Use Cases: Securing Applications and Data

We asked 25 security professionals to provide us with some examples of use cases where they are helping clients secure applications and data. Here's what they told us:

Securing Apps/Devices/APIs/IoT

• 1) We ensure apps that manage valuable data (personally identifiable information, healthcare data) are secure. We see data dumps of SQL databases from insecure apps on the dark web all the time. We help customers identify their high-risk applications, identify the kind of data at stake, and evaluate the risk to the company. We prioritize and put the appropriate testing in place to protect customer data managed by the web app. 2) Hackers are using apps to break into internal networks of corporations. Any app poses a risk if someone can access your mainframe through it. We help clients identify the risk of their apps. 
• We help clients stay in compliance with a fully supported Python kit. We place an agent on the instance and ensure the configuration is secure. We provide useful APIs and tools and teach people how to use them. Make APIs and integrations part of the security process across the board. Most of our customers are cloud forward and are preparing to scale rapidly. They want shortened release cycles. WE help them see how to scan everything. We provide cloud-friendly solutions that work quickly and efficiently with visibility.
• We help clients work in a faster-paced world. A financial brokerage client needed to move to CI/CD to write apps, improve them, and fix them more quickly. We find ways to make apps secure by using known tools. We have developers write unit tests. We help security provide templates on what they will be looking for. We help companies understand the importance of testing apps with custom tools. We enable banks to innovate and solve business problems by having secure apps.
• We’re helping more than 100 credit unions' mobile apps stay secure. We’ve helped a bank in Florida defend 70 offices with only four IT people by using sensors to detect and block malware in 40 milliseconds – faster than the malware can load.
• We focus on IoT. Traditional SIEM tracks advanced persistent threat of DOS attacks on the web server. However, SIEM cannot compute fast enough with sufficient storage to support IoT when attackers will stay for six or seven months. We’re at the front end to prevent improper log-ins and to notify clients about events of interest. If the score is suspicious, we hand over to IBM QRadar. We provide forensics. If an intruder is in the house we’re able to understand the level of compromise and what other elements of the systems they’ve touched. We’re able to visualize privileges, as well as activities between machines and users.
• Unilever developed reusable APIs that underpin core business processes and connect various applications and multiple digital asset management systems. Unilever teams self-serve reusable and composable APIs to access valuable data more easily than before to build directly to consumer applications. Unilever is delivering on the vision of a new IT operating model with Anypoint Platform, enabling the entire organization to achieve self-reliance in project delivery.

Malware/Phishing/Ransomware

• We’ve helped an oil and gas company prevent an attack attempting to steal oil by hacking business applications and gaining access to the industrial control systems (ICS). We protected the manufacturing plans from malicious changes when someone attempted to hack the ERP system that controlled the production of different products. We helped the company maintain the quality of the products they were producing and reduced recalls.
• Financial services technology was on 525,000 endpoints with ATMs and computer devices. We found malware no one else was able to find and removed it with surgical remediation while the institution maintained continuous operations. A nuclear power customer experienced an attack. They reported what they thought they had lost and we helped find patient zero, what other information was lost, and worked with them on how to protect the information going forward. It’s hard to protect information if you don’t know where it is.
• A bank customer was blacklisted in the Cisco checkpoint firewall and couldn’t figure out why for six months. Within three days we determined that one PC was infected with malware, a Trojan sending spearfishing emails. We removed the malware but the attackers continued to try to hack into the network. Based on machine learning, we can learn the pattern of communications and identify malicious domains while extracting the identification of the domain. We discovered a complete campaign in a network of 500 servers including the active directory. This is why automation and machine learning is the future.
• Protecting financial assets and accounts. Allow the sharing of financial information, tax documents, and access credentials stored in a vault and never exposed where malware is hiding.
• Clients are getting thousands of phishing attempts daily that we’re able to detect. Organizations trying to build machine learning need a feedback loop for faster learning and a more comprehensive knowledge base.

