Interviews | July 31, 2020

Pandemic Heightens Need for Layered Security Model

Microsoft | Trend Micro | Webroot

Vasu Jakkal
CVP Security Compliance & Identity


Q1. What exactly is Microsoft's new Kernel Data Protection technology about? What issue is it aimed at addressing?

Microsoft takes a holistic approach to security to help keep customers a step ahead of attackers and their changing techniques, such as data corruption. Attackers use data corruption techniques to target system security policy, escalate privileges and tamper with security attestation among other things.

Kernel Data Protection (KDP) is a new technology that prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS). KDP is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.

Q2. How has the increase in remote work resulting from the COVID-19 pandemic changed enterprise security requirements? What long-term impact do you see it having?

The impact of COVID-19 is changing the security paradigm as more of the world standardizes remote work scenarios. We see five lasting trends resulting from the pandemic.

First, security has proven to be the foundation for digital empathy in a remote workforce. When billions of people formed the largest remote workforce in history, overnight, we learned much more than how to scale Virtual Private Networks. We were reminded that security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences. At Microsoft we think of this as "digital empathy." Companies that used a Zero Trust model and cloud-based endpoint protection technology empowered employees to work when, where, and how they needed to using the devices and apps they find most useful.

Second, everyone is on a Zero Trust journey. Broad recognition of "Zero Trust" has been the most important paradigm shift in security over the past 24 months. Covid-19 showed why. Companies relying on traditional ideas of securing workers through "walls and moats" at the perimeter were both more susceptible to Covid-19 themed threats and less able to meet the demands of a newly remote workforce.

Zero Trust shifted from an option to a mission critical strategy for many businesses during the pandemic. The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey whether they know it or not.

Third, we've seen how diverse data sets lead to better threat intelligence. The power and scale of the cloud became clear in the early days of the pandemic as Microsoft tracked more than 8 trillion daily signals from a diverse set of products, services and feeds around the globe. A blend of automated tools and human based insights helped to identify new COVID-19 themed threats before they reached customers – sometimes in a fraction of a second. The team quickly determined that adversaries were primarily adding new pandemic themed lures to familiar malware. As a result, of the millions of targeted messages Microsoft caught each day, roughly 60,000 include COVID-19 related malicious attachments or malicious URLs.

Fourth, cyber resilience is clearly fundamental to business operations. It's human nature to plan for the last crisis. Global events like Covid-19 highlight the need to have a response plan that expects the unexpected, but considering the many risks and contingencies can be daunting. However, with more enterprises relying on cloud technology, developing a comprehensive Cyber Resilience strategy as part of a holistic approach to operational resilience makes preparing for a wide range of contingencies easier.

Finally, the cloud is a security imperative. Where people often thought about security as a solution to deploy on top of existing infrastructure, events like Covid-19 showcase the need for truly integrated security for companies of all sizes. As a result, integrated security solutions are now seen as imperative.

Q3. What do you expect will be some of the top-of-mind items for CISOs at the Black Hat USA 2020 virtual event this year? What is Microsoft's messaging going to be at the event?

CISOs are telling us they need to streamline security. The economic fallout of the pandemic has everyone looking for efficiencies. But at the same time, no one is experiencing less risk. Many organizations, in fact, are experiencing greater risk with recent spikes in remote work highlighting the dissolution of the network perimeter. We are having a lot of conversations with our customers about how to strengthen security while simplifying – by breaking down traditional silos and in some cases consolidating tools. Our message at Black Hat this year is focused on Zero Trust as a strategy that can help CISOs simplify their security programs while addressing the reality of a perimeter-less world.

Kevin Simzer

Trend Micro

Q1. What explains the recent and sustained increase in attacks targeting home routers? What, if any, threat does that pose to enterprises?

One reason for the increase is the pandemic. With a large majority of the population asked to stay home, we became increasingly reliant on home networks for both work and school. Cybercriminals know that a vast majority of home routers are insecure with default credentials and have ramped up attacks on a massive scale. For the home user, attackers are hijacking their bandwidth and slowing down their network. And for the businesses being targeted by secondary attacks, these botnets can totally take down a website, as we've seen in past high-profile attacks.

Our research provides evidence of the increase in attacks. Trend Micro's research revealed an increase from October 2019 onwards in which the number of brute force log-in attempts against routers increased nearly tenfold, from around 23 million in September to nearly 249 million attempts in December 2019. As recently as March 2020, Trend Micro recorded almost 194 million brute force logins.

This trend is concerning for enterprises because cybercriminals are competing with each other to compromise as many routers as possible so they can be conscripted into botnets. These are then sold on underground sites either to launch Distributed Denial of Service (DDoS) attacks, or as a way to anonymize other attacks such as click fraud, data theft and account takeover.

Q2. What are some of the challenges involved in protecting software-defined compute workloads? What kind of capabilities do you need to adequately protect these workloads?

As organizations adopt a software-defined data center model, challenges often arise as a result of virtualization. It can be a difficult and risky process to ensure that networks and infrastructure are compatible, there is enough storage and computational capacity, your IT staff has the necessary knowledge and skillset, and, above all, your model is secure from top to bottom. These organizations need to protect the VMs and containers that run on top of SDC environments.

