Connect with us

GRTech

Protecting Assets in a Remote-first (and potentially Hostile) World

With both persistent attacks and post-pandemic remote work here to stay, modern security solutions must assume the endpoint device or phone operates in a dangerous environment at all times, writes Chester Wizniewski

Published

on

Protecting assets in remote work environment

I live in a city center and the lunch hour certainly isn’t like it once was. While some people have returned to working in an office, it seems that the majority have not. Looking back, the pandemic will have been a turning point for many things around the world, and the rhythms of office-centered worklife will be something that will never return to the old ways.

With this increased flexibility employees are not just working from home behind consumer-grade Wi-Fi routers; they are also spending part of the day at the park or coffee shop, or perhaps even having a “working holiday.” Those in charge of protecting enterprise assets have to assume these endpoints are always in hostile territory.

Even before the pandemic, organizations working toward improving their security maturity were often trying to “push left.”  What is pushing left? At its most basic level it means moving things closer to the start. It originates from software development where the stages of the development process are conceptualized from left to right, left being the beginning. In applied security we also use the term “pushing left,” but rather than referring to the software development process we are referring to the attack chain, which moves from reconnaissance on the left through action (exfiltration or other attacker goal) on the right.

For many years, the most comprehensive security strategies have involved defense in depth. The idea is that not all technologies are suitable for detecting a given threat type, so it is best to deploy them in layers. These layers often directly correspond to how far “left” something is in the attack chain. If you can detect something at the network border through your firewall, email, or web filters, you have contained the threat before it has any negative impact on operations.

Ideally you want to detect and block an attacker as far left as possible, i.e., as early as possible. Pushing detections left also alerts security analysts that an intrusion may be underway, initiating more focused threat hunting to anticipate gaps in defenses your attacker may be attempting to exploit.

For employees at the office, you can centralize control of these defenses and provide optimum protection. The question is, are you able to provide the same protection for remote workers regardless of their location? Can you monitor and respond to threats being detected on those assets when they are out of the office? As many have observed, this did not work as well as we would have liked when we all went into lockdown, many of us without a plan.

While there are still many benefits to monitoring the network when you have control of it, including reduced endpoint overhead and the ability to keep threats at a distance from sensitive assets, we need to ensure we can take as much of this protection as possible with us when we are out and about.

We must ensure not only that protection is optimized, but also that we don’t lose our ability to monitor, detect, and respond to attacks targeting these remote assets. Most organizations have moved to utilizing EDR/XDR solutions (or plan to in the very near future) , which is a great start, but not all solutions are comprehensive.

In the remote-work era, insufficiently protected remote users can encounter plenty of issues – malicious URLs and downloads, and networks attacks, to name only the most mundane – that in the Before Times would have been handled by machines guarding the corporate “fort.” The biggest missing components when users are “outside the fort” are HTTPS filtering and web content inspection of the sort that is typically implemented within next-generation firewalls. When you add these technologies to pre-execution protection, behavioral detection, machine learning models, client firewalls, DLP, application control, and XDR, you are starting to look at a comprehensive stack of defenses for attackers to overcome – even if the endpoints themselves are now free-range.

For initiatives like zero trust network access (ZTNA) to be effective, we must not only wrap the applications we interact with, but we must also wrap the endpoints that connect to them. Simple checks like whether the OS up-to-date and whether it has security software installed may be a good start, but not all protection is created equal.

With most devices being connected to the internet whenever they’re in use, we can leverage the power of the cloud to help provide ubiquitous protection and monitoring. Modern security solutions must assume the endpoint device or phone is in a hostile environment at all times. The old idea of inside and outside is not only outdated, it’s downright dangerous.

The writer Chester Wizniewski is a Field CTO Applied Research at Sophos

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

Continue Reading

GRTech

The Economics of Product Decisions: Applying Behavioural Economics and Game Theory in PM

Published

on

Amarachi Nnochiri
Amarachi Nnochiri

Product managers often need to make a clear-cut decision: what should we build next? But the decisions which hold real importance go beyond adding features.

It’s about getting what makes people tick.

It goes way beyond what you would expect, getting into how people behave and using game theory.

These areas give insight into how users decide and how a product’s design can improve growth and keep people interested.

This is what Amarachi Nnochiri excels at. She is a senior product manager that knows how to use economics and psychology in her job.

She goes beyond simply managing product tasks; she develops whole product systems based on how users think, feel, and use a service. Her background shows how understanding human psychology and behaviour can give you a significant advantage in the competition.

