Thursday, June 7, 2018

Malwaretec vs FBI - all shades of grey

There is a new development in the FBI vs Marcus Hutchins case. The young fellow is now facing another charge, about lying to FBI.

Marcus's arrest and detention in USA the last year was widely publicized, and his campaign to raise money for his defence is quite successful.

I do appreciate his lawyer's vigour. There is a huge outcry now about how FBI has no case and keeps adding charges to the case. This is a reasonable strategy, however if we want to see the the real picture, it is also good to hear the other part of the story.

There is of course, FBI's indictment papers, but it is not a fun read, and a very long one. Instead I suggest you reading quite compelling research Krebs did on Marcus the last year. If FBI is half as good as Krebs, I would be concerned about the actual outcome of this case. It seems to me there is no back in white in this specific situation, but lots of grey in too many shades.


Friday, April 20, 2018

GuardiCore scores 5 awards on RSA conference

I am happy to share with you that GuardiCore has received 5 (five!) prizes at RSA conference recently. Here is the short list:

InfoSec Magazine Awards:
Cloud Security - Best Product
Microsegmentation - Most Innovative

InfoSecurity Global Excellence Awards:
Innovative Company of the Year (Security)
Cloud Security
Deception Based Security

Proud to be a guardicorean!

Friday, March 30, 2018

Cloud security concerns and ways to address them

It is common today for cloud services to be compromised for months without detection. Remember that Tesla cloud case, where hackers were able to mine moneros for at least a month before being detected? Similar things may happen to others.

Today MyFitnessPal has sent a notification to its users that their accounts are compromised. The hack as discovered five days ago, but the actual hack happened at least a month ago. 150 million accounts are affected.

In light of GDPR coming into effect in May this year, I would expect many companies to review and eventually report personal data breaches more often.

Let's face it: cloud requires elaborate and agile security tools. It is not enough to through an expensive FW on the perimeter anymore to feel safe. If at least one VM or container is compromised, the whole environment is pretty much a goner, unless you have ability to detect and mitigate penetration on time.

Cloud security solution should combine elasticity, effective micro- and nano-segmentation abilities, application integrity control and effective breach detection that would help to avoid a situation when hackers are sitting at your cloud for weeks and months without being detected.

GuardiCore Centra is probably the only one solution today that combines dynamic deception, deputation based detection, effective segmentation technology and unprecedented visibility for virtualised and cloud based data center environment.

Feel free to contact me if you want to learn more.

Saturday, February 10, 2018

UserCenter battle continues as Check Point account services are still failing to do their job properly

In my previous post I have already mentioned that my old account came back online. I have also received several notifications from CP account services.

The first one was hilarious. They have asked me to update my email with Pearson VUE before transferring my certifications that are already granted. After asking them if this is a joke, they reported that they have transferred certification history. Well, I had to check. Guess what...

Two out of 14 certificates were lost in the process. Every time account services answer, they are also closing the open case. I have had to reopen it twice already.

So far nobody picked up a challenge about email address change. Too bad, as all this hustle would be avoided completely, would I be able to change that bloody email myself.

However, I would like to ask one more question. What is wrong with account services and Check Point? Why are they failing to perform a simple task?

Update: The issue is finally resolved. 6 days and two escalations. For a simple email change. Fantastic job, Check Point, really well done


Thursday, February 8, 2018

Changing jobs? Brace yourself for impact of losing your UserCenter access

Probably the most annoying part of having and account with Check Point UserCenter is that you cannot change your email address.

Which is, please allow me to say it plainly, utterly stupid.

8 years ago the company I was working for, Dimension Data, had gone through a re-branding phase. All emails where changed from 'name'@'region'.didata.com to 'name'@dimensiondata.com. Considering hundreds of accounts for all company employees around the globe, the impact was huge.
Old email accounts were discontinued, so to fix this, we have approached Check Point with a request to re-assign logins to new new email domain. Guess what was the answer?

- No can do.

So hundreds of DD engineers, sales and accounting guys have had to re-create email alliances to continue working with Partners' portal and UserCenter. They are still using this method now, after those 8 years. It was easier to keep all email addresses afloat than redefine manually tons of dependencies and details.

That was about business. On a personal level there is also lots of pain. If you are changing jobs, be ready that Check Point will sever your access even if you ask them not to do that.

In my case, I have left Dimension Data at the beginning of 2018. One month before that I have opened a case with account services to move my certification details, CheckMates account and UserCenter access to another email address. Once more, the answer is:

- We cannot do that. Please open a new UserCenter account and ask to move your certificates there. 

They have also assured me that my old account will not be closed automatically. Guess what... It is no longer working.

