristige Visibilität und Datensicherheit mit grossen Herausforderungen verbunden, insbesondere in hybriden Umgebungen.

Visibilität und Sicherheitsüberwachung in den Bereichen Operational Technologies (OT) und Industrial Control Systems (ICS): Netzwerke in OT und ICS stellen ein wachsendes Risiko dar. Böswillige Aktivitäten nehmen zu. Den Beweis dafür liefern die steigende Anzahl Bedrohungsaktivitäten von ICS-Angreifern und das Aufkommen von ICS-spezifischer Malware wie Triton oder Trisys. Berüchtigte Angriffe auf kritische Infrastrukturen, darunter Wasser- und Energieversorgungsunternehmen, zeigten, dass hier eine bessere Sicherheit erforderlich ist. Trotzdem haben viele Organisationen immer noch Mühe, die nötige Visibilität zu erreichen, um ihre industriellen Umgebungen wirksam zu überwachen.

In der Cloud verschwimmt die Grenze

Die Cloud macht viele Versprechen: schneller, kostengünstiger, einfacher. «Sicherer» hört man selten in dieser Aufzählung. Vor allem KMUs kann die Cloud zuweilen verunsichern. Olivier Spielmann, ­Director of EMEA Managed Security Services bei Kudelski Security, weiss Rat. Interview: Coen Kaat

Spielt es eine Rolle, ob ich meine Daten in der Schweiz oder in einer ausländischen Cloud speichere?

Olivier Spielmann: Nein, solange Sie nicht gegen die einschlägigen Vorschriften verstossen und einen guten Vertrag mit Ihrem Cloud-Anbieter haben. Falls Sie Cloud-Services zur Bereitstellung von Businessdienstleistungen nutzen, bleibt die Verantwortung bei Ihnen. Was sich ändert, wenn Ihre Daten in einem anderen Land gespeichert werden, sind die rechtlichen Vorgaben, die im Falle einer Datenpanne oder beim Schutz Ihrer Daten vor Suchvorgängen zur Anwendung kommen. Bei der Speicherung der Daten bei einem Cloud-Anbieter sollten Sie abklären, welche Gesetze gelten und ob diese ausreichend sind.

Die Cloud wird immer hybrider und vielfältiger. Wie erreicht man die für eine sichere Cloud-Umgebung erforderliche Transparenz?

In der Cloud verschwimmt die Grenze zwischen Datenverarbeitung und Datenspeicherung. Cloud-Services werden zwar wegen ihrer Flexibilität, Schnelligkeit und Benutzerfreundlichkeit geschätzt, können aber – gewollt oder ungewollt – zu einem weit offenen Portal zur Offenlegung von Daten werden, wodurch schon riesige Mengen an vertraulichen Informationen preisgegeben wurden. Risiken lassen sich durch die Schulung von Cloud-Benutzer-Teams, die richtige Architektur und Konfigura­tion von professionellen Cloud-Umgebungen sowie durch die Überwachung von Unternehmens-Clouds auf Konfigurationsfehler minimieren. Alternativ können Unternehmen die Möglichkeiten von Managed-Security-Service-Providern wie Kudelski Security nutzen. Wir überwachen Risiken und Konfigurationen rund um die Uhr und haben die Zeit zur Erkennung von Bedrohungen von durchschnittlich 78 Tagen in vielen Fällen auf wenige Stunden reduziert.

Welche neuen Herausforderungen stellt das IIoT für IT-Sicherheitsdienstleister dar?

IIoT-Umgebungen zu schützen ist nicht dasselbe wie der Schutz von IT-Umgebungen. Industrielle Systeme sind unterschiedlich aufgebaut, sind aber durch ihre Verbindung zu IT-Netzwerken nun ähnlichen Bedrohungen ausgesetzt. Sie bringen neue Risiken mit sich, die sich mit herkömmlichen IT-Sicherheitsmassnahmen nicht beheben lassen. So kann beispielsweise das Scannen eines Produktionssystems mit einem Schwachstellenscanner das System abschalten und damit den Fertigungsprozess stoppen. Darüber hinaus sind IT-Sicherheits-Kompetenzen und -lösungen nicht auf IIoT-Umgebungen ausgerichtet. Anbieter und Dienstleister müssen neue Lösungen bereitstellen, um diese neu exponierten Umgebungen kritischer Dienstleister – zum Beispiel in der Energiebranche – abzudecken. Unternehmen, die ihre Anlagen in einer IIoT-Umgebung schützen möchten, können sich an das Cyber Fusion Center von Kudelski Security wenden, das rund um die Uhr Beratung, Bedrohungsüberwachung, Threat Hunting und Störungsbehebung anbietet.

Wer bewacht die Wächter? Wie gewährleisten ­Cybersicherheitspartner ihre eigene Sicherheit?

