Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome.
“When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number,” Google’s Jen Fitzpatrick said in a statement.
The goal, the search giant, said to keep payment information safe and secure during online shopping and protect users from skimming attacks wherein threat actors inject malicious JavaScript code to plunder credit card numbers and sell them on the black market.
The feature is expected to roll out in the U.S. for Visa, American Express, Mastercard, and Capital One cards starting this summer.
Interestingly, while Apple offers an option to mask email addresses via Hide My Email, which enables users to create unique, random email addresses to use with apps and websites, it’s yet to offer a similar option for creating virtual credit cards.
The development comes a week after Google, Apple, and Microsoft banded together to accelerate support for a common passwordless sign-in standard that allows “websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.”
Additionally, Google said it’s expanding phishing protections in Google Workspace to Docs, Slides and Sheets, and that it plans to debut a new “My Ad Center” later this year to give users more control over personalized ads on YouTube, Search, and Discover feed.
What’s more, users would be able to request personally identifiable information such as email, phone number, or home address to be removed from search results through a new tool that will be accessible from the Google App.
Also coming is a new Account Safety Status setting that will “feature a simple yellow alert icon on your profile picture that will flag actions you should take to secure your account.”
Other key privacy and security features unveiled at Google I/O 2022 include support for end-to-end encryption for group conversations in the Messages app for Android and the availability of on-device encryption for Google Password Manager.
Google has announced that it’s disabling the Less Secure Apps feature on some Google accounts from May 30th, 2022.
If you’re using Gmail SMTP details with our Other SMTP mailer, you may have difficulty sendingemails when this feature is disabled.
We know that many of our customers rely on Gmail to send emails from WordPress and we wanted to provide some information so that you can avoid deliverability problems.
What Is Less Secure Apps in Gmail?
Less Secure Apps is a feature in Gmail that allows software and devices to sign in to your Gmail account with your main Google username and password.
Up until now, it was possible to send emails through Gmail SMTP with this setting turned on.
Now, Google has decided to begin phasing out Less Secure Apps from May 30th, 2022. Google Workspace and Google Cloud Identity users won’t be affected right away, but support for Less Secure Apps will still be phased out for those users at a later date.
We’ve recommended app passwords for some time, but some customers have chosen to use Less Secure Apps since it’s a little more straightforward. Now that the feature is being retired, all users will need to switch to app passwords or use a different mailer.
How to Switch From Less Secure Apps
If you’re using WP Mail SMTP, here are the options available.
If you’d like to continue using the Other SMTP mailer in WP Mail SMTP, you can set up an app password in your Google account.
An app password works like an alternate password for your account. It can only be used by the applications you share it with, so it’s more secure than sharing your primary password.
Note: any time you change your main Google account password, it will deactivate your app passwords as well. If you change your password frequently, this may not be the best workaround.
Option 3: Switch to a New Mailer
If you’re not set on using Gmail, WP Mail SMTP has a ton of other mailers that use secure, API-based connections to send email from WordPress.
Our recommended mailers are listed at the top of the Setup Wizard.
Here are some more details on our top mailers:
SendLayer: Our #1 recommended mailer and one of the easiest mailers to use with WP Mail SMTP. Once you’ve added DNS records to your domain, all you need is an API key. You can start with a trial and send 500 emails for free, then upgrade to a paid plan from $5/ month (paid annually).
SMTP.com: Free for 30 days, then priced from $25/ month. SMTP.com is an industry leader and has a track record of great email deliverability dating back over 20 years.
Sendinblue: If you’re testing Gmail alternatives, Sendinblue could be a good choice. You can get started without a credit card and upgrade to a plan with more capacity when you’re ready.
To switch your mailer, head to your WP Mail SMTP settings and click the Launch Setup Wizard button.
The Setup Wizard will walk you through the connection steps.
If these mailers aren’t right for you, you can also send through Microsoft 365, SendGrid, Mailgun, Amazon SES, and many more secure, API-based email providers. Here’s a complete guide to all of our mailers to help you decide.
