NTT Security (US) Inc - Experts & Thought Leaders

Claroty, the cyber-physical systems protection company, has announced the global expansion of its FOCUS Partner Program, with the addition of several Managed Security Service Providers (MSSPs), including IBM, Rockwell Automation, NTT Data, eSentire and several others. Held at the highest level of qualification in the FOCUS Partner Program with extensive training and certifications, Claroty’s MSSP partners are uniquely equipped to help end user organisations improve their security posture and reduce risk across the Extended Internet of Things (XIoT), while freeing up resources to focus on core business operations. Claroty unveils new MSSP partners By partnering with the world’s leading MSSPs, we are empowering our customers" “By partnering with the world’s leading MSSPs, we are empowering our customers with a number of key business benefits – cost-effective solutions leveraging economies of scale, specialised cyber security knowledge and expertise, tailored offerings that meet their specific needs, proactive network and systems monitoring, and compliance with industry and government regulations, to name a few,” said CJ Radford, Vice President (VP) Channels & Alliances at Claroty. CJ Radford adds, “With the rapid proliferation of the XIoT across industrial, healthcare, and commercial environments and the ever-expanding attack surface that comes with it, the unmatched breadth and depth of our partner ecosystem delivers the solutions, services and security expertise required to combat today’s advanced cyber security threats.” MSSP partners in the program Additional MSSP partners in the program include 1898 & Co., Atos, Aveniq, Cabrini Technology Group, DirectDefense, Kapsch TrafficCom, Kudelski Security, LAC Co. Ltd., r-tec IT Security GmbH, Trident Automation, Vector Technology Solutions and others. Claroty’s FOCUS Partner Program develops the skills, tools and processes necessary for partners to execute across the entire enterprise security services lifecycle. The program helps establish long-lasting relationships across partner organisations, increasing lifetime value, creating a trusted-advisor partnership and flawless execution of jointly defined business outcomes. Since the program’s initial launch, over 2,000 sales and technical professionals have received Claroty training and certification. Claroty MSSP Partner Quotes Rob Dyson, Global OT Security Services Business Leader, IBM said: “IBM chose Claroty as our Emerging Partner of the Year because its solutions bring an important level of innovation across a breadth of products that work well with IBM’s OT, IoT, and medical equipment cyber security services portfolio. IBM is able to support these unique environments and help our customers manage their cybersecurity risk because Claroty products can be leveraged to support many use cases to include the integration with IBM’s X-Force Threat Management MSS. The IBM and Claroty partnership brings together two top-tier solution providers to give our clients the cybersecurity solutions they need to securely meet their continuous operational goals.” Rachael Conrad, Vice President & General Manager of Services, Rockwell Automation, said: “Together, Rockwell Automation and Claroty are protecting our customers’ infrastructures with a robust OT security capability that provides the flexibility and visibility to take on the complexities of industrial environments. Our OT knowledge, global implementation capability, and managed services combined with Claroty’s technology allows us to deliver superior threat detection and support to our customers and forge a safer cyber world.” Christian Koch, SVP Cybersecurity IoT/OT, NTT Data, said: “The combination of NTT’s suite of Managed Security Services that meet the varying customer use cases along with the Claroty Platform provides our clients with outstanding security monitoring and management of cyber-physical assets. By partnering with Claroty, NTT Data is able to bring best-in-class analytics, threat intelligence and automation to our customers while leveraging Claroty’s capabilities to deliver on unmatched asset visibility and operational risk management.” Bob Layton, Chief Channel Officer, eSentire: “The rapidly expanding threat landscape across cyber-physical systems has made it critical to bridge the gap between XIoT assets and enterprise IT environments in order to provide total visibility, and prevent communication disruption across the organisation. eSentire’s Managed Detection and Response service and XDR platform, combined with Claroty, equips organisations with the holistic visibility, intelligence, and complete protection they need to stop emerging threats.” Claroty’s broad XIoT visibility and protection capabilities We are empowering our customers to elevate their security posture and increase their cyber and operational resiliency" Jim Broome, the President and Chief Technology Officer (CTO), DirectDefense: “The rapid growth of connected devices across industrial, healthcare, and commercial environments is creating a number of opportunities for our customers, but managing and securing them also introduces significant challenges.” Jim Broome adds, “By incorporating Claroty's comprehensive XIoT visibility and protection capabilities into our 24x7 SOC services portfolio, we are empowering our customers to elevate their security posture and increase their cyber and operational resiliency.” Become a Claroty Partner Membership in Claroty’s MSSP program provides asset owners and end users with the assurance that these partners have qualified for inclusion in the program. Claroty provides MSSP partners with flexible licensing models that enable them to work collaboratively with asset owners to identify the most suitable licensing and entitlement management options. This approach ensures that each partner can customise their offering to meet their clients’ unique needs, enabling them to provide tailored solutions and build long-term, sustainable relationships.

