Month: March 2020

Microsoft Chrome Edge New Features

“Password moniter let you know if your password gets comromised in dark web“Microsoft today announced upcoming features for its Edge browser based on Google’s Chromium open source project, the same browser Google’s Chrome is based on. Consumer features like Vertical Tabs, Smart Copy, and Password Monitor are coming soon. Microsoft also shared a few updates for existing or already announced features like Collections, InPrivate mode, and Immersive Reader.

After over a year of testing, Microsoft launched Chromium Edge for Windows 7, Windows 8, Windows 10, and macOS in January 2020. That launch was largely targeted at businesses — the company promised to ship more consumer features “later this year.” Microsoft isn’t ready to ship those features yet, but it is starting to unveil them. Additionally, Microsoft still plans to roll out the new browser as a Windows update (in addition to the standalone download). Today, the company told Windows users it will “come to your PC starting next month.”

One more thing: Google paused Chrome releases earlier this month due to the COVID-19 pandemic. Last week, the company resumed updates, said it would skip Chrome 82, and rescheduled Chrome 81 and Chrome 83. For Edge, Microsoft followed suit to be “consistent with the Chromium Project.” Still, with more people spending time in their browsers at home, Microsoft is eager to talk about upcoming Edge features.

Vertical Tabs, Smart Copy, and Password Monitor
Vertical Tabs is meant to help you “find and manage many open tabs at once.” You will be able to organize your tabs on the side with a single click. Microsoft hopes this will be useful when you’re researching a topic online and open dozens of tabs.

Microsoft Edge Vertical Tabs feature

Smart Copy is supposed to help you copy and paste content from the web into documents. Specifically, Smart Copy retains formatting, including any images or links.

Password Monitor will notify you if the credentials you’ve saved to autofill have been compromised as part of a hack. If Edge matches any of your saved usernames and passwords, a notification will prompt you to take action. A dashboard in Settings will list your leaked credentials and direct you to change your password on the implicated website. Browsers like Firefox and Chrome offer similar tools.

All three features are on their way to Edge’s Insider channels: Vertical Tabs and Password Monitor “in the next few months” and Smart Copy “next month.” Microsoft didn’t provide a date for when to expect them in Edge stable.

Collections, InPrivate, and Immersive Reader
Microsoft also talked about other Edge features today. Collections (first announced in May 2019) uses “cloud-powered intelligence” to collect, organize, share, and export content you find while browsing. Collections for desktop is still baking in the Insider channels and is coming to the Stable channel “soon.” Collections for mobile is set to arrive “later this spring.”

Edge Collections feature on desktop

InPrivate mode automatically deletes your history, cookies, and site data when you finish a web browsing session. InPrivate search with Bing, which doesn’t tie your searches to you, is in the Insider channels now and coming to the Stable channel “soon.”

Immersive Reader removes distractions on the screen to help you focus on the page’s content. Line focus, which highlights individual lines as you scroll, is “coming soon.”

Microsoft Edge Immersive Reader feature

Edge wasn’t the only Microsoft app to show off incoming consumer features. Microsoft today also unveiled Microsoft 365 for consumers, which includes everything in Office 365 plus new AI and cloud-powered features.

by Categories: Uncategorized Leave a comment

Zero Trust taking out VPN !

Zero trust is shaking up VPN strategies.
The zero trust model has been developed because the distinction between “external” and “internal” areas of information systems has begun to blur. Private applications stand alongside their SaaS-based brethren, while the infrastructure transitions from virtualised servers in the data centre to services and apps residing on public clouds.

Users are also changing. Not only are they quite often mobile, but they are also no longer strictly human beings. The number of APIs is exploding, and machines now speak to each other just as much as employees do. In these circumstances, it becomes difficult to determine who is “trusted” and who is not.

When a public web server can be hosted internally in a DMZ and a critical business application is running on a public cloud service connected to a database in the data centre, what then can be deemed truly internal?

Under such conditions, matching access control lists (ACLs) and access permissions to various clouds with Active Directory services becomes complex, and keeping perfect visibility on the rights of users across all these models is an unenviable task.

The remote access VPN is challenged
It is not surprising that the concept of VPN, created at a time when network topologies were very different, is no longer able to keep up. It’s no coincidence that many organisations are realising the increasing difficulty of adapting and maintaining their VPN configurations. The strategy of granting access permission at the outset followed by virtual internal freedom (even within well-segmented VLANs) no longer actually meets organisations’ needs. The advent of 5G, by increasing the opportunities for remote connections and possibly even replacing corporate Wi-Fi connections, will certainly not simplify things.