How to Get Help with WP Mail SMTP
We understand that making changes to your mailer can be challenging, but we’re here to help!
If you’re using any paid version, you can log in to your account and open a ticket. As a valued customer, you’ll get priority support when updating your mailer settings.
Did you know that May 5, 2022, is World Password Day?1 Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to honor something almost no one wants to deal with—like having a holiday for filing your income taxes (actually, that might be a good idea). But in today’s world of online work, school, shopping, healthcare, and almost everything else, keeping our accounts secure is more important than ever. Passwords are not only hard to remember and keep track of, but they’re also one of the most common entry points for attackers. In fact, there are 921 password attacks every second—nearly doubling in frequency over the past 12 months.2
But what if you didn’t have to deal with passwords at all? Last fall, we announced that anyone can completely remove the password from their Microsoft account. If you’re like me and happy to ditch passwords completely, read on to learn how Microsoft is making it possible to start enjoying a passwordless life today. Still, we know not everyone is ready to say goodbye to passwords, and it’s not possible for all your online accounts. We’ll also go over some easy ways to improve your password hygiene, as well as share some exciting news from our collaboration with the FIDO Alliance about a new way to sign in without a password.
Free yourself with passwordless sign-in
Yes, you can now enjoy secure access to your Microsoft account without a password. By using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email, you can go passwordless with any of your Microsoft apps and services. Just follow these five steps:
Choose Security. Under Advanced security options, you’ll see Passwordless account in the section titled Additional security.
Select Turn on.
Approve the notification from Authenticator.
Once you approve the notification, you’ll no longer need a password to access your Microsoft accounts. If you decide you prefer using a password, you can always go back and turn off the passwordless feature. Here at Microsoft, nearly 100 percent of our employees use passwordless options to log into their corporate accounts.
Strengthen security with multifactor authentication
One simple step we can all take to protect our accounts today is adding multifactor authentication, which blocks 99.9 percent of account compromise attacks. The Microsoft Authenticator app is free and provides multiple options for authentication, including time-based one-time passcodes (TOTP), push notifications, and passwordless sign-in—all of which work for any site that supports multifactor authentication. Authenticator is available for Android and iOS and gives you the option to turn two-step verification on or off. For your Microsoft Account, multifactor authentication is usually only needed the first time you sign in or after changing your password. Once your device is recognized, you’ll just need your primary sign-in.
Make sure your password isn’t the weak link
Rather than keeping attackers out, weak passwords often provide a way in. Using and reusing simple passwords across different accounts might make our online life easier, but it also leaves the door open. Attackers regularly scroll social media accounts looking for birthdates, vacation spots, pet names and other personal information they know people use to create easy-to-remember passwords. A recent study found that 68 percent of people use the same password for different accounts.3 For example, once a password and email combination has been compromised, it’s often sold on the dark web for use in additional attacks. As my friend Bret Arsenault, our Chief Information Security Officer (CISO) here at Microsoft, likes to say, “Hackers don’t break in, they log in.”
Some basics to remember—make sure your password is:
At least 12 characters long.
A combination of uppercase and lowercase letters, numbers, and symbols.
Not a word that can be found in a dictionary, or the name of a person, product, or organization.
Completely different from your previous passwords.
Changed immediately if you suspect it may have been compromised.
Tip: Consider using a password manager. Microsoft Edge and Microsoft Authenticator can create (and remember) strong passwords using Password Generator, and then automatically fill them in when accessing your accounts. Also, keep these other tips in mind:
Only share personal information in real-time—in person or by phone. (Be careful on social media.)
Be skeptical of messages with links, especially those asking for personal information.
Be on guard against messages with attached files, even from people or organizations you trust.
Enable the lock feature on all your mobile devices (fingerprint, PIN, or facial recognition).
Ensure all the apps on your device are legitimate (only from your device’s official app store).
Keep your browser updated, browse in incognito mode, and enable Pop-Up Blocker.
