Siyakwamukela ku-CISO Corner, inhlabamkhosi yamasonto onke ye-Dark Reading yama-athikili enzelwe abafundi imisebenzi yezokuphepha kanye nabaholi bezokuphepha. Maviki onke, sizohlinzeka ngezindatshana ezitholwe kuzo zonke izindaba zethu, i-The Edge, DR Technology, DR Global, kanye nesigaba sethu samazwana. Sizibophezele ekukuletheleni isethi yemibono eyahlukene ukusekela umsebenzi wokusebenzisa amasu okuphepha ku-inthanethi, kubaholi ezinhlanganweni zabo bonke umumo nosayizi.
Kulolu hlelo lwe-CISO Corner:
-
I-Kindervag ithi: Amaqiniso Anzima angu-5 Mayelana Nesimo Sokuphepha Kwamafu sango-2024
-
I-MITER ATT&CKED: Igama elithenjwa kakhulu le-InfoSec Liwela ku-Ivanti Bugs
-
Izifundo zama-CISO Ku-OWASP's LLM Top 10
-
I-Cyberattack Gold: Ama-SBOM Anikeza Ukubalwa kwabantu Okulula Kwesofthiwe Esengcupheni
-
Umhlaba jikelele: Unikezwe ilayisense yoMthethosivivinywa? I-Nations Mandate Certification & Licensure of Cybersecurity Pros
-
UJohnson & Johnson Spin-Off CISO ekukhuliseni ukuphepha kwe-Cybersecurity
-
I-SolarWinds 2024: Kuphumaphi Ukudalulwa Kwe-Cyber?
5 Amaqiniso Anzima Mayelana Nesimo Sokuphepha Kwamafu 2024
Ngu-Ericka Chickowski, Umbhali Onikelayo, Ukufunda Okumnyama
I-Dark Reading ikhuluma ngokuvikeleka kwefu no-John Kindervag, unkulunkulu we-zero trust.
Izinhlangano eziningi azisebenzi nazo ngokugcwele imikhuba yokuphepha yamafu evuthiwe, naphezu kwezingxenye ezicishe zibe yingxenye yokuphulwa okuvela efwini futhi cishe amaRandi ayizigidi ezingu-4.1 alahleka ngenxa yokuphulwa kwamafu onyakeni odlule.
Leyo yinkinga enkulu, ngokusho kukankulunkulu wezokuphepha kwe-zero trust, u-John Kindervag, owasungula futhi wandisa imodeli yezokuphepha ye-zero-trust njengomhlaziyi e-Forrester. Utshela i-Dark Reading ukuthi kunamaqiniso anzima okufanele ubhekane nawo ukuze uguqule izinto.
1. Awuvikeleki kakhulu ngokuya efwini: Ifu alivikelekile ngokwemvelo kunezindawo eziningi ezisemagcekeni: abahlinzeki befu be-hyperscale bangase babe bahle kakhulu ekuvikeleni ingqalasizinda, kodwa ukulawula nomsebenzi abanawo phezu kokuma kokuphepha kwamakhasimende abo kulinganiselwe kakhulu. Futhi imodeli yesibopho esabiwe ayisebenzi ngempela.
2. Izilawuli zokuphepha zomdabu kunzima ukuzilawula emhlabeni oyingxubevange: Ikhwalithi ayihambisani uma kuziwa ekunikezeni amakhasimende amandla okulawula umsebenzi wawo, ubunikazi, nokubonakala, kodwa izilawuli zokuphepha ezingaphathwa kuwo wonke amafu amaningi azikwazi.
3. Ubunikazi angeke bulondoloze ifu lakho: Ngokugcizelelwa okungaka okubekwe ekuphathweni kobunikazi befu kanye nokunaka okungalingani engxenyeni yobunikazi ekuthembekeni okuyiziro, kubalulekile ukuthi izinhlangano ziqonde ukuthi ubunikazi buyingxenye kuphela yesidlo sasekuseni esinokulinganisela kahle sokungathembi lutho emafini.