NTT Ltd., a global technology services provider, has announced the most critical cyber security trends that will shape the business technology landscape in 2020 – and the steps organisations need to take to address them. The Future Disrupted: 2020 Technology Trends, which include key insights from the company’s Security division, reveal that Security Orchestration, Automation, and Response (SOAR) will rocket as attacks happening at machine speed demand an AI-based approach to security. Around 75% of the threats detected in NTT Ltd.’s Security Operation Centres (SOCs) are now orchestrated by supervised machine learning and threat intelligence. Its security experts use algorithms to recognise patterns, identify anomalies and automatically orchestrate security controls. Embedding this level of intelligence into infrastructure and applications will therefore become a top priority for businesses. Active cyber defence in 2020 Organisations need to regularly evaluate the security hygiene of applications across their entire business" “Cyber attacks are happening at machine speed, not human speed”, comments Azeem Aleem, VP Consulting Security, NTT Ltd. “To keep up, organisations will need the help of machines – and data scientists – and this is why we believe Security Orchestration, Automation, and Response will be the hottest area in cyber security in the year to come." "It enables organisations to predict when an attack is going to happen – and fast. In fact, we don't even talk about proactive security to our clients anymore. We talk about predictive security, which we believe will become essential for delivering an active cyber defence in 2020.” NTT Ltd. also reveals that applications are becoming the new attack vector, with application-specific and web-application attacks now accounting for a third (32%) of hostile traffic – making them the single most common form of hostile activity, according to NTT Ltd.’s 2019 Global Threat Intelligence Report (GTIR). Cloud-based and software-defined Azeem Aleem adds: “Now that infrastructure is more cloud-based and software-defined, we are entering a world where the application is the easiest way to compromise data. If our latest GTIR is anything to go by, the number of attacks on applications is only going to increase." Fixed infrastructure tends to have standard traffic patterns that make it relatively easy to identify anomalies "At a minimum, organisations need to regularly evaluate the security hygiene of applications across their entire business and apply the necessary patches – an exercise that can no longer be neglected. Infrastructure will still be a target, however, so organisations also need to test and manage security from the data centre right through to the edge.” Software-based security controls Some of the other cyber security trends include: Security goes to the cloud: While organisations still buy on-premises equipment, largely for compliance reasons, more applications and workloads are being created and hosted in cloud environments. However, if organisations are using multiple hosting centres or hyperscalers, it’s more difficult to apply standardised, software-based security controls across the entire infrastructure. Applying security to the application or workload will enable them to monitor and implement the appropriate controls. Hyperscaler patterns continue to be elusive: Fixed infrastructure tends to have standard traffic patterns that make it relatively easy to identify anomalies. This is not the case with hyperscalers, which also make hundreds of thousands of high-speed updates to their platform on any given day. This will make it very difficult for organisations to monitor the interactions between humans, machines, data and applications in order to identify patterns and anomalies. Information, context and intelligence therefore need to be applied for a modern and robust security posture. Data lakes and data wallets: Data lakes will enable new models of predictive analytics. What’s more, we will see data wallets that put data in the hands of the person who owns it and making it completely secure for them. Nobody can access that data without certain permissions being in place and, if the user is under threat, can be locked down. Most effective intelligent technology solutions NTT Ltd. is the newly-formed company bringing together 40,000 people from across 31 brands – including NTT Communications, Dimension Data and NTT Security – to serve 10,000 clients from around the world. Using the insights gathered from its global client base, NTT Ltd. is able to better understand the future and shape the most effective intelligent technology solutions for its customers. The Future Disrupted: 2020 Technology Trends looks at the way businesses need to prepare for tomorrow, in the next year.