Microsegmentation to the rescue
This is where the zero trust model comes into play. If the perimeter disappears, then the notion of trust granted by default must also disappear. It needs to be replaced by a more agile model in which each resource, wherever it is, only accepts authenticated users no matter where they are connecting. This poses serious system and network architecture challenges. Will organisations have to put a VPN termination point in front of each application? Will organizations have to go back to multiple VPN clients on a workstation? And how can enterprises centralise the different rights and permissions of a mobile user?

Introducing zero trust network access (ZTNA)
The centralization is where zero trust network access (ZTNA) technologies can help. ZTNA offers a modern alternative to network segmentation and VPNs and delivers microsegmentation instead. ZTNA services treat each connection to each application as a separate environment with individual security requirements. And, most importantly, this is completely transparent to the user. Without launching a VPN client and using a simple local client that automatically becomes active at the start of the session, it is possible to seamlessly access various company resources, wherever they are and always with the same level of security—whether you’re in the office connected via Ethernet or moving over a 4G connection.

The ZTNA service is able to identify each private application (even shadow IT private apps) and applies a specific security policy defined by the company. It is, therefore, able to selectively encrypt, apply predefined policies, or demand additional authentication depending on the risk profile. And it works on any TCP or UDP connection, whether for native application flows (SAP, for example) or network protocols (SSH, RDP, etc.).

It then becomes possible to manage remote access to any type of application with precision, wherever it is hosted and regardless of the origin of the connection. This creates a secure segment of one between a specific authorized user and private application via a dynamic TLS-encrypted microtunnel. There is no longer any distinction between hosting options or connection modes (corporate network or 4G)—everyone, whether they’re employees or third-party users, must be properly authenticated before accessing a resource.

Adapted to the zero trust model
For this reason, organisations that choose to migrate gradually to a zero trust model should start implementing microsegmentation for some of their users now and start to build up an experience that will be valuable in the future when zero trust becomes unavoidable.

That day will be here sooner than you think…. Trust wil be more published without compromising on security .

by Categories: Uncategorized Leave a comment

KIBANA SIEM Elastic Search an Overview

In this world of big data, enterprises are generating immense amounts of data. Once an enterprise has deciphered how to make use of the various data sources, generating data as well as the technique for collecting, processing & storing it, the next phase is analysis. The analysis method vary based on use cases and the data itself, but the pace of visualising the data is now becoming a standard best practice.

Data Visualization supports users to detect a pattern, monitor the environment and take actions when detecting anomalous behavior. Currently, the market has a huge list of data visualization tools that provide the visibility needed for understanding and analysing the given data.

Elastic Kibana is the most popular open source analytics and visualization platform designed to offer faster and better insights into your data. In this post, we will discuss this cutting- data visualization tool and its important features.

Overview of Elastic Kibana

Kibana is a visual interface tool that allows you to explore, visualize, and build a dashboard over the log data massed in Elastic Search Clusters. Elastic is the company behind Kibana and the two other open source tools – Elastic Search and Logs Tash. The Elastic Search tool serves as the database for document-oriented and semi-structured data. Logs Tash supports to collect, parse, and store logs for future use. These three tools can work well together and popularly known as ELK Stack or Elastic Stack.

The core feature of Kibana is data querying & analysis. In addition, Kibana’s visualization features allow you to visualize data in alternate ways using heat maps, line graphs, histograms, pie charts, and geospatial support. With various methods, you can search the data stored in Elasticsearch for root cause diagnostics.

With Kibana, it is easy to understand big data, and you can quickly build and share dynamic dashboards that frame-out changes to the Elasticsearch query in real-time. This visualization tool is equipped with various options in its left panel as shown below:

Discover

The Discover page ensures interactive data exploration by enabling access of each field in conjunction with default time. You can set the time filter, submit search queries, view document data, and filter the search results.

Visualize

With the broad variety of visualization styles, Kibana allows you to create a visualization of your data in the Elasticsearch indices. The screenshot below depicts the visualization page:

You can combine pie charts, data tables, line charts, single metric visualization, time series, Geo maps, and markdown visualization into dashboards.

The following table lists down the available Kibana visualization types and their description:

Dashboards

This page displays the pool of visualizations and searches. The Kibana dashboard is extremely dynamic and adaptable. For example, you can filter the data on the fly and open the dashboard in full-page format. The customizable dashboard feature allows you to resize, arrange, and modify the dashboard content and save it so that you can share your dashboard.