The main implication with changing your email with UserCenter this was is that you lose your history and your CheckMates access. You will appear as a new user everywhere. You will have to wait till they figure out how to move your certification. And I suspect recovering expert access to UserCenter resources will also be a story.

I do not even want to speculate why an established security company cannot figure our how to change an account ID without killing it altogether in the process.

However, this is the reality we are facing today. If you are planning to change your job, make sure you download all your valid certificates and bookmark your CheckMates threads. Because you will not be able to keep all that intact after moving to another email address. Bugger...

I dare Check Point admins to name me a single reason why I cannot change my email address on my account.

Anybody out there up for the challenge?


-----------------
Update: My old account is operational again. Whoever is responsible, thanks a lot. The issue of transferring the access level and certification history to a new account is not yet resolved. So the challenge stands.






Thursday, February 1, 2018

The main cyber security questions of 2017 and the way to answer them

At the end of 2017 I was talking to some US based business analytics firm, and the main questions they asked was why.

- Why security budgets are not growing rapidly, after all that scare with WannaCry and NotPetya? 
- Why businesses are not spending more to protect themselves, aren't they scared now? 
- Why the impact was so hard, even for the customers with high end perimeter security systems?
- Why is it happening?


Well, let's start with the easy one. Businesses are scared.

They were scared long before 2017 malware rampage. In 2017 they suddenly realised it does not matter how scared you are. They reached the limit of fear. They have realised it does not matter how much you spend on perimeter security. It does not matter how well-known your vendor is, which part of the Gartner it occupies and how great is his marketing campaign. None if it matters. By the end of the day, a weak link will be found and you will be owned.

So business is doing what it's doing best - counting money. They have switched to a risk management mode. For what it worth, backup tech budgets were raised, not firewalls. Additional insurances and legal protection fees are on the rise, not perimeter security budgets.

The second why is also simple but not that obvious. Perimeter security solutions today are top-notch, but they are still failing the customers. You can have all the jazz: FW, IPS, Anti-Virus, sandboxing, and you will still miss something eventually. Or even better, business will not wait for your security cycle and will deploy something completely exposed, with, god forbid, SMB services open to the Internet.

Hello, WannaCry, here is your free lunch,  come and get it.

In the eternal struggle between security professionals and business the latter always wins. Why? Because, think about it. It is just the matter of money. Business makes money, security spends some of it. If from the business perspective cost to effect ratio is not getting better, additional spendings are at best questionable.

Yet, the major security vendors are still beating the dead horse. Every conference, every vendor event includes some scare presentation about malware on a loose, hackers success stories and slides with names and sums of damages in big red letters.

Well, good luck with that.

In Guardicore we take an alternative route. We protect your East-West traffic, securing later movements in your infrastructure. We enable business and speed up DevOps actions by applying dynamic labelling as part of micro segmentation security policies, we provide unprecedented visibility of your assets traffic and detect intrusion attempts and anomalies in real time. On top of all that, we provide dynamic deception to lure an attacker into a honeypot to make sure his tools and tactics are registered and blocked everywhere across the ecosystem.

The new age of security is here. You do not have to be scared anymore.

Tuesday, January 23, 2018

Come to my session at CPX in Barcelona


Hi all, if you are coming to CPX 360° at Barcelona, feel free to visit my session about hybrid cloud security practices. It happens on Thursday at 14:00 in the room 116.


Wednesday, January 3, 2018

Goodbye Check Point, Hello GuardiCore

Today is my last day with Dimension Data. Looking back to almost 10 years of my work there, I want to say thank you for all my colleagues and friends for their support, help and assistance through that time. I felt being appreciated and valued, I have had many interesting projects, challenges and wins. Later this week I will board a plane to Tel Aviv to join my new company: GuardiCore.  I have visited GuardiCore on September the last year while being on vacation in Israel by the invitation of Sharon Besser.  I falled instantly in love with the company, the technology and the team. At that point my departure from Dimension Data was only a question of time.  I am leaving a very comfortable place to embarque on a new exciting journey. I am also giving up my 17 years of Check Point engineering for a challenging world of cloud and virtualization security.  If you are concerned about your virtualized DC security, if you are seriously considering moving to a cloud, private, hybrid or public, feel free to ask for an advice. I will be happy to assist you into putting in place a brilliant and effective security solution - GuardiCore Centra.   I also have to add a note about my personal projects related to Check Point.

With this transaction, unfortunately, I will have to put to rest Check Point Expert Talks.

This blog will remain up, and I am still deciding whether I will continue it as it is or run a spin-off for cloud security only.

Your thought for the matter are appreciated.

Anyhow, wish me luck and stay in touch. We will have yet another good ride, people. This time, to the cloud and beyond.