NTT Security, the specialised security division and centre of excellence in security for NTT, announced that it has completed the acquisition of WhiteHat Security, an application security provider committed to securing applications that run enterprises’ businesses. The acquisition will strengthen NTT Security’s ability to address modern enterprise security needs that range from IT infrastructure to critical business applications, covering the full lifecycle of digital transformation. Importance of application security As part of the NTT Security family, we are well-equipped to provide global solutions"As part of the completed transaction, WhiteHat Security will continue to operate as an independent, wholly-owned subsidiary. NTT Security is one of 28 remarkable companies to be brought together to become a global leading technology services provider, NTT announced on 1st July 2019. Formed to work with organisations around the world, NTT enables its clients to shape and achieve outcomes through intelligent technology solutions and champions a more secure and connected future. “With the cyberthreat landscape constantly growing and applications being central to digital businesses, application security is more important now than ever before. As part of the NTT Security family, we are well-equipped to provide global solutions to meet the rising demand for application security,” said Craig Hinkley, CEO, WhiteHat Security. “The WhiteHat Security team looks forward to the next phase of our journey. Our customers, partners and the market continue to appreciate the strategic nature of this acquisition and the combined cybersecurity solutions we can now offer.” Cybersecurity solutions to protect businesses We look forward to formally welcoming the global WhiteHat Security team and its impressive customer-base to NTT Security"“At NTT Security, our goal is to provide comprehensive, game-changing cybersecurity solutions that address the broad needs of digital transformation. With the acquisition of WhiteHat Security, we are now able to offer the full spectrum of cybersecurity solutions to protect digital businesses,” said Matthew Gyde, CEO, NTT Security. “We look forward to formally welcoming the global WhiteHat Security team and its impressive customer-base to NTT Security.” Recent accolades for WhiteHat Security include being recognised as a Bronze Stevie Award winner in the Most Innovative Tech Company of the Year category for the 17th Annual American Business Awards; being named a finalist in the White Hat category of the inaugural Channel Partners Excellence in Digital Services Awards; receiving a 5-Star rating in CRN’s 2019 Partner Program Guide; and earning top recognition in three categories from Cyber Defense Magazine’s 2019 InfoSec Awards: Best Product, Web Application Security; Most Innovative, Software Security Tools; and Best Product, Application Security Testing.

Cybersecurity involves a variety of risks and vulnerabilities to the enterprise, from distributed denial of service (DDoS) attacks to phishing to USB drives. Companies may also be at risk from use of interactive kiosks, or even from cyberattacks against traveling executives. Preventing phishing and cyberattacks The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO Phishing is a fraudulent attempt to gain sensitive information such as user names, passwords or credit card details by disguising as a trustworthy entity in an electronic communication. These are among the most dominant forms of social engineering attacks. To avoid phishing attacks, NTT Security has expanded their suite of phishing attack simulation services using special social engineering techniques to check whether senior executives pose a security risk. The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO. These executives are more likely to have unrestricted access to highly confidential company data, which makes them a valuable target. Simulated, personalised social engineering attacks are carried out, with the individuals involved unaware they are being targeted. NTT then analyses how executives respond, identities weaknesses, and recommends appropriate measures such as awareness training. Cybersecurity helps deter phishing and DDoS attacks ADT Cybersecurity partners with Cofense phishing defense solutions to offer phishing detection and response. Cofense Triage is a phishing-specific automated incident response platform that works as part of ADT Cybersecurity managed services. The system focuses on thwarting phishing attacks before they can cause damage by moving detection of such attacks up the kill chain. Data breaches caused by cyberattacks on networks are plaguing businesses of all sizes. The median time of compromise to discovery is 80 days, with the average cost of data breach costing organizations $3.62 million. Managing endpoint security There is a need for cybersecurity to extend beyond the firewall Another cybersecurity vulnerability for companies is the unauthorised use of USB ports. There is a need for cybersecurity to extend beyond the firewall, which requires restricting access to a system’s USB ports as a means of managing 'endpoint security.' However, blocking all USB ports can restrict productivity, and employees are not as efficient as they should be. A solution is the use of more encrypted USB drives to combine the productivity advantages of allowing USB access while protecting the information on the drives. Kingston Technology offers hardware-based encrypted USB drives that uses AES 256-bit encryption in XTS mode to ensure that if anyone finds a USB drive, they cannot access the information. Illustrating the value of encrypted drives was an incident when a USB drive from Heathrow Airport was found on a London street. It contained confidential information about accessing restricted areas at the airport and security measures used to protect the Queen. Data security and interactive kiosks Another possible cybersecurity vulnerability is use of interactive kiosks, which are computer terminals that feature specialised hardware and software that provide access to information and applications. Kiosks are typically placed in high foot-traffic environments such as retail stores, hospitals, banks, hotels, airports, courthouses, libraries and railway stations. A kiosk is particularly attractive to attackers because they know the security might not be as tight as it should be. Making kiosks more secure could be the difference between you being breached and remaining safe. A kiosk is attractive to attackers because they know the security is not very tight Executives who travel are another vulnerability to be considered. The international cybersecurity landscape has grown increasingly dynamic, with threats posed by government authorities (in some countries), terrorists, insurgents, and criminals, requiring travelers to be proactive and vigilant. U.S. citizens, particularly executives of U.S.-based technology companies, must be aware that they are considered high-value targets for nation-state intelligence services and criminally-motivated bad actors.Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption WiFi and wireless connectivity There has been a shift from 'thrill hacking,' to an increase of 'hacking as a business' (through credential compromise and ransomware), to an increase in 'hacking for harm' - with the rise of 'nuke ware' and ransomware without a clear financial motivation. Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption. They should also increase the privacy setting on technical devices and disable location identifiers. Other precautions include creating a new (unlinked) email for internet correspondence and use of temporary (i.e., burner) phones to protect data and contacts. Travelers should also consider purchasing international MyFi devices to decrease the risk of getting Personal Identification Information (PII) or Protected Healthcare Information (PHI) stolen.