A decade ago, we predicted that organizations would need multi-layered security to protect their cloud environments and software-defined data centers. As such, Trend Micro has steadily built out its SDC workload protection capabilities over the past several years for virtual, public cloud and container environments. This past year, we were honored to be recognized by IDC and ranked #1 in 2019 market share for Hybrid Cloud Workload Security, according to IDC's Worldwide Hybrid Cloud Workload Security Market Shares, 2019 report.

To protect these workloads, you need to ensure every area of your cloud environment is solidly secure--not just certain focus areas—and in the simplest way possible. The fewer individual point products you can use, the easier it will be for your organization to navigate and maintain a strong and secure cloud environment. With this in mind, Trend Micro launched a cloud security services program, Trend Micro Cloud One, in November 2019 to address customers' security challenges around data center, IaaS, containers, storage and serverless architectures. Our Cloud One offering delivers the most comprehensive range of security services in a single cloud-native platform to help secure digital transformations in the cloud: Workload Security, Container Security, Application Security, Network Security, Cloud Security Posture Management (Conformity), and File Storage Security.

Q3. What can organizations participating in the Black Hat USA 2020 virtual event expect to see and hear from Trend Micro this year? What are some of the topics you plan on highlighting at the event?

We are excited about our presence at Black Hat this year. The team has a total of 5 sessions; two of which will be delivering findings from our OT research reports. One focuses on the translation protocols that let OT machines communicate with IT machines, and the other digs into automation technology and security issues we found in the proprietary languages used by machines like robots.

Attendees can participate in the Threat Defense Challenge we're hosting to test their defense and response skills. Our team will also be discussing our XDR solution – which was announced at the show last year – and the progress we've made. We've been doing a lot of work around campaign tracking and understanding the end-to-end tactics, techniques and procedures of an attack campaign and our XDR solution really addresses the way criminal actors work to infiltrate a network to keep it safe. We will dive into why organizations should look to XDR for holistic detection and response.

Readers can learn more about what we have going on at the show here.

Hal Lonas
Senior Vice President and CTO, SMB and Consumer, OpenText

Carbonite Webroot

Q1. How has the threat landscape changed over the past one year for consumers and SMBs? How has the COVID-19 pandemic exacerbated those changes?

Unfortunately, cybercriminals won't cut us a break during this difficult time of quarantine and pandemic outbreak. In fact, this is a prime circumstance for increased cyberattacks, and individuals and businesses should be hyper aware of their behavior both online and offline in effort to be more cyber resilient. Webroot's Threat Research team discovered 1.5 million unique threats in May 2020 alone, three times as many in January and a three-year high.

In terms of new threats since the beginning of the year, we also found:

  • 2% of all COVID-19 websites created in past few months were malicious
  • 2,000% increase in malicious files with ZOOM in their name
  • 40% increase in unsecured remote desktop protocol (RDP) machines for remote work. Unsecured RDP is a major problem because Microsoft's default RDP allows unlimited login attempts by anyone from any location. For users with unsecured RDP, cybercriminals will brute force their way into environments and gain complete control of the machine. Unsecured RDP isn't new, but during the pandemic the attack area surface is only continuing to grow.

SMBs and consumers need to implement layered security now more than ever, being sure to deploy premium antivirus, data backup and VPNs at a minimum to limit vulnerabilities at every access point of the newly distributed workforce. Businesses specifically need to ensure they're training their employees on security best practices, including strong passwords, multi-factor authentication and the latest phishing tactics, as humans are proven to be the weakest link in a security program.

Q2. Webroot's 2020 threat report identified consumer PCs as being twice as likely to get infected as business PCs. Considering the increase in work-from-home employees over the past several months what threat do these PCs pose for businesses? What should they be doing to mitigate risk?

Yes, this is a huge problem. Employers should make it as easy as possible for their employees to acquire and deploy state-of-the-art endpoint and network security solutions at home. Some employees may be using company-owned technology, others may be using their BYO devices, but both need proper security. Businesses should also re-emphasize employee security awareness training to make sure they can recognize fake emails, phishing sites and scams, etc. Implementing cyber resilience has never been more important, which includes security and data protection to ensure businesses and individuals can operate continuously in the face of rising threats.

Q3. What are Webroot's plans at Black Hat USA 2020? What virtual events or discussions have you planned for the event?

Webroot is hosting a variety of speaking sessions at our virtual booth (found in the business hall) covering topics like what businesses need to know about DNS 2.0, how fast cyber threat intelligence can really be and what it means to predict cyber threats. Our VP of Product Management, Jamie Zajac, is also hosting a session titled "managed services in the time of a pandemic," that outlines this pivotal time in history, new COVID-19 threats and how MSPs can play the role of trusted advisor, even as they're increasingly targeted by cybercriminals themselves. We hope to share the importance of cyber resilience with Black Hat attendees and ultimately deliver security solutions that are simple, reliable and accessible in an increasingly connected world.

Sustaining Partners