Wednesday, August 2, 2017

Making DLP Management Successful

DLP implementation changes organization's culture and the way everyone perceives information and importance associated with it in terms of security.

The management of DLP solution should be aligned with the key requirement which led to DLP implementation in first place. If the pre-implementation was well thought-out and planned, the management part just needs to follow the execution. Starting small and building confidence before expanding is key to DLP program success.

In a very nutshell, organizations should do the following from pre-implementation to post-implementation for successful DLP program:

1) Identify the need, pain-points and build a business case
2) Create information classification matrix
3) Locate information to be protected
4) Initialize employee awareness to get the buy-in
5) Identify key data loss use-cases
6) Identify and get on-board key stakeholders from each department in-scope
7) Identify workflow based approvals (if required)
8) Shortlist the right DLP solution
9) Start small (focusing on endpoint agent with 'monitor')
10) Implement key use-cases build confidence
11) Move to warning
12) Move to block
13) Expand to other information leaking vectors similarly
14) Consistently improve
15) Show DLP worth to management based on Point 1

Wednesday, February 1, 2017

Infrastructure Security - Vulnerability Management

Vulnerability is a weakness in a system that can be exploited and leveraged upon by different threat agents. In computer security, vulnerabilities can exist in information systems ranging from operating systems to databases to web servers to web applications to switches to routers to even security solutions and devices. Vulnerabilities can occur and are exploited because of lack of security focus during application and system development, reliance on protocols that are vulnerable or because of dependency on third party packages and services.

Vulnerability management solutions help automate the process of proactively identifying vulnerabilities in systems and evaluate associated risks so that proper and prioritized vulnerability remediation and risk mitigation can be carried out before a threat agent exploits these vulnerabilities. Vulnerability management solutions are not mere vulnerability assessment tools but on top they provide features like organization specific risk, risk acceptance, risk tracking, ticketing system, and user roles and permissions to name a few.

Vulnerability management solutions apart from reducing the threat exposure due to prevalent vulnerabilities also help in meeting compliance requirements for PCI DSS, FISA, HIPAA and CIS standards for vulnerability and configuration management. The central vulnerability management console supports identification of vulnerabilities on multiple systems, devices and web applications deployed in organizations and remain future proof with regular updates. Role creation can help different departments to fulfill their responsibilities related to vulnerability identification, infrastructure auditing and web application testing with ease and effectiveness via intuitive dashboard and actionable reporting.

Vulnerability management solutions also provide the ability to test the effectiveness of existing controls on servers and desktops like anti-virus, OS hardening and patch management, browser hardening, password hardening etc. The ease of validating vulnerabilities via itself or third party exploitation tools makes vulnerability management solutions unique and help improve risk mitigation efforts.

Endpoint Security - Malware Protection

In computer security, the general definition of an endpoint is any device connecting to the network. When talking about endpoint security, the device can be a mobile device, a laptop, a workstation or even a server. Endpoint security is hence securing of these devices by mostly using technology based solutions. One of the important tasks involved in endpoint security is protecting endpoints from malware. Malware is any malicious program that can adversely affect, disrupt and damage the working of the endpoint and on top of that steal sensitive information. The most common types of malware are viruses, worms, Trojans, adware and spyware.

Endpoint security technology solutions provide different set of features that can help in detection and prevention of malware. Apart from detection and prevention, endpoint security also helps in remediating the compromised endpoints. The features provided by endpoint security solutions range from antivirus, personal firewall, exploit prevention, host intrusion prevention to proactive protection capabilities like vulnerability and patch management.

Endpoint security solutions target both known (for which signatures have been created) and unknown (for which signatures are not available yet) malware. The effectiveness of endpoint security solutions against malware detection, prevention and spreading depends on solution configuration apart from the technology and intelligence incorporated into the solution. The endpoint security technology solutions provide easy centralized management. The centralized management helps in getting visibility into the level of security and system health of all endpoints. The centralized management also supports in easy security policy implementation, updating, reporting of critical system events and troubleshooting.

Monday, July 18, 2016

Effective Cyber Defense System

The five critical tenets of an effective cyber defense system as reflected in the CIS Critical Security Controls are:

Offense informs defense

Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks.


