IT Briefcase Exclusive Interview: Online Security without Compromise, with Alex Balan at BullGuard

In the interview below, Alex Balan from BullGuard outlines the primary security threats that both users and businesses are facing online today, and offers expert advice for avoiding the “dark corners” where hackers may be lurking.

• Q. What are you seeing as the biggest online security threats to businesses today?

a. Lack of a security officer and an information security division. May it be internal or externalized, it should be there. Most companies rely on best practices and for all intents and purposes that’s enough, but if a business becomes a target, common best practices won’t be enough. Hackers will resort to an arsenal of tools and techniques to get what they want and without someone that knows intimately what and how they think, any business will be compromised.

b. Marketing in Hacking is a new concept that is emerging on the scene and is about hacking easy targets related but with no actual direct impact on a business or simply digging up some publicly available data, publishing it online and claiming that they hacked Company X. For all intents and purposes, that data may be meaningless but in the eyes of the public it may look like Company X actually got hacked. The mitigation for this is very good PR and ensuring that absolutely anything that can be targeted in connection with the company is also safeguarded.  Look inside your company and every single piece of equipment with no exception. From my experience I can tell you that in every single company I was in contact with there were at least a few servers about which I heard the magic words “Ah.. that’s not important, they can’t get much from that” or “Ah.. that’s not managed by us. Company Y owns that even though it’s on our domain”.

c. Un-managed and un-updated servers. It’s a no brainer but sadly, most servers online are compromised simply because the admins don’t update them

d. In-house programmed websites that are not subject to constant scrutiny from a security standpoint  and get hacked due to some slips from the programmers. Publicly available content management systems, while lacking some flexibility, have the benefit of being widely implemented across the globe and, as such, they’re being tested, bugs found faster and updated at a faster pace

e. SQL Injection is still king in 2013 when it comes to techniques used to hack into databases. Advice – Pen-test your websites and sanitize all your URLs and inputs

f. Cross Side Scripting (XSS) is becoming more and more popular as a method of hacking user’s credentials by using a vulnerable point in a company’s website that allows an attacker to craft an URL that appears to be from that website but, in fact, it takes the user to the hacker’s website.

g. Be mindful who you do business with. Be mindful about which 3rd party servers or system you allow access. A lot of companies are being hacked by “proxy”. Instead of directly hacking a tough-to-access company webserver, hackers may hack another server from a partner company with which your company communicates frequently and use it as a platform to launch attacks on your company with a higher success rate since the attacks come from a more trusted source

h. Mobile Devices / BYOD (to be detailed below)

i. The employees. This is the oldest and the most efficient way to hack your way to any data you want in a company. In almost all companies, the employees have poor to no security training and in a demonstration provided by a pen-testing company last year, they managed to get into almost all the C-Level accounts by simply calling them during the week-end, pretending to be “John from IT”, telling them that “Greg Martin, the IT Director” (using the real name of the IT Director) asked them to ensure a smooth transition of the e-mail system over the week-end. As such, they need to make sure that the C-Level people’s e-mails are working before everyone else’s. “Please tell me your username and password so I can make sure they work”. This is, of course, a simplified version of the story but you get the gist.

• Q. What is your take on the risk vs. compliance issue companies face when dealing with BYOD in the workplace?

a. I will make this simple for everyone facing the BYOD issue: Any device that connects to your infrastructure either directly or through VPN has to have security and management tools on it. No management and security = No access. Hacking or “infecting” mobile devices is currently probably the easiest thing that a hacker can do since the adoption rate for Mobile Security solutions is still very low at the moment. Hackers can and WILL use any mobile device they can get in contact with as a platform from which they’ll stage attacks on your internal networks.

• Q. When people think of online security threats, they often associate these threats with email attacks. In your opinion, should email be the primary focus? Or should users also be aware of other “dark corners” where threats might be lurking?

a. The catch is to think of e-mail as a communication platform. You use it to communicate with people. Hackers use it to communicate with you. Now, ask yourself, what other communication platforms are there at this point in time?  Yes. ALL of them can be used to send malware, exploits, phishing links, and social engineering attacks tricking you into doing stuff. Worth noting, ALL OF THEM ARE BEING USED and, currently, e-mail is no longer at the top of the list when it comes to mediums used to propagate attacks. Facebook, Twitter,  instant messaging, that’s where the “magic” happens.

• Q. How is BullGuard currently working to protect users from security threats such as fake alert software, mobile malware, and ransomware?

a. BullGuard and its users are currently in a very privileged position. We embedded the best possible engines within our product and gave it an easy-to-use, easy-to-understand look & feel. The fact that everything under-the-hood is the absolute best in protection is not a claim we make lightly. We’ve scored a significant number of awards and certifications on protection and performance from the top rated institutions in the industry: AV-Test and AV-Comparatives.

b. Bundled with the engines that provide an uncompromising level of protection against any threats that a computer user may encounter, we have also taken the security concept to a new level: THE PERSON, not just the system. We have just launched BullGuard Premium Protection which, besides all the features from a state-of-the-art Internet Security desktop solution includes Social Media Protection, an online service that secures your Social Media (currently just Facebook) experience and Identity Protection, another online service that monitors the dark corners of the internet for any possible breach of your private data (account credentials, credit cards, etc)

• Q. What steps can parents take to keep their children safe from online and mobile security threats, and what type of solution does BullGuard currently have in place to assist with this?

a. First of all, I would say that a parent should properly balance “Control” and “Deny” when it comes to allowing their children access to the Internet. Simply because, as it turns out, the more you deny a kid something, the more he or she’ll try to get there. This is where Parental Control software steps in and either just keeps a guardian eye over the child’s activities and lets the parent know if the kid accessed a website he or she wasn’t supposed to, was in contact with some bad people on Facebook or simply played that special game more for more than allowed. Or actively controls and prohibits access to predefined types of websites or limits the computer usage to specific times. BullGuard’s Parental Control and Social Media Protection (both available in BullGuard Premium Protection) provide all these and more to ensure that parents feel more comfortable when leaving their children in front of a computer.

• Q. In your opinion, what sets BullGuard’s Premium Protection solution apart from other security solutions on the market today?

a. Most security solutions are starting to compromise the level of protection provided in favor of usability and system performance. We managed to provide both. BullGuard Premium Protection provides protection at a level that’s very tough to beat and all of our users feel safer with BullGuard than with any other solution. Additionally, the solution is incredibly light on resources, adding almost no visible dent on system performance. On top of all that, we’ve included Social Media Protection and Identity Protection, two services that are running online 24/7 to ensure that your identity and person are secured as well as your system.

Alex Balan, Head of Product Management, BullGuard

Ethical Hacker, Security Researcher and Evangelist, Alex Balan is currently the Head of Product Management for BullGuard Software, following a 9 year career in Product Management tied with 10 years of activity in the security industry. You can follow his thoughts on twitter at @jaymzu