Timelion

Timelion analyzes and visualizes the time series data using simple expression language and it is designed to bring together the completely independent data sources within a single interface. It offers a way to define queries, visualization, and transformation in one place.

Machine Learning

The complexity and extensions of datasets make it difficult to identify cyber-attacks, infrastructure issues, and business problems. However, the Kibana’s machine learning page intends to create anomaly detection jobs and observe results. This feature automatically models the behavior of the Elastic Search data, including periodicity & trends and spot issues faster thereby reduce false positives.

APM

Application Performance Monitoring system supports users to monitor the applications as well as services and collects deep performance metrics and errors. Thereby the developers can inspect into performance data for their apps and rapidly spot the performance bottlenecks.

Dev Tools

The Dev tools of Kibana provide a powerful way to interact with the Elastic Stack. As it includes Console that supports developers to write Elastic Search commands in one tab and view those commands in the different tab. Together with Console, a Grok debugger and a search profiler in this solution allow you to configure the app to meet your needs.

Monitoring

The monitoring page of Kibana serves you in three effective ways:

  • You can visualize the data across Elastic Stack as it includes options to monitor the performance data for Elastic Search, Kibana, Logstash as well as Beats in real-time
  • You can also analyze the past performance of these products
  • You can ensure deep monitoring of Kibana and direct that data towards monitoring cluster

Management

The management page of Kibana is used for performing Kibana’s runtime configuration, which includes three vital actions:

  1. Index pattern – supports for initial setup & ongoing configuration of index names
  2. Saved objects – hosts the saved visualization, dashboards, and searches
  3. Advanced settings – includes setting to tweak the Kibana’s behavior

Therefore, whether it is setting up security controls, adding data sources or handling pipelines, Kibana offers you a single interface solution.

What is Kibana used for?

For those of you who aren’t acquainted with this data analytics and visualization platform, here is a brief about the features that Kibana offers for you:

  1. Interactive Charts

The in-built intuitive charts and reports of Kibana ensure the interactive navigation through the huge volume of log data. Moreover, you can dynamically zoom in & out the certain data subsets, drag time windows, and drill-down on reports to obtain actionable insights from the data.

  1. Pre-built Aggregations & Filters

These features enable you to run a variety of analytics like top-N queries, histograms, and trends with a few clicks.

  1. Anomaly Detection

As said earlier, the machine-learning feature of this visualization tool supports you to detect anomaly even hidden ones in your data. This capability allows you to identify the root causes of issues as shown below:

  1. Secure Sharing and Collaboration

Kibana ensures secure sharing of your visualization and dashboards, as there is an option that restricts the information viewing to protect data leakage. You can share your data, visualizations and even dashboards with your team members, boss, and customers who want to view the same details what you are viewing in Kibana.

In addition, the Kibana Dashboard Only Mode also supports to build a restricted access user, with limited visibility.

  1. Graph

Besides, the plotting of data points, Elastic Kibana allows you to uncover the relationships between them. You can accomplish this with the powerful graphical exploration API, which provides an alternative way to explore as well as summarize information about the data in the Elastic Search index.

  1. Kibana Search

The Kibana is empowered with various methods to perform searches on the log data. The following table describes the common search methods that should be considered for optimised user experience:

  1. Mapping Support

The powerful geospatial features of Kibana make you seamlessly visualize geographical information over your data and observe the results on maps. The Elastic Maps service drives the geospatial visualisations in Elastic Kibana by aiding shape files, baseman tiles and key features that are vital for geodata visualization. The following screenshot depicts visualization on geospatial data:

In addition, a recent data layer update allows you to view more countries in Kibana region maps.

  1. Canvas

Canvas application in Kibana offers you a new way of making your data appear outstanding. Rashid Khan, the Kibana’s creator states, “Canvas is a composable, extendable, and a creative space for live data.” Get your imaginations into the live data with logo, colors, text, and shapes, which make your brand unique.

  1. Watcher UI for Threshold-Based Alerts

The new UI of Kibana 6 creates and edits alerts based on thresholds. By previewing the alert constraints, it provides graphical feedback and type-ahead suggestions. In addition, it aids by sending alert messages along with template values to the email, log or slack.

  1. Reporting

One of the best features of Kibana is its reporting option that allows you to quickly generate reports of your visualization or dashboard. You can schedule the report for later, get it on demand and trigger it as per certain conditions. You can also automatically generate reports by submitting HTTP POST requests and it is possible to share it with others.