Invest first in Controls that will provide the greatest risk reduction and protection against the most dangerous threat actors and that can be feasibly implemented in your computing environment.


Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustmens can be identified and implemented quickly.

Continuous diagnostics and mitigation

Carry out continuous measurement to test and validate the effectiveness of current security measures and to help drive the priority of next steps.


Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the Controls and related metrics.

Monday, April 6, 2015

Effective Information Security Selling Guide

What are the qualities of a good sales person? Whenever someone asks me this question -- my mind wanders to 7 Habits (or qualities) of Highly Effective People, which are:

1) Pro-activeness and self-awareness
2) Start with the end in mind
3) Prioritize
4) Focus on win-win
5) Listen, understand then speak and get understood
6) Develop truest form of trust
7) Keep learning
These are the major qualities any person should seek and develop to be a good human being generally and very good sales-person particularly. 

Information security selling is not different than any other selling. The only difference between IT selling and security selling is that the latter focuses on niche market. Getting security opportunities, driving customers and closing deals can be scarce and time consuming but delightfully rewarding. In the words of Steve Jobs, you really put a dent in the universe but more in the security sense the feeling of protecting customers is both fascinating and cherishing. 

For information security selling to be effective, I propose the following list of steps from my experience: 

1) Identify pain-points -- what difficulties are being faced by the customer
2) Propose a solution -- that acts as ointment for the pain-point identified
3) Develop a business case -- focus on benefits in terms of time, resources and money!
4) Identify and set budget limitations -- develop win-win situation!  
5) Clarify, clarify, clarify! -- do demo, PoC, pilot to set the customer expectations right
6) Close the deal quickly -- keeping the purchase life-cycle in mind, focus on closing with full force
7) Give more -- develop dependency, be more than just useful! 

A good security selling encompasses strong passion, relentless vigor and constant follow-ups. Hope this post helps in making your customer choose the best solutions and services. Happy selling! 

Sunday, April 5, 2015

Setting-up NAT in VMware Workstation

In this tutorial, we are going to setup NAT configuration in VMware Workstation. The Workstation version being used is:

On VMware Workstation, click Edit and then Virtual Network Editor…

On the Virtual Network Editor window, click Add Network:

On the pop-up window, select VMnet2 and click Ok:

The new Virtual Network would initialize with random settings:

The random settings adopted are as follows:

Now, change the Subnet IP and Subnet mask as follows and click NAT Settings:

Configure the NAT Settings as follows and click OK:

Afterwards, click DHCP Settings:

Set the DHCP Settings as follows:

DHCP Service would initialize, once done click Apply:

We are all done to use our NAT configuration in VMs now.

Right click one of the VM where you want to configure NAT and click Settings:

Configure the Network Adapter settings as follows and click OK:

Since, I like giving static IP addresses (the DHCP service would work just fine) to my VM machines:

The given settings would connect to Internet via the NAT configuration:

While, VMnet2 is set, we would see this network adapter in Network Connections as follows:

For any queries, please feel free to reach out to me on wajahatrajab[@]gmail[.]com.

How VA Tools Work?

Vulnerability Assessment tools assist us in finding weaknesses in a system before they can be exploited. A Vulnerability Assessment tool takes the following steps in determining vulnerabilities:

  • Discovering – Sends ICMP requests and probes ports to see if the system is up and running, additionally checks if the system is behind a firewall or a filtering device
  • Port Mapping – Probes UDP and TCP ports to see which ports are open and accepting connections
  • OS fingerprinting – Detects what OS is running on the target system
  • Service Mapping – Sends different probes to see which services are running on open ports
  • Vulnerability Mapping – Based on the identified services, it tries to find out the vulnerabilities associated with them
There are many Vulnerability Assessment tools available — NeXpose, Nessus and QualysGuard being the few which scan the whole infrastructure including web applications. While, there are some dedicated tools for only web application scanning (dynamic analysis) like AppScan Standard, WebInspect, Burp Suite and Acunetix. Similarly, there are dedicated tools for automated source code review (static analysis) like AppScan Source, Fortify and Veracode.

Alongside finding weaknesses, Vulnerability Assessment tools also provide remediation techniques for eradicating or patching the weakness.