4. Amafemu amaningi kakhulu awazi ukuthi zizama ukuvikela ini: Impahla ngayinye noma uhlelo noma inqubo izoba nengozi yayo eyingqayizivele, kodwa izinhlangano azinawo umqondo ocacile walokho okusefwini noma okuxhumanisa nefu, ingasaphathwa eyokudinga ukuvikelwa.
5. Izikhuthazo zokuthuthukiswa komdabu wasefu azisebenzi kahle: Izinhlangano eziningi kakhulu azinazo izinhlaka ezifanele zokugqugquzela onjiniyela ukuthi bazivikele njengoba behamba - futhi, eqinisweni, eziningi zinezisusa ezihlanekezelwe ezigcina zikhuthaza umkhuba ongavikelekile. “Ngithanda ukusho ukuthi abantu bohlelo lokusebenza lwe-DevOps bangoRicky Bobbys we-IT. Bafuna ukuhamba ngokushesha,” kusho uKindervag.
Funda kabanzi: 5 Amaqiniso Anzima Mayelana Nesimo Sokuphepha Kwamafu 2024
Related: I-Zero Trust Ithatha Izintambo: 63% wama-Orgs Asetshenziswa Emhlabeni Wonke
I-MITER ATT&CKED: Igama elithenjwa kakhulu le-InfoSec Liwela ku-Ivanti Bugs
Ngu-Nate Nelson, Umbhali Onikelayo, Ukufunda Okumnyama
Indida ilahleka kwabambalwa, njengoba umlingisi osongela izwe esebenzisa amasu ayisishiyagalombili e-MITER ukwephula i-MITER ngokwayo - okuhlanganisa nokuxhaphaza izimbungulu ze-Ivanti abahlaseli osekuphele izinyanga begcweleza.
Izigebengu zezwe langaphandle zisetshenzisiwe Amadivayisi onqenqema we-Ivanti asengozini ukuze uthole ukufinyelela “okujulile” kwezinyanga ezintathu kweyodwa yamanethiwekhi angafakwanga e-MITER Corp.
U-MITRE, umphathi wohlu lwamagama lwe-ATT&CK olutholakala yonke indawo lwamasu aziwa kakhulu e-cyberattack, ngaphambilini uhambe iminyaka eyi-15 ngaphandle kwesigameko esikhulu. Lesi sigameko saqala ngoJanuwari lapho, njengezinye izinhlangano eziningi, kuxhashazwa amathuluzi esango le-Ivanti.
Ukwephulwa komthetho kuthinte i-Networked Experimentation, Research, and Virtualization Environment (NERVE), inethiwekhi engahlukanisiwe, ehlanganyelwayo inhlangano eyisebenzisela ucwaningo, ukuthuthukiswa, kanye ne-prototyping. Ubukhulu bomonakalo we-NERVE (i-pun ehlosiwe) buyahlolwa okwamanje.
Kungakhathaliseki ukuthi yayiyini imigomo yabo, abaduni babenesikhathi esanele sokuyifeza. Yize ukuyekethisa kwenzeke ngoJanuwari, i-MITER ikwazile ukukuthola ngo-Ephreli, okushiya igebe lekota lonyaka phakathi.
Funda kabanzi: I-MITER ATT&CKED: Igama elithenjwa kakhulu le-InfoSec Liwela ku-Ivanti Bugs
Related: Amasu aphezulu e-MITER ATT & CK & Indlela Yokuzivikela Kubo
Izifundo zama-CISO Ku-OWASP's LLM Top 10
Ukuphawula kukaKevin Bocek, Isikhulu Esiyinhloko Sokusungula, uVenafi
Sekuyisikhathi sokuqala ukulawula ama-LLM ukuze uqiniseke ukuthi aqeqeshwe ngokunembile futhi alungele ukuphatha amadili ebhizinisi angase abe nomthelela ekugcineni.