Conclusion

In this article, we have shared an overview of Kibana log analysis tool along with its attractive features that illustrate its offerings and capabilities. Undeniably, these features make it the best data visualization tool in the market now.

by Categories: Uncategorized Leave a comment

WFH ! Threat Security Landscape


Apply caution and common sense to your inbox



Links.. Documents should be cautiously handled. Risks will be exacerbated by the simultaneous relaxing of security controls in order to facilitate the use of non-standard web conferencing software and the sharing of files by email. Attackers will have both the opportunity and the means. MFA a must.

Expanding Threat Landscape


Employees suddenly taking their work computer home with them will find themselves stripped of protection as they trade the office network for their home Wi-Fi. Without internet proxy, NAC, IDS and NGFW, client devices will now be sitting exposed on potentially unsecured networks amongst potentially compromised devices. Endpoint security will have to bear the full brunt of protection. Internal network security may be compromised as well; employees might need access to resources previously only accessible on a wired network in one location. To make it reachable over VPN, internal segmentation might need to be flattened. This will open the door to malware spread and lateral movement. Client certificate authentication protecting web services might need to be turned off to enable BYOD working for employees that don’t have a company laptop. These changes must be scrupulously logged, and dependencies understood. The extra weight will have to be carried elsewhere: perhaps host AV policies can be tightened to compensate for lack of network protection, perhaps employee devices can be reconfigured to use a secure external DNS provider instead of the on-prem DNS server.


A new wave of attacks


Beyond the weakening of existing controls, spinning up new infrastructure will bring fresh risks. In January we saw a spate of attacks on web-facing Citrix infrastructure. Companies will be rapidly deploying VPN gateways, transitioning to Sharepoint and expanding their internet-facing perimeter. This rapidly increased attack surface will need monitoring and protecting. Security teams should be on heightened alert for brute force and server-side attacks. DDoS protection will also become more important than ever; for many companies this will be the first time that a DDoS attack could cripple their business by preventing remote workers from accessing services over the internet. We should expect to see a sharp rise in both of these forms of attack immediately.

Don’t make rash decisions


Both IT and individual employees will face blockers. There won’t be an authorised solution for their needs, and those needs may well be extremely urgent. At a time when businesses are extremely worried about their financial position and ability to operate, there will be pressure to throw caution to the wind and protect ‘business as usual’. This pressure may even come from the top. Security leadership must do the best they can to both push back against rash decisions and provide creative solutions. Well-meaning employees will get creative, and responsibility will be delegated to team leaders to “do what it takes”. It may be impossible for security to police this centrally but monitoring vigilance will be required to spot risky behaviour and non-compliance.
This is easier said than done; the SOC will be asked to monitor for incidents in a sea of change. Existing use-cases and rules will not apply, and companies will need a more proactive and dynamic approach to detection and response.

Your home is a business’ zero-trust environment


Unfortunately, there will be some within our companies that want to kick us while we are down. Sudden remote working is a godsend to malicious insiders. Data can now be easily taken from a company device over USB within the privacy of their own home. Security monitoring may be crippled or disabled entirely. This risk is harder to address. It may not be eliminable, but it can be balanced against the need for productivity and access to data. We should also be wary of those around us. We all hope we can trust the people we live with. But from a company perspective, employee homes are zero-trust environments. Confidential conversations will now be conducted within range of eavesdroppers. Intellectual property will be visible on screens and monitors in living rooms around the country. This risk is greater for younger demographics likely to be house-sharing, but it remains for all workers; delivery men, visitors to the house – they could all potentially steal a company laptop from the kitchen room table. Education of employees in particular risk groups will be key.


Adjusting to the new normal


Autonomous Response technology can also surgically intervene to halt malicious activity when teams can’t be there to stop it, protecting devices and systems whilst allowing essential operations to continue unaffected.
All of the above changes and risks create a monitoring nightmare for SOCs. We are entering into a period of digital unknown, where change will be the new normal. Data flows and topology will change. New technology and services will be deployed. Logging formats will be different.
The SIEM use-cases that took 12 months to develop will need to be scrapped overnight. For the next few weeks, business practice will shift rapidly. Static defences and rules will not be able to keep up, no matter how diligently and rapidly we rewrite them.  Companies need to leverage technology that can allow them to continue to operate amidst uncertainty without choking productivity at this critical time.

Work  will rapidly change the business scope but Security posture must be retained

by Categories: Uncategorized Leave a comment