Ongoing attacks on private networks drew attention in 2016. Most public were the Wikileaks and other privacy violations during the 2016 election cycle. Whether or not the information had a bearing on the election outcome will never truly be known, but one’s overall sense of privacy is shaken. In many ways, these attacks and other less publicised cybercrimes were the result of a perfect storm. Organisations struggled with the sheer volume and constantly changing threats from advanced malware and targeted attacks. This coincided with a shortage of skilled resources and, because prevention is a full-time job, cyber criminals continue to exploit vulnerabilities. Consolidating logical and physical security 2016 saw continued consolidation of logical and physical security solutions, thus creating an environment favourable to technology innovation. These advances, along with more focused security strategies, centralised control and improvements in endpoint detection, expanded the capabilities for risk management control. The notion of a high-consequence, low-probability event gained credence in 2016, and many organisations purchased liability insurance to supplement risk-based security programmes already implemented. Advanced analytics and machine learning Looking ahead to 2017, advanced analytics and machine learning will play a more central role in a resilient cyber-defence architecture, helping to make skilled resources more efficient. Identity and authentication issues will also come under scrutiny while predict-and-protect will be the new goal. The bottom line: The digital workforce needs security embedded into business applications and processes. Technology and cybersecurity continue to increase the complexity of doing business in the digital economy, and organisations are struggling to meet these challenges. They need help in understanding the risks and the available choices, along with skilled expertise in articulating the benefits and pitfalls. Managed security services (MSS) including sales and maintenance of security hardware and software, consulting for governance, risk management, compliance and security system design, can fulfil this need. See the full coverage of 2016/2017 Review and Forecast articles here Save

Vulnerability scans rely on mostly automated tools to find potential vulnerabilities at either the network or application level Security vulnerability in any network can be found and exploited by hackers and others in no time. The only questions are when this will happen and how much damage an individual could do once they’ve gained access to the network. Recognising this reality, most organisations test their own networks for security weaknesses, whether to meet compliance requirements or simply as a best practice. Those that aren’t doing this now should start—the sooner, the better. There are a variety of methods that can be used for these tests, each of which has its strengths and weaknesses. For example, some can be performed relatively quickly and easily, while others are more complex and exhaustive. Determining which method is right for a particular organisation or situation can be overwhelming to say the least, particularly for those lacking advanced IT skills. The below overview of the most common testing practices will help make sense of the often-confusing array of options to help organisations ensure the highest level of network security and protection. Vulnerability scans When run on a regular basis,vulnerability scans can serveas an early warning that softwareis out of date or patches aremissing or misconfigured Vulnerability scans rely on mostly automated tools to find potential vulnerabilities at either the network or application level. Of the two, network scans are the more basic, looking for known common vulnerabilities in widely used commercial and open source software and reporting any that are found with ratings that identify the level of severity. The advantages of network vulnerability scans lie in their speed, cost efficiency, and safety, which make them ideal for ensuring that the latest system patches and updates have been deployed and that security configurations are as stringent as possible. When run on a regular basis, these scans can serve as an early warning that software is out of date or patches are missing or misconfigured. Many organisations only test their networks from the Internet. It’s true that Internet facing-vulnerabilities are the most well-known and well-publicised and may seem like the easiest for an attacker to exploit, but there’s much more to the story. Specifically, by limiting scans only to external threats, organisations remain unaware of exactly what an attacker could accomplish once the network has been breached, for example by tricking a user into installing a backdoor via a phishing email. What internal network vulnerabilities could an attacker exploit to move between systems once they’ve gained a foothold? Without testing internally, there’s no way to know the answer to this question until it’s too late. Organisations must also test from inside the firewall to discover what an attacker could accomplish once the network has been breached Internal network scans Therefore, in addition to network vulnerability scans, organisations must also test from inside the firewall. But it’s important to note