Security Articles

HackQuest 3.0 | A Digital Security Challenge by TCS’ Cyber Security Practice

They say the best defense is a great offense – and with cybersecurity, that is certainly a big factor in staying ahead of the cyber-attackers. 
Juniper Research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. 

With more and more of our information going online, from work to our personal lives, our data is more at risk than ever before. However, in this age where everything is digitalized, how can we make sure that it is secured? How can we ensure the confidentiality, integrity and availability for our data? 

Cyber Security Landscape for 2019

Will 2019 be better or worse than 2018? Traditional business structures will continue to get disrupted over the next two to five years. The digital age has created unprecedented opportunities to do business and deliver services using new technologies. Organizations are rapidly embracing social media, mobility and cloud computing technology and transforming their ICT operations. The fast advancement in above technologies is being driven by the economics of value and advantage created by this competitive change. While this opens up exciting new opportunities, improves efficiency, it also exposes businesses to larger attack surface and associated multiplicative risks of cyber-attacks of adopting such emerging technologies, increased network bandwidth, and interconnected devices.

Transition from DevOps to DevSecOps

DevSecOps is a process of integrating and streamlining security practices earlier within the DevOps process. This can be achieved by replacing the traditional process of working in silos with that of increased communication and shared the responsibility for security processes during various phases of application/software development lifecycle. It helps identify security issues early in the development process rather than after a product is released.

Adopting DevSecOps process will have the following benefits:

Security Intelligence: You miss, attackers hit !!

Today’s world is more interested in analytics and automation. Likewise, Security is more focusing on automating the process of generating network alarms, identifying threats and risks with real-time correlation and behavioral anomaly detection. Security requirement is more of gathering security information from across the organization and analyze it to automate the threat detection, vulnerability identification, risk management, anomaly detection and for forensic analysis.

Let’s see one by one in detail what is covered in Security Intelligence and analytics:

1. Gathering security logs, relevant information from across the organization and having big data analytics capabilities is a must require ingredient. We must be able to capture necessary network traffic, endpoint and user behavioral data, application data, threat intelligence feeds. So we know what’s happening in our environment very well.

Blockchain Technology - Digital Era

The blockchain is the new buzzword in today’s banking environment. A blockchain is basically a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree root hash). By design, a blockchain is resistant to modification of the data. It is "an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way".

Blockchain was invented by Satoshi Nakamoto in 2008 to serve as the public transaction ledger of the cryptocurrency bitcoin. The invention of the blockchain for bitcoin made it the first digital currency to solve the double-spending problem without the need for a trusted authority or central server. The bitcoin design has inspired other applications.

GOSINT – An open source intelligence gathering and processing framework

GOSINT – the open source intelligence gathering and processing framework. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations 

The GOSINT, is an Open Source Threat Intelligence platform that helps us to identify and process the threat intelligence. GOSINT analyses structured and unstructured threat intelligence and helps a security analyst to identify different Indicators of Compromise (IOC) which can be driven into other tools like CRITs, MISP, or directly into log management systems or SIEM.

For detailed information on GOSINT, please click on attached pdf file.

Authored By - Nadish Shajahan and Mohammed Farhan
TCS Cyber Security Practice

Moving to Cloud: Security Risks and Securely Adopting Cloud

In order to have a competitive edge in the market and to meet the ever-growing customer needs, organizations are now switching to a virtual infrastructure offering more distributed, agile and flexible services as compared to the traditional computing which is referred to as “Cloud Computing”. 

NIST defines cloud computing as: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” 

Microsoft SQl Server Database: Making Aware of Database Security

Securing your database from Cyber Attack is most important. Database Security involves a different type of mechanisms to protect the database against Intentional or accidental threats.

Microsoft SQL Server provides various security models including integration with Windows Authentication to provide robust security platform for managing your organization's information. Security can be managed across all database objects including tables, views, stored procedures and at a very granular level. Database encryption is now available as well to secure SQL Server database at rest.

Please see the attached document to read more about Transparent Data Encryption, Backup Encryption, SSL Encryption, Best practices to secure your SQL server and more.

Errors in Security Technical Documentation: What Can Go Wrong?

Errors in Security Technical Documentation: What Can Go Wrong?

Technical documentation is either the first or the last stop for users looking for authentic information. Documentation has a main purpose of linking ideas, technologies, processes, and products with people who need to understand or use the products in an "audience-friendly" way. 

With regards to Technical Documentation, the quality of the document should be built into the process. This is best done by detailing the requirements for the service or product or tool during technical documentation as creation is one of the key aspects to it. 

How to achieve quality?

Create a style guide: The style guide defines the language to be used. Defining this early on ensures that consistent, unambiguous words and phrases are agreed, so making the document and review process simpler.

Are we still hesitant about the importance of security in wireless implementations?

Are we still hesitant about the importance of security in wireless implementations?

In our day to day to life, wireless technology like Bluetooth, Wifi is playing an important role to an individual and also all organizations when it comes to deploying wireless networks, applications, and devices to improve employee productivity. But the concern is when any confidential, personal and private data is flowing over the wireless path, how are we confident that our data is secured or doesn't get tampered or stolen in air transit. Here comes the importance of wireless security for our home networks and all organizations when it comes to deploying wireless networks, applications and devices and this article will shed some light on the basics of wireless security and it's importance.

Pages

Subscribe to RSS - Security Articles