Tip: When answering security questions, provide an unrelated answer. For example, Q: “Where were you born?” A: “Green.” This helps throw off attackers who might use information skimmed from your social media accounts to hack your passwords. (Just be sure the unrelated answers are something you’ll remember.)
Passwordless authentication is becoming commonplace
As part of a historic collaboration, the FIDO Alliance, Microsoft, Apple, and Google have announced plans to expand support for a common passwordless sign-in standard. Commonly referred to as passkeys, these multi-device FIDO credentials offer users a platform-native way to safely and quickly sign in to any of their devices without a password. Virtually unable to be phished and available across all your devices, a passkey lets you sign in simply by authenticating with your face, fingerprint, or device PIN.
In addition to a consistent user experience and enhanced security, these new credentials offer two other compelling benefits:
Users can automatically access their passkeys on many of their devices without having to re-enroll for each account. Simply authenticate with your platform on your new device and your passkeys will be there ready to use—protecting you against device loss and simplifying device upgrade scenarios.
With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running. For example, users can sign in on a Google Chrome browser that’s running on Microsoft Windows, using a passkey on an Apple device.
These new capabilities are expected to become available across Microsoft, Apple, and Google platforms starting in the next year. This type of Web Authentication (WebAuthn) credential represents a new era of authentication, and we’re thrilled to join the FIDO Alliance and others in the industry in supporting a common standard for a safe, consistent authentication experience. Learn more about this open-standards collaboration and exciting passwordless capabilities coming for Microsoft Azure Active Directory in a blog post from Alex Simons, Vice President, Identity Program Management.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector.
“It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components — which may have been developed elsewhere — and the journey those components took to reach their destination,” NIST said in a statement.
The new directive outlines major security controls and practices that entities should adopt to identify, assess, and respond to risks at different stages of the supply chain, including the possibility of malicious functionality, flaws in third-party software, insertion of counterfeit hardware, and poor manufacturing and development practices.
The development follows an Executive Order issued by the U.S. President on “Improving the Nation’s Cybersecurity (14028)” last May, requiring government agencies to take steps to “improve the security and integrity of the software supply chain, with a priority on addressing critical software.”
It also comes as cybersecurity risks in the supply chain have come to the forefront in recent years, in part compounded by a wave of attackstargetingwidely-used software to breach dozens of downstream vendors all at once.
According to the European Union Agency for Cybersecurity’s (ENISA) Threat Landscape for Supply Chain Attacks, 62% of 24 attacks documented from January 2020 to early 2021 were found to “exploit the trust of customers in their supplier.”
“Managing the cybersecurity of the supply chain is a need that is here to stay,” said NIST’s Jon Boyens and one of the publication’s authors. “If your agency or organization hasn’t started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately.”
Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms
Mountain View, California, MAY 5, 2022 – In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.
Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.
The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.
An Expansion of Passwordless Standard Support
Hundreds of technology companies and service providers from around the world worked within the FIDO Alliance and W3C to create the passwordless sign-in standards that are already supported in billions of devices and all modern web browsers. Apple, Google, and Microsoft have led development of this expanded set of capabilities and are now building support into their respective platforms.
These companies’ platforms already support FIDO Alliance standards to enable passwordless sign-in on billions of industry-leading devices, but previous implementations require users to sign in to each website or app with each device before they can use passwordless functionality. Today’s announcement extends these platform implementations to give users two new capabilities for more seamless and secure passwordless sign-ins:
Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account.
Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
In addition to facilitating a better user experience, the broad support of this standards-based approach will enable service providers to offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method.
These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.
“‘Simpler, stronger authentication’ is not just FIDO Alliance’s tagline — it also has been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication.”
“The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online. I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers,” said Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency. “At CISA, we are working to raise the cybersecurity baseline for all Americans. Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords. Cyber is a team sport, and we’re pleased to continue our collaboration.”
“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, Apple’s Senior Director of Platform Product Marketing. “Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.”