Bei Kudelski Security fordern Kunden uns regelmässig auf, zu beweisen, dass wir robuste Sicherheitskontrollen und angemessene Security-Governance-Prozesse anwenden. Cybersicherheitspartner sollten selbst umsetzen, was sie predigen, indem sie auch in ihren eigenen Umgebungen tiefgreifende Sicherheitskontrollen, eine effiziente Bedrohungsüberwachung, Threat Hunting und Störungsbehebungssysteme implementieren.

Read the original article by clicking here.

What Are the Security Implications of IoT? Podcast Featuring Kudelski Security CTO Andrew Howard

What Are the Security Implications of IoT? Podcast Featuring Kudelski Security CTO Andrew Howard

The security implications of IoT range far and wide. With almost every conceivable thing connected to the internet, it’s hard to predict what is and isn’t a threat to its user’s data.

Have you ever thought about what IoT security actually means? Kudelski Security CTO Andrew Howard sat down with the #AskIoT podcast team from IoT For All to discuss how companies really should approach cybersecurity and what needs to be done by everyone involved to ensure the devices we use every day are as secure as possible.

Andrew’s interview follows these basic questions and a whole lot more:

  1. Which industry is most at risk to security threats in IoT?
  2. How do you handle building security into legacy systems?
  3. How should non-technical companies approach IoT adoption?

Do you want to listen to the podcast? Click the play button below.

Read the original article by clicking here.


Frost & Sullivan on Secure Blueprint

Frost & Sullivan on Secure Blueprint

One of the toughest challenges that face Chief Information Security Officers is effectively communicating with the board of directors. That begs the question, how can CISOs articulate their comprehensive and sophisticated security strategy to them?

Kudelski Security’s Secure Blueprint SaaS is a business management platform, designed by CISOs and created for CISOs. The software enables security leaders to plan, execute and evolve business-aligned security programs, allowing continuous improvement. It enables security leaders to centralize key management functions, gives them visibility on maturity and risks, and facilitates stakeholder engagement.

See what Frost & Sullivan, the global business consultants, have to say about Kudelski Security’s software:


If you haven’t got three minutes to watch the video, key takeaways include:

  • Secure Blueprint measures cyber program maturity and risk by benchmarking an organization’s capabilities across cybersecurity control models like the NIST cybersecurity framework or Kudelski Security’s own cybersecurity portfolio management model
  • The language that is used to communicate security strategy with the organization, the C-suite, and board of directors needs to be delivered in a business language and not tech speak
  • The program facilitates and automates stakeholder engagements, taking lengthy quarterly meetings down to just a few minutes
  • Secure Blueprint allows the CISO and board of directors to effectively communicate the security strategy using out of the box executive dashboards

If you’re interested in learning more about Secure Blueprint, click here.

Growing Number of Women in Cybersecurity

Growing Number of Women in Cybersecurity

It is easy to recognize the lack of women in the IT world. With an ever-growing demand for a more diverse workplace and a lack of cybersecurity workers in general combined with consistent cyber threats, the demand is surely there.

Olivia Rose, Kudelski Security director of global risk solutions, knows that all too well. The latest statistics suggest that there is only around 10 percent of women in the cybersecurity field in the US and even fewer worldwide. Though she fell into cybersecurity by chance, she hasn’t turned away in almost two decades. Speaking on the Security Boulevard podcast CyberSpeak, Olivia delves into a multitude of topics surrounding her experience and the growing number of women in cybersecurity.

According to Olivia, there are two sides to security:

  1. The highly technical side. if you actually are interested in coding, encryption, technology, penetration testing, etc., go for it.
  2. The strategy and governance side. This is becoming recognized as even more critical than the technology side at times. You help develop the programs, strategy, and find the gaps in existing security programs to help companies effectively defend themselves. This requires a high degree of listening, communication, and creative thinking skills – ALL SKILLS women tend to be good at. It also involves partnering with Executives and Sr. Management of companies which need these skills, which women tend to be strong at, to partner with.

You can listen to the podcast by clicking the play button below.

Olivia has some additional advice for women who may be considering diving into cybersecurity:

  • If you want to get into a field which holds unlimited potential, especially for women, security is it. We need more women (and we need more people in general).
  • The industry needs the skills women tend to be strong at, they shouldn’t be scared to enter into the field. Some of the most successful security consultants, salespeople, and execs I’ve ever worked with have been women because they’ve leveraged their gender skills.
  • Women need to change their perspective of what security is and what is needed to work in the field.
  • Yes, it’s a highly male-dominated field and you will face situations where you are made to feel less important than and/or uncomfortable. But this is also why we need more women in this field, to even out the playing field and support each other.
  • Views on women in the field are changing and becoming more accepting, so it is less harassing than it was ten years ago, but be ready for certain situations which you will encounter.

This podcast was originally featured on Infosec Institute.

Visit the Kudelski Security careers page if you’re interested in our current job openings.