Vulnerability Visualization

• We serve as the nerve center for a retailer. When our alarm goes off they know it’s a real threat and they look for the source. We do this for retail, financial services, healthcare, information technology, government, and energy. Retail surfaced recently after they ingested a lot of technology yet still needed to improve the efficiency of detection and response. We provide breach protection against false credentials by providing visibility into employees and suppliers. We serve as the eyes and ears of the network. We’re able to see what’s coming on and off the network and the ways hackers move within the network. We’re able to correlate the attack, what they’re trying to do, how they are moving. This is important for preventing “man-in-the-middle” attacks. Other clients are using us to prevent ransomware attacks, protect personally identifiable information, energy, and building infrastructure.
• 1) We don’t use cloud services. We use situational awareness to understand counter-terrain people, applications, and systems. We either get “oh my gosh,” or “let’s go talk to the team.” It’s being used in how to secure IT. 2) Every company has been breached. Typically, the first couple of days’ worth of breaches or breach-like activities are of the variety the company's security team hasn’t seen. A system that side-stepped security infrastructure, for example. Clients need to see what’s happening outside so they can control their security better. 3) Financial institutions are going to the cloud. Need visualization into the hybrid organization. 4) Root out threats already in the network with the ability to see where they are and what they are doing. 5) Share collaborative visibility across the entire infrastructure. 6) Lack of visibility and the fragility of critical infrastructure. 7) Everyone needs to be concerned with the lack of security in IoT. Used to affect critical infrastructure. It’s a race against time. Time and security don’t play well together. If you don’t allow enough time, don’t expect the application to be secure. 9) Know where the data lies. Organizations are baking security into the applications and data. IP into the distribution of secure data (e.g., Scandisk with Fusion, software defined storage). Financial institutions and governments are data centric and need to have a security-centric approach by having visibility into the cloud.
• We build databases to capture, store, and process distributed data to analyze threats for McAfee and Lockheed Martin. We put security controls in place for personal data management providing a single view of the business. We provide security for Bosch’s IoT platform for automobile sensors. We provide content management and support IBM Watson. Data is the new oil and we help protect it.
• A healthcare organization was sending unencrypted patient information to providers and doctors’ offices. We could identify and fix the problem in 24 hours. For another client, we identified several types of new malware of their domain controller. We were able to detect attacks in ICS from SCADA. We helped a wireless carrier avoid potentially negative behavior from a foreign actor. A payment processor acquiring other payment processors added our sensors to the systems they were acquiring to ensure their security. We work with instant response teams to identify breaches, monitor, and audit activity. We provide additional visibility into network systems providing insights into products for security teams.

Cloud/DevOps

• We have one client with 200+ virtual employees all using the G-Suite. We have a traditional auto dealership retail group with 2,000 employees in 25 dealerships in seven states. Migrated from Microsoft Exchange to Google apps, calendar, email, drive, and G-Suite. They use Dropbox to exchange documents with customers. Most are traditional clients like public utilities, municipal governments, and food distributors beginning to embrace the cloud. We target mid-sized enterprises with smaller IT staffs and small to no security teams. All our clients are adopting the cloud in a rapid manner and have two or more SaaS applications.
• Allow enterprises to securely leverage developer-centric tools and workflows to deliver products faster. Mitigate risk from existing and emerging threats. A lot of threats are still relevant, they just behave differently. OLAF container base needs to change. In more modern infrastructures more traffic is encrypted. Less detection will happen at the network level.

Best Practices

• We had an automotive supplier that wanted us to evaluate the security of the ODB devices they were getting from a tier one supplier. The tier one supplier had left in the private crypto key so that any hacker could hack and identify themselves as the tier one supplier. This is a pretty common problem. The support page for Arris has private crypto keys in their own firmware. There’s a lack of best practices before compilation. We need standard operating procedures, especially as we get close to production.
• The most obvious example would be the latest data breaches we saw in LinkedIn, Yahoo and others. In some of these cases, the encryption level in effect was weak, which allowed the data to be breached and used. If the encryption levels were enforced and validated during the creation of the code, the breach may have still occurred but that data would not have been usable.
• Get control of the process, test, stay up to date on critical vulnerability issues. It’s the end of life for SHA-1 (secure hash algorithm) which is at the core of a lot of things that need to be updated to ensure data and files are not corrupted in transit. Browsers will stop providing visibility to websites still using an outdated algorithm.
• Identifying access management is a key part of security at all levels. Make sure the right people have access to the right resources at the right time. Have compliance processes to help with the audit process.

What are some real-world problems being solved by securing applications and data we have not touched on here?

Following are the executives that shared their perspectives on this question:

• Kevin Fealey, Principal Consultant and Practice Lead Automation and Integration Services, Aspect Security
• Carolyn Crandall, CMO and Joseph Salazar, Technical Marketing Engineer, Attivo
• Amit Ashbel, Director of Product Marketing and Cyber Security Evangelist, Checkmarx
• Ash Wilson, Strategic Engineering Specialist, CloudPassage
• Paul Kraus, CEO, Eastwind Networks
• Anders Wallgren, CTO, Electric Cloud
• Alexander Polyakov, CTO, ERPScan
• Patrick Dennis, President and CEO, Guidance Software, Inc.
• Craig Lurey, CTO, Keeper Security
• Boaz Shunami, CEO, Komodo Consulting
• Eric Tranle, Global CMO, Darrin Bogue, Senior Solutions Engineer, LogTrust
• David Waugh, V.P. Sales, ManagedMethods
• Mat Keep, Director of Product Marketing and Analysis, MongoDB
• Aaron Landgraf, Senior Product Marketing Manager and Kevin Paige, Head of Security, MuleSoft
• Fred Wilmot, CEO, PacketSled
• Gary Millefsky, CEO, Snoopwall
• Wei Lien Dang, V.P. of Products, StackRox
• Cody Cornell, Co-founder and CEO, Swimlane
• Terry Dunlap, Founder and CEO, Tactical Network Solutions
• Chris Wysopal, Co-Founder and CTO, Veracode
• Yitzhak Vager, V.P. Cyber Product Management and Business Development, Verint
• Prabath Siriwardena, Director of Security Architecture, WSO2