“This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” said Mark Risher, Senior Director of Product Management, Google. “For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords.”
“The complete shift to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” says Alex Simons, Corporate Vice President, Identity Program Management at Microsoft. “By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords. We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft apps and services.”
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.
About Apple
Apple revolutionized personal technology with the introduction of the Macintosh in 1984. Today, Apple leads the world in innovation with iPhone, iPad, Mac, Apple Watch, and Apple TV. Apple’s five software platforms — iOS, iPadOS, macOS, watchOS, and tvOS — provide seamless experiences across all Apple devices and empower people with breakthrough services including the App Store, Apple Music, Apple Pay, and iCloud. Apple’s more than 100,000 employees are dedicated to making the best products on earth, and to leaving the world better than we found it.
About Google
Google’s mission is to organize the world’s information and make it universally accessible and useful. Through products and platforms like Search, Maps, Gmail, Android, Google Play, Google Cloud, Chrome and YouTube, Google plays a meaningful role in the daily lives of billions of people and has become one of the most widely-known companies in the world. Google is a subsidiary of Alphabet Inc.
About Microsoft
Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.
An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019.
Dubbed “Operation CuckooBees” by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information.
Targets included technology and manufacturing companies primarily located in East Asia, Western Europe, and North America.
“The attackers targeted intellectual property developed by the victims, including sensitive documents, blueprints, diagrams, formulas, and manufacturing-related proprietary data,” the researchers said.
“In addition, the attackers collected information that could be used for future cyberattacks, such as details about the target company’s business units, network architecture, user accounts and credentials, employee emails, and customer data.”
Winnti, also tracked by other cybersecurity vendors under the names APT41, Axiom, Barium, and Bronze Atlas, is known to be active since at least 2007.
“The group’s intent is towards theft of intellectual property from organizations in developed economies, and with moderate confidence that this is on behalf of China to support decision making in a range of Chinese economic sectors,” Secureworks notes in a threat profile of the actor.
The multi-phased infection chain documented by Cybereason involves the exploitation of internet-facing servers to deploy a web shell with the goal of conducting reconnaissance, lateral movement, and data exfiltration activities.
It’s both complex and intricate, following a “house of cards” approach in that each component of the killchain depends on other modules in order to function, rendering analysis exceedingly difficult.
“This demonstrates the thought and effort that was put into both the malware and operational security considerations, making it almost impossible to analyze unless all pieces of the puzzle are assembled in the correct order,” the researchers explained.
The data harvesting is facilitated by means of a modular loader called Spyder, which is used to decrypt and load additional payloads. Also used are four different payloads — STASHLOG, SPARKLOG, PRIVATELOG, and DEPLOYLOG — that are sequentially deployed to drop the WINNKIT, a kernel-level rootkit.
Crucial to the stealthiness of the campaign is the use of “rarely seen” techniques such as the abuse of Windows Common Log File System (CLFS) mechanism to stash the payloads, enabling the hacking group to conceal their payloads and evade detection by traditional security products.
Interestingly, parts of the attack sequence were previously detailed by Mandiant in September 2021, while pointing out the misuse of CLFS to hide second-stage payloads in an attempt to circumvent detection.
The cybersecurity firm attributed the malware to an unknown actor, but cautioned that it could have been deployed as part of a highly targeted activity.
“Because the file format is not widely used or documented, there are no available tools that can parse CLFS log files,” Mandiant said at the time. “This provides attackers with an opportunity to hide their data as log records in a convenient way, because these are accessible through API functions.”
WINNKIT, for its part, has a compilation timestamp of May 2019 and has almost zero detection rate in VirusTotal, highlighting the evasive nature of the malware that enabled the authors to stay undiscovered for years.
The ultimate goal of the intrusions, the researchers assessed, is to siphon proprietary information, research documents, source code, and blueprints for various technologies.
“Winnti is one of the most industrious groups operating on behalf of Chinese state-aligned interests,” Cybereason said. “The threat [actor] employed an elaborate, multi-stage infection chain that was critical to enabling the group to remain undetected for so long.”
Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an “early look” at the SDK Runtime and Topics API to boost users’ privacy online.
“The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year,” the search giant said in an overview.
A “multi-year effort,” Privacy Sandbox on Android aims to create technologies that’s both privacy-preserving as well as keep online content and services free without having to resort to opaque methods of digital advertising.
The idea is to limit sharing of user data with third-parties and operate without cross-app identifiers, including advertising ID, a unique, user-resettable string of letters and digits that can be used to track users as they move between apps.
Google originally announced its plans to bring Privacy Sandbox to Android earlier this February, following the footsteps of Apple’s App Tracking Transparency (ATT) framework.
Integral to the proposed initiative are two key solutions —
SDK Runtime, which runs third-party code in mobile apps such as software development kits (SDKs), including those for ads and analytics, in a dedicated sandbox, and
Topics API, which gleans “coarse-grained” interest signals on-device based on a user’s app usage that are then shared with advertisers to serve tailored ads without cross-site and cross-app tracking
To address criticisms that the model could possibly give Google an unfair advantage, the tech behemoth noted that the privacy-oriented systems will be developed as part of the Android Open Source Project (AOSP) to ensure transparency into the design and implementation of these solutions.
“Android will collaborate with the entire industry and app ecosystem on the journey to a more privacy-first mobile platform, and one which supports a rich diversity of value-exchange that benefits users, developers, and advertisers,” the company said.
A quick note for administrators and users who use the Trend Micro Apex One product and at the same time use Microsoft Edge as a browser under Windows. I have now received numerous reports on the blog that Trend Micro Apex One is classifying the msedge_200_percent.pak file from Edge 101.0.1210.32 as malware/trojan. This is a false positive.
Microsoft Edge 101.0.1210.32
Microsoft has updated the Chromium Edge browser to version Edge 101.0.1210.32 as of April 28, 2022. This is a maintenance update that closes the two vulnerabilities CVE-2022-29146(privilege elevation) and CVE-2022-29147 (information retrieval) (see also the release notes for the new version). In addition, a number of CVEs that have already been fixed in Google Chrome have also been included in the Edge update. I had reported on this in the blog post Microsoft Edge 101.0.1210.32.
hat zum 28. April 2022 den Chromium-Edge Browser auf die Version Edge 101.0.1210.32 aktualisiert. Es handelt sich um ein Wartungsupdate, das die beiden Schwachstellen (Privilegienerhöhung) und (Abrufen von Informationen) schließt (siehe auch die Release Notes-Seite zur neuen Version). Zudem wurden eine Reihe CVEs, die bereits im Google Chrome gefixt wurden, auch im Edge-Update berücksichtigt. Ich hatte im Blog-Beitrag Microsoft Edge 101.0.1210.32 Sicherheitsupdate darüber berichtet.
Trend Micro Apex One false positive alarm
Since today, May 3, 2022, I’ve been getting more and more feedback from administrators on my blog about Trend Micro’s Apex One security solution raising a false alarm and supposedly detecting a Trojan. The first German comment here already describes the situation:
The update causes a false positive on Trend Micro Apex One!
All of our client agents are currently alerting on the automatic update, pointing to the following file:
We are currently analyzing the incident and therefore we cannot give exact information about it yet.
The whole thing is confirmed by other administrators. The file msedge_200_percent.pak from Edge 101.0.1210.32 is reported as “TROJ_FRS.VSNTE222”. Reader Thomas uploaded the file to Virustotal. Only Trend Micro recognizes it as a virus. Peter L. reports here that also the registry entry:
The whole thing is also confirmed by numerous users there. One user there confirmed that the malware team was informed about the false alarm and was working on an update.
Hi Team,
Our Malware Team are already aware of these False Alarms and is currently checking the issue. Will provide an update once we receive new feedbacks.
Best regards,
Paulo Obrero
Customer Service Engineer
Trend Micro Inc.