One idea Amarachi uses is  “loss aversion.” In this scenario, people feel worse about losing something than they feel good about gaining something of equal value.

She uses this when designing her products, mostly when it comes to pricing and getting people to try new strategies. For example, instead of giving a free trial, she might use a freemium setup where users get some stuff for free but could lose it if they don’t buy an upgrade. This pushes them to pay.

She might also use progress bars or streak counters, since losing progress gets people to keep using the product.

Amarachi also uses ideas from “game theory” to get how users act and change their behavior. She realizes that users are doing more than operating a product, but are playing a game with other users or with the product itself. She designs things that use ideas like “Nash equilibrium,” where nobody can do better by changing what they’re doing. For a social product, this could mean creating a system where doing something good for yourself (like inviting friends) also helps everyone else. This makes the whole thing stable and positive.

Her know-how in game theory also applies to making strong “network effects.” This means making stuff that gets better as more people use it.

A good example is a social network where each new user makes the product more helpful for everyone else. Amarachi endeavours to make things go viral on purpose, not just by luck.

She might use “commitment devices,” which are things that make a user stick with a behaviour by making them depend on it socially or functionally. For example, inviting team members to a tool makes the user stick with the platform and makes the product’s network stronger.

This way of thinking is better than just following the usual steps. By using these economic and psychological tricks, Amarachi develops competitive advantages which are difficult to replicate.

She knows that a company’s best thing is not just a simple interface, but a product that’s designed to sync with how people behave.

Her product choices aren’t just about the needs of users, but equally focus on motivating them to like the product, use it, and stick with it.

In her work, choosing a subscription price isn’t just a business thing; it’s about behaviour. Designing a social feed isn’t just about the content; it’s about balancing what people want and watching how they interact. Amarachi knows extensively about the economics of product decisions. This makes her products innovative and appealing to human behaviour, which leads to more use, keeps people around, and helps the product grow. She’s a leader in product management, where identifying customer desires is backed by understanding human motivation.

Continue Reading

GRTech

Glo reduces international call rates 

By Sandra Ani

Published

on

Glo and Globacom


Technology Company, Globacom, has announced significant reductions in its International Direct Dialing (IDD) rates, making international calls more affordable for its existing and new customers across Nigeria.

Effective August 10, the new rates began applying to over 15 popular international destinations, including United States which will has moved to ₦30 per minute, down from ₦35, United Kingdom is now N350 from ₦400, while India also moved down to ₦40 from N45.

The rates for China, Saudi Arabia and Cameroon however recorded major reduction moving to N75, N300 and ₦700 respectively.


The reduction was also extended to African countries including Benin Republic which goes for ₦650 per minute, Niger Republic ₦750, Ghana ₦500, and Togo ₦650. United Arab Emirates also moved from ₦450 to ₦325, Germany to ₦550, Côte d’Ivoire ₦700, Libya ₦700, while calls to Malawi is now N1,100 from ₦1,200.

Glo aims to provide more value for its customers through these revised rates, encouraging them to make Glo their preferred network for international calls. New IDD bundles will also be introduced, offering frequent international callers even more attractive deals.

Globacom, which remained optimistic that frequent international callers will benefit immensely from the reductions in IDD bundles, enjoined customers to take advantage of the new rates to stay connected with friends and business associates across the globe.

Continue Reading

GRTech

Oil subsidy removal freed up resources for infrastructure – Enugu Governor 

By Orji Israel, South East Correspondent

Published

on

Oil benchmark

The Executive Governor of Enugu State, Peter Mbah, has attributed the financing of numerous infrastructure projects embarked by the state government to the oil subsidy removal policy of the President Bola Ahmed Tinubu administration.

He made this declaration at the Govermment House, Enugu, during a courtesy visit by a delegation of federal government led by Minister of Information and National Orientation, Mohammed Idris, as part of activities lined up for the 2-day Citizens’ Engagement Series in the South East geo-political zone.

“For us in Enugu, we are able to accomplish all we promised our people during the campaign, thanks to the bold decision taken by President Bola Tinubu, which has freed up resources needed to execute humongous capital projects,” said Governor, while listing ongoing projects in the state, which include the construction of 7,000 classrooms, 3,300 hospital beds and 2,000-hectare of 260 farm estates across the 260 wards of the state.

Governor Mbah also pledged more support for the policies of the federal government, saying they are in the best interest of the people of the state.

Continue Reading

Trending