I-OWASP isanda kukhipha uhlu lwayo oluyi-10 oluphezulu lwezinhlelo zokusebenza zemodeli yolimi (LLM), ngakho-ke abathuthukisi, abaklami, abaklami bezakhiwo, nabaphathi manje banezindawo eziyi-10 okufanele bagxile kuzo ngokusobala uma kukhulunywa ngezokuphepha.
Cishe konke top 10 LLM izinsongo igxile ekwehleni ekuqinisekiseni ubuwena obusetshenziswa kumamodeli. Izindlela ezihlukene zokuhlasela zisebenzisa i-gamut, zingathinti nje kuphela ubunikazi bokufakwa kwemodeli kodwa futhi nobunikazi bamamodeli ngokwawo, kanye nemiphumela nezenzo zawo. Lokhu kunomphumela wokugoqa futhi kubiza ukuqinisekiswa kokusayinda ikhodi nokudala izinqubo zokumisa ubungozi emthonjeni.
Nakuba ngaphezu kwesigamu sezingozi eziyishumi eziphezulu yizo ezincishisiwe futhi zifuna ukushintsha kwe-AI, izinkampani kuzodingeka zihlole izinketho zazo lapho zisebenzisa ama-LLM amasha. Uma amathuluzi alungile ekhona okuqinisekisa okokufaka namamodeli, kanye nezenzo zamamodeli, izinkampani zizohlonyiswa kangcono ukuze zisebenzise umbono we-AI wokubulala-ukushintsha nokuvikela ukucekelwa phansi okwengeziwe.
Funda kabanzi: Izifundo zama-CISO Ku-OWASP's LLM Top 10
Related: I-Bugcrowd Imemezela Izilinganiso Zokuba sengozini kwama-LLM
I-Cyberattack Gold: Ama-SBOM Anikeza Ukubalwa kwabantu Okulula Kwesofthiwe Esengcupheni
NguRob Lemos, Umbhali Onikelayo, Ukufunda Okumnyama
Abahlaseli cishe bazosebenzisa i-software bills-of-material (ama-SBOM) ukuze baseshe isofthiwe okungenzeka ibe sengozini yamaphutha athile esofthiwe.
Uhulumeni nezinkampani ezizwelayo kwezokuphepha ziya ngokuya zidinga abenzi besoftware ukuthi babanikeze izikweletu zesoftware yezinto ezibonakalayo (ama-SBOM) ukuze kubhekwane nengcuphe yokuthengwa kwempahla - kodwa lokhu kudala isigaba esisha sokukhathazeka.
Kafushane: Umhlaseli onquma ukuthi iyiphi isofthiwe inkampani eqondiwe esebenzayo, angakwazi ukubuyisa i-SBOM ehlobene futhi ahlaziye izingxenye zohlelo lokusebenza zobuthakathaka, konke ngaphandle kokuthumela iphakethe elilodwa, kusho uLarry Pesce, umqondisi wocwaningo lokuphepha komkhiqizo nokuhlaziywa kwesofthiwe. inkampani yezokuphepha ye-supply chain i-Finite State.
Ungumhloli wokungena wangaphambili weminyaka engu-20 ohlela ukuxwayisa ngengozi esethulweni esithi “Ama-SBOM Amabi” eNgqungqutheleni ye-RSA ngoMeyi. Uzokhombisa ukuthi ama-SBOM anolwazi olwanele lokuvumela abahlaseli ukuthi benze kanjalo sesha ama-CVE athile kusizindalwazi sama-SBOM futhi uthole uhlelo lokusebenza okungenzeka lube sengozini. Okungcono nakakhulu kubahlaseli, ama-SBOM azophinde abhale ezinye izingxenye nezinsiza edivayisini umhlaseli angayisebenzisela "ukuphila ngaphandle komhlaba" ngemuva kokuyekethisa, uthi.