All that remains is to wait until the update arrives – and in the meantime to declare the file in question as an exception.
A company can accumulate massive amounts of information that security analysts are not able to monitor instantly. This can mean that priority security alerts either go unnoticed or are considered a false alarm because the appropriate technology is not available, which results in organizations failing to take action in time.
A Security Information and Event Management (SIEM) system specializes in prioritizing critical alerts over information received in real time, thus adapting to the needs of all organizations. This is achieved by incorporating multiple intelligence feeds and logs according to the criteria and needs set by the IT department. This makes it possible to categorize events and contextualize cybersecurity threat alerts.
The main benefits of having corporate SIEM systems are as follows:
A SIEM system ensures that alerts reach the right people so that they can carry out contextualized research and apply remediation mechanisms. This saves time as analysts are not required to interpret data from so many different sources.
It reduces the company’s costs, both in terms of infrastructure – by gaining full visibility into how the systems accessing the network are using it – and in terms of consuming resources. For example, a SIEM system can analyze the bandwidth machines are using and generate an event warning if one of them is consuming more resources than it should, which the IT department then checks for anomalies. SIEM enables better management of security resources, which translates into cost savings.
It restores cybersecurity configurations if they have been changed by mistake, which could leave an organization dangerously exposed to threats. SIEM can automatically detect a change in the configuration and generate an event to alert the company’s security analyst, who reviews the change and can restore the previous configuration if the new one is potentially hazardous to the company.
It detects operational maintenance activities in the business infrastructure that could pose a risk to the organization. Cybersecurity administrators incorporate the function of creating an event before a change to the company’s maintenance activities log, as well as in Windows. Then if there is any malicious activity they can decide whether or not to validate these adjustments.
It provides cyberattack control and protection in order to act before it becomes an irreversible problem, filtering whether it is a real attack or a false alarm. Known or unknown attacks are analyzed whether they are malwareless attacks (which resort to the legitimate tools of the system itself) or DDoS attacks or advanced persistent threats (APTs).
In the case of malware attacks, the usual security logs can send alerts for both real attacks and false alarms. To avoid alert saturation, SIEM solutions use event correlation to determine accurately whether or not it is a malware attack, as well as to detect the potential access points for the attack.
In DDoS attacks, SIEM is able to flag such an event from web traffic logs, prioritizing the event and sending it to an analyst for investigation before causing a slowdown or a total company service outage.
Finally, due to their complexity, when advanced persistent threats are detected they may not trigger alerts or be considered false alarms. Having a SIEM solution helps demonstrate a pattern of anomalous behavior, flagging it as a real concern for security analysts to investigate.
Given the differentiating value of this solution, WatchGuard has incorporated its SIEMFeeder module into WatchGuard EDR and EDPR to collect and correlate the status of IT systems, enabling organizations to turn large volumes of data into useful information for decision making.
You’ve been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be “What is that?”
Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from.
As it’s likely the request for such a report came from an important source such as the Board, a partner, a client or an auditor, there isn’t a moment to waste. So let’s drive straight in.
What is a Vulnerability Assessment Report and why do you need one?
A Vulnerability Assessment Report is simply a document that illustrates how you are managing your organisation’s vulnerabilities. It’s important because, with tens of thousands of new technology flaws being discovered every year, you need to be able to prove that your organisation does its best to avoid attack if you want to be trusted by partners and customers.
A best security practice recommended by governments across the world, a vulnerability assessment is an automated review process that provides insights into your current security state. The vulnerability assessment report is the outcome of this review. Used as a roadmap to a better state of security preparedness, it lays out the unique risks your organisation is up against due to the technology you use, and reveals how best to overcome them with minimal disruption to your core business strategy and operations.