that even internal network scans can leave blind spots since, by default, scanners only check services that listen for network communications. Unfortunately, many attacks are made possible by phishing, drive-by-downloads, and other campaigns which target web browsers, PDF viewers and other client software that a network scan will skip over. Using these tactics, attackers can then exploit vulnerabilities in other local operating systems to gain administrator privileges. There is a way to eliminate these blind spots by configuring scanning tools with authentication credentials that enable them to log in to their targets during internal scans, allowing them to check local software as well. This approach will give the most complete view of the status of an organisation’s patches and configurations. Even internal network scanscan leave blind spots since,by default, scanners onlycheck services that listen fornetwork communications The other main shortcoming of network vulnerability scanners is that they are only as good as their vulnerability signatures, which are based on existing databases of known vulnerabilities. This means they cannot identify flaws that haven’t yet been reported publicly, including those found in more obscure or custom applications. This can present significant risk, as attackers regularly target and leverage vulnerabilities in custom applications to access the data they contain or breach the underlying network. This is where application vulnerability scans come in. Application scanners Application scanners are designed specifically to identify these previously undocumented vulnerabilities found in custom applications. Unlike network scanners, these tools exercise all of an application’s functionality to find common types of flaws, rather than looking for a list of known vulnerabilities. However, because of the amount of data these scanners send to an application, they must be used very carefully. No organisation wants to become another entry on the long list of stories about application scanners dumping garbage data into a database or triggering thousands of emails. That said, regardless of how advanced application scanners may be, they are still incapable of catching a number of vulnerabilities, especially those that are too subtle for the scanner to pick up on but which would be obvious to a human observer. As is the case with network scans, a clean report by an application scanner is a good start but is no guarantee that there are no problems. Organisations should build on these scans with deeper, more complex and thorough methods, such as penetration testing. Penetration testing brings skilled, "white hat" hackers into the mix to simulate real-world attacks Real-world testing Organisations often make the mistake of concentrating their network security efforts on fixing only those vulnerabilities identified by scans as being critical or high-severity in nature, which is a highly ineffective practice. Why? Because real-world breaches are rarely perpetrated on the basis of a single critical network vulnerability. Instead, attackers recognise the tendency to focus on only “serious” problems and often chain together multiple low- to medium-severity network vulnerabilities or combine them with “local” vulnerabilities that are invisible from the network. Building on network and application vulnerability scanning, penetration testing brings skilled, “white hat” hackers into the mix to simulate the kind of real-world attacks against an organisation’s network services, applications, or even both simultaneously. Like malicious attackers, these testers attempt to combine vulnerabilities uncovered by scanners while also looking for those that the scanners are incapable of detecting. While this process is more time-consuming and costly than deploying scanning tools alone, it provides a more realistic assessment of just how much effort an actual attacker would need to put forth to breach an organisation’s network and data. No matter how careful penetration testers are in their efforts, it is always possible that a host would be knocked offline temporarily or data in a database altered Potential unintended consequences Each of these network vulnerability testing methods brings its own strengths and weaknesses to the overall security equation, underscoring the reality that no testing— regardless of how important or critical it may be—comes without risk. For example, no matter how careful penetration testers are in their efforts to exploit flaws and vulnerabilities without causing damage, it is always possible that a host would be knocked offline temporarily or data in a database altered. Organisations need to be aware of these potential unintended consequences. It is important to understand that the skill level of the testers will largely determine the success of testing, so organisations should seek out testers with strong experience and skillsets. One final note is that regardless of how tempting it may be to cut costs by limiting the scope of testing, the potential long-term costs—network disruption, data theft, damage to reputation, etc.—could be far greater than today’s savings. For this reason alone, the higher cost to an organisation of having an established, experienced team perform exhaustive testing can actually turn out to be a tremendous bargain. Save