Funda kabanzi: I-Cyberattack Gold: Ama-SBOM Anikeza Ukubalwa kwabantu Okulula Kwesofthiwe Esengcupheni
Related: I-Southern Company Yakha i-SBOM Yesiteshi Samandla Kagesi
Umhlaba jikelele: Unikezwe ilayisense yoMthethosivivinywa? I-Nations Mandate Certification & Licensure of Cybersecurity Pros
NguRobert Lemos, Umbhali Onikelayo, Ukufunda Okumnyama
IMalaysia, Singapore, kanye neGhana ziphakathi kwamazwe okuqala ukuphasisa imithetho edinga ukuphepha ku-inthanethi amafemu - futhi kwezinye izimo, abaxhumanisi ngabanye - ukuthola amalayisensi okwenza ibhizinisi, kodwa ukukhathazeka kusekhona.
IMalaysia isijoyine okungenani ezinye izizwe ezimbili - Singapore kanye neGhana — ekushayeni imithetho edinga ukuthi ochwepheshe bezokuphepha ku-inthanethi noma amafemu abo agunyazwe futhi anikezwe ilayisense yokuhlinzeka ngezinsizakalo ezithile zokuphepha ku-inthanethi ezweni labo.
Nakuba igunya lomthetho kusazonqunywa, “lokhu cishe kuzosebenza kubahlinzeki besevisi abahlinzeka ngamasevisi okuvikela ulwazi nobuchwepheshe bemishini yomunye umuntu — [ngokwesibonelo] abahlinzeki bokuhlola ukungena nezikhungo zokusebenza zokuphepha,” ngokusho kwe-Malaysia-based. inkampani yabameli uChristopher & Lee Ong.
Umakhelwane wase-Asia-Pacific i-Singapore isivele idinga ukugunyazwa kwabahlinzeki besevisi ye-cybersecurity (CSPs) eminyakeni emibili edlule, kanye nezwe laseNtshonalanga Afrika iGhana, elidinga ukugunyazwa nokugunyazwa kochwepheshe bezokuphepha ku-inthanethi. Ngokubanzi, ohulumeni abafana ne-European Union benze izitifiketi ze-cybersecurity ezijwayelekile, kanti ezinye izinhlaka - njengesifunda sase-US saseNew York - zidinga izitifiketi namalayisense wamakhono okuphepha ku-inthanethi ezimbonini ezithile.
Kodwa-ke, abanye ochwepheshe babona imiphumela engaba yingozi evela kulezi zinyathelo.
Funda kabanzi: Unikezwe ilayisensi kuBill? I-Nations Mandate Certification & Licensure of Cybersecurity Pros
Related: I-Singapore Isetha Ibha Ephezulu Ekulungiseleleni I-Cybersecurity
I-J&J Spin-Off CISO ekukhuliseni ukuphepha kwe-Cybersecurity
NguKaren D. Schwartz, Umbhali Onikelayo, Ukufunda Okumnyama
I-CISO ye-Kenvue, inkampani yokunakekelwa kwezempilo yabathengi iphume kanjani ku-Johnson & Johnson, amathuluzi ahlanganisiwe nemibono emisha ukwakha uhlelo lokuvikela.
UMike Wagner kaJohnson & Johnson usize ekulolongeni indlela yezokuphepha yenkampani ye-Fortune 100 nesitaki sokuphepha; manje, useyi-CISO yokuqala ye-J&J's spinoff yokunakekelwa kwezempilo kwabathengi, u-Kenvue, onikezwe umsebenzi wokwakha izakhiwo ezilula futhi ezingabizi ngokuvikeleka okuphezulu.
Lesi sihloko sichaza izinyathelo u-Wagner nethimba lakhe abasebenze ngazo, ezihlanganisa:
Chaza izindima ezibalulekile: Abadwebi bezakhiwo nonjiniyela ukusebenzisa amathuluzi; ochwepheshe bomazisi nokuphathwa kokufinyelela (IAM) ukuze banike amandla ukuqinisekiswa okuphephile; abaholi bokulawulwa kobungozi ukuqondisa ukuphepha nezinto ezibalulekile zebhizinisi; abasebenzi bezokuphepha ukuze baphendule ngesigameko; kanye nabasebenzi abazinikele ngomsebenzi ngamunye we-inthanethi.