The help it provides is clear but why do you need one? As mentioned above, it’s likely you were asked for a Vulnerability Assessment Report by the Board, a partner, a client or an auditor as each of these groups needs reassurance that you’re on top of any weaknesses in your infrastructure. Here’s why:
— Customers need to trust you
Weaknesses in your IT systems could affect your customers’ operations. With supply chain attacks on the rise, a vulnerability in a single company could leave the whole range of organizations paralysed, as demonstrated by the infamous SolarWinds hack last year.
It doesn’t matter how small your business is; if your customers will be entrusting you with any of their data, they may wish for a Vulnerability Assessment Report first to confirm that your IT security practices are tiptop.
— The Board wants a better understanding of the business’ risk
Cyber security is a growing concern across many businesses, so chances are your board members want to take a better grip of their risk, before the lack of insights into vulnerabilities is turned into a much more serious business problem. With ransomware attacks regularly making headlines, having proper vulnerability management in place and presenting an “all clear” report, can give your business heads that needed peace of mind.
— Your auditors are checking for compliance
Many of the regulatory or compliance frameworks related to security and privacy, like SOC2, HIPAA, GDPR, ISO 27001, and PCI DSS, advise or outright require regular compliance scans and reporting, so if the request for a vulnerability assessment report was made by your auditor, it is likely to be for compliance purposes.
— Your CFO is renewing your cyber insurance
It could be the case that your insurance provider is seeking a vulnerability assessment report as part of the underwriting process. If you don’t want to run the risk of being denied your insurance payment or wouldn’t like to see your premiums rise, then you could benefit from supplying these reports regularly.
How often do you need to produce a vulnerability assessment report?
Regularly. Think of it like vulnerability scanning: For maximum efficacy, you need to conduct regular, if not constant, comprehensive evaluations of your entire technology stack, otherwise you could miss something that could bring your business to a costly halt.
Cybercriminals do not stop searching until they find something they can take advantage of. You need to scan your systems continuously and have up to date reporting to reflect your vigilance as and when it’s needed.
Modern vulnerability scanning solutions, like Intruder, will give you a cyber hygiene score which enables you to track the progress of your vulnerability management efforts over time, proving that your security issues are being continuously resolved in good time.
A vulnerability assessment report from Intruder, to provide evidence to your customers or regulators that a vulnerability scanning process is in place.
What should be included in a vulnerability assessment report?
Unfortunately, there isn’t a one size fits all report. While the contents are generally the number of vulnerabilities detected in your systems at a point in time, your different stakeholders will require varying levels of detail. Even for compliance purposes, vulnerability assessment reporting requirements can differ.
As a good rule of thumb, we recommend building an Executive Report containing graph views and composite cyber hygiene scores for the Board and C-Suite that clue them in on where they stand at any given moment. And for your IT team, their report needs greater detail such as how to apply the correct solutions to existing problems and sidestep subsequent mistakes.
Where can you get a Vulnerability Assessment Report from?
Ensuring your Vulnerability Assessment Reports contain all the elements and information your stakeholders require can take a lot of work and expertise; which can distract your security teams from other activities that will keep your organisation secure. That is why it’s recommended to choose an external provider to produce your reports.
Before you start comparing individual vendors, make sure you have a solid understanding of your technical environment and of the specific outcomes that the vulnerability assessment should present. This is because vulnerability assessment tools are not built the same; they check for different types of weaknesses, so you need to choose the solution that best suits your requirements. Consider the features and checks you’ll require, as well as the industry standards you need to follow and your budget.
Two key elements to consider relate to reporting: firstly, how flexible the assessment provider will be with how much detail is presented (particularly if you need to present data to different audiences); and secondly, how clearly the results are communicated. Scanning results can be overwhelming but the right vendor will demystify complex security data to grant you a clear, jargon-free understanding of the risks you face.
At Intruder, reports are designed to be well-understood, whilst also maintaining all the technical detail required by IT managers and DevOps teams. Whether you’re a massive enterprise or a fledgling startup, you can generate rapid reports, create compliance paper trails, stay secure, and communicate with employees and potential investors. Intruder offers a free trial of its software, which you can activate here. Get vulnerability assessment reporting in place now.
