Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How The Hacker Economy Impacts Your Network & The Cloud
Newest First  |  Oldest First  |  Threaded View
QuadStack
50%
50%
QuadStack,
User Rank: Author
6/8/2015 | 12:36:22 PM
Re: Confused over the topic
@JoeK833 - First of all, thank you for reading and a big thank you for taking the time to comment! It really helps get the conversation going! Let's start here - so many of my friends sit on the good side of the cloud and IT security business. They help find holes, secure vast networks, check for new vulnerabilities, and do everything they can do to stay ahead of the bad guys. Which is what this article is about... How the bad guys monetize our data. It's kind of the thesis here - in the very beginning "How do the bad guys keep making this kind of money? Simple. Hackers, cyber criminals, hacktivists, and nation states have learned to monetize their opportunities..." Friends, I'm not trying to ignore the good security professionals out there - and, I'm not suggesting that all hackers are bad guys. The folks I'm talking about here are specifically the malicious users of the Internet looking to cash in on your information. Maybe my next piece will be around all of the amazing people helping create new security protocols to ensure a better cloud.

To your next point - no network architecture or data center is ever 100% safe. The security that we deploy is only as good as the policies, configurations, and best practices that we incorporate around it all. I have to argue that those organizations facilitating the architecture going into the modern cloud and data center environment are very much interested in more intelligent security practices. A breach will cost them customers, reputation, and - in this fast-paced world - potentially their entire business. It's not perfect out there - but it certainly is improving. 

Now, to cloud security; we're seeing that it's certainly evolving and doing so at a very fast pace. We have yet to see ANY major cloud breach within some of the biggest cloud providers. Many of the biggest breaches have all happened with on-premise resources. And yes, I'll take a slightly more positive approach here and show that the way we secure our data centers today are a bit better than "dismal." Cloud providers don't want a legal process... they also really don't want negative public attention. So they'll do whatever they can to secure these multi-tenant environments. I'm not talking about some unrealistic pristine cloud security architecture here. I'm being realistic. The way we have created better network and cloud intelligence allows you to see more of the "bits" which are traveling the wire. 

As for any open-source cloud management technology out there - yes, there are still some challenges to overcome. But OpenStack - when deployed properly - is a powerful cloud orchestration and API layer. A good security architecture will work with security to ensure no critical data is ever close to any holes. Joe - you take a very bleak approach to cloud and security in your comments. In working with data centers, cloud providers, and many security professionals - it's clear that big progress has been made around the security of your data. But you're right - it's not perfect. And, there are more breaches potentially happening as we store more data in the cloud and within our own data centers. The only way to work around this is to continue to improve the capabilities of the products in the field - and hope that they're not too "dismal" moving forward. 
QuadStack
50%
50%
QuadStack,
User Rank: Author
6/8/2015 | 12:18:33 PM
Re: Economy
@colocationauthority - You're aboslutely right. The economics around various threat vectors and how we now can secure against it all have certainly come a long way. Pretty sure with so many new interconnected devices and new cloud services - security will remain a white hot topic and market impactor. 
JoeK833
50%
50%
JoeK833,
User Rank: Apprentice
6/8/2015 | 11:02:33 AM
Confused over the topic.
To begin with, seems your article applies Hackers are cybercriminals. Are you saying the MIT Hackers, and those of us that code and attempt to identify security vulnerabilities before loss of property or life are cybercriminals?

Next. "The network". Networks security is only as good as your ability to understand the context of the bits traveling the wire, be they to a company or in the cloud. You are assuming that companies which make products, have interest in include new protocols and upgrade to protocols for the purpose of detecting hard. Well, they don't. A good example is the claims security products support IPv6. When pushed, you will discover some have been claiming support for 8 years, but still have no support.

Finally, you argument about improved cloud security. You are assuming if your data is outside your organization, that the company processing that has better products then you can afford, and more people to watch for problems. If in fact, your data is compromised, the only recourse is a slow legal process. You also assume that your workloads cannot be moved outside the initial data center, and can't be moved to a random data center allowing criminals and nation states to obtain your data.

On the Openstack side, many of the project have large gaping security holes, which have yet to be addressed, there for using some of these tools open even more holes in your defense.

In short, you can believe the number on cost of compromise, but the capabilities of products in the field are dismal.

Joe Klein

 

 
colocationauthority
50%
50%
colocationauthority,
User Rank: Apprentice
6/4/2015 | 11:20:55 AM
Economy
I believe that you are completely correct in this article. The economy and technology have both come a long long way! colocationauthority.com


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-46547
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46548
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46549
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46550
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46553
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).