Shumeka ukufunda komshini kanye ne-AI: Imisebenzi ihlanganisa i-IAM ezenzakalelayo; ukuqinisa ukuhlolwa komphakeli; ukuhlaziywa kokuziphatha; kanye nokwenza ngcono ukubonwa kwezinsongo.
Khetha ukuthi yimaphi amathuluzi nezinqubo ozozigcina, nokuthi yikuphi ozokushintsha: Ngenkathi i-J&J's cybersecurity architecture iyinhlanganisela yezinhlelo ezidalwe amashumi eminyaka okutholwa; imisebenzi lapha ifaka phakathi ukuhlela amathuluzi ka-J&J; ukuwafaka kumodeli yokusebenza kuka-Kenvue; kanye nokuhlonza amakhono amasha adingekayo.
UWagner uthi kusekuningi okumele kwenziwe. Okulandelayo, uhlela ukuncika kumasu esimanje okuphepha, okuhlanganisa ukwamukelwa kwezero ukwethenjwa kanye nokuthuthukiswa kwezilawuli zobuchwepheshe.
Funda kabanzi: I-J&J Spin-Off CISO ekukhuliseni ukuphepha kwe-Cybersecurity
Related: Ukubheka Amathuluzi e-AI e-Visa Alwa Nokukhwabanisa
I-SolarWinds 2024: Kuphumaphi Ukudalulwa Kwe-Cyber?
Ukuphawula kukaTom Tovar, i-CEO & Co-Creator, i-Appdome
Thola izeluleko ezibuyekeziwe zokuthi kufanele sizidalule kanjani, nini, futhi kuphi izehlakalo zokuvikeleka ku-inthanethi ngaphansi komthetho wezinsuku ezine we-SEC ngemuva kwe-SolarWinds, futhi ujoyine ucingo lokuvuselela umthetho ukuze ulungise kuqala.
Emhlabeni we-post-SolarWinds, kufanele sidlulele endaweni ephephile yokulungisa ubungozi be-cybersecurity nezigameko. Ngokukhethekile, uma noma iyiphi inkampani ilungisa ukushiyeka noma ukuhlasela phakathi nesikhathi sezinsuku ezine, kufanele ikwazi (a) ukugwema isimangalo sokukhwabanisa (okungukuthi, akukho okungaxoxwa ngakho) noma (b) ukusebenzisa inqubo evamile ye-10Q kanye ne-10K, okuhlanganisa nesigaba Sengxoxo Nokuhlaziya Abaphathi, ukuze kudalule isigameko.
Ngo-Okthoba 30, i-SEC yafaka a isikhalazo sokukhwabanisa ngokumelene ne-SolarWinds kanye nesikhulu sayo sezokuphepha semininingwane, isola ukuthi yize abasebenzi nabaphathi beSolarWinds bebazi ngobungozi obandayo, ubungozi, nokuhlaselwa kwemikhiqizo yeSolarWinds ngokuhamba kwesikhathi, "ukudalulwa kwengozi ye-cybersecurity yeSolarWinds akuzange kudalulwe nganoma iyiphi indlela."
Ukusiza ukuvimbela izinkinga zesikweletu kulezi zimo, ichweba eliphephile lokulungisa lizovumela izinkampani isikhathi esigcwele sezinsuku ezine ukuze zihlole futhi ziphendule esehlakalweni. Khona-ke, uma kulungiswa, thatha isikhathi sokudalula isigameko ngendlela efanele. Umphumela uba kugcizelelwa kakhulu ekuphenduleni ku-inthanethi kanye nomthelela omncane esitokweni somphakathi senkampani. Ama-8Ks asengasetshenziselwa izehlakalo ezingaxazululiwe ze-cybersecurity.
Funda kabanzi: I-SolarWinds 2024: Kuphumaphi Ukudalulwa Kwe-Cyber?
Related: Kusho ukuthini iSolarWinds ku-DevSecOps
- I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
- I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
- I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
- I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
- I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
- Source: https://www.darkreading.com/cybersecurity-operations/ciso-corner-evil-sboms-zero-trust-cloud-security-mitre-ivanti
