Recent

How Cyber Intelligence Works When All Else Fails

November 16, 2017

Author: Nithen Naidoo, Founder and CEO   At Snode, we like to see things differently and naturally gravitate towards alternative analysis. We are often asked why we use the phrase “Cyber Intelligence” as opposed to “Cybersecurity” to describe our real-time analytics platform. Our view is a paradigm shift (by design) and therefore not strictly aligned to standard definition. That said, it’s an excellent way to describe Snode’s unique value proposition. We see Cybersecurity as a technology layer, consisting of automated, signature based systems (e.g. Intrusion Prevention Systems); searching for known, commonly indiscriminate and unsophisticated attacks. We believe these traditional security controls are essential to a good security posture and complement the Snode Cyber Intelligence solution. Cyber Intelligence, in a Snode (design) context, is viewed as an autonomous layer that lies above the traditional cybersecurity stack; assessing network behaviours, threat intelligence and leveraging machine assisted analytics. Such technologies are designed to protect against more sophisticated and targeted attacks that have never been seen before and therefore circumvent signature based controls. As an example, consider the following: an authenticated, authorised finance staff member accesses a financial system database. Such activity would not be considered malicious by a signature based control and generally goes unnoticed as this is role-based acceptable behaviour. However, a Cyber Intelligence platform may report this behaviour as anomalous since it deviates from the user’s normal pattern of behaviour. Therefore, such activity may be indicative of, and reported as, a potential disclosure of sensitive data. This scenario was an actual finding at a Snode mining client. A subsequent investigation found that the employee was colluding with an organised labour (union) member to supply sensitive financial information ahead of an upcoming wage negotiation. Hence, we describe Cyber Intelligence as the technology layer that goes to work; when all else fails.

#SS17HACK extends to Northern Cape

July 12, 2017

Source: ITWeb   The hackathon to be held at ITWeb Security Summit 2017 is extending to the Northern Cape. Spearheaded by Geekulcha, and run in conjunction with ITWeb Events and Snode, it is the first hackathon to take place at ITWeb Security Summit, and is aimed at stimulating and growing skills capacity in information security. Various organisations are collaborating on the hackathon, where participants will interact and get a chance to be guided by over 500 cyber security minds at the summit. As a first edition, the hackathon will only accommodate 30 people at Vodacom World in Midrand. The Northern Cape Department of Economic Development and Tourism has commissioned a parallel Security Hackathon in Kimberley, on 16 and 17 May, in collaboration with Sol Plaatje University, Geekulcha Student Society (GKSS). The Kimberley edition of the hackathon will be managed by the GKSS and local entrepreneurs from the Diamond Creative Vision Hub. A team of 11 people from the department and GKSS attended the training Ideathon in Pretoria, to get a sense of how to run things. A team from Snode will help the Kimberley edition of the hackathon by providing mentorship to ensure the participants build the most secure solutions possible. #SS17Hack Midrand and Kimberley will be broadcast live to each other, giving a sense of concurrency, although each hackathon will have its own judging process.

Maths deployed as cybercrime ‘street fighter’

May 17, 2017

Source: ITWeb   By deploying mathematical algorithms in the fight against cybercrime, organisations stand to gain the 'street fighters' of cyber defence in their arsenal. This is according to Snode chief technology officer and founder Nithen Naidoo, who told delegates at the ITWeb Security Summit 2017 that algorithms already in use in other sectors stood to significantly improve cyber defence. "Maths is fast, doesn't lie and makes no assumptions. By using advanced algorithms, we are able to introduce intelligence amplification - rather than artificial intelligence - to the fight against cyber crime." He says these algorithms will help organisations catch over 80% of attack attempts, whereas artificial intelligence (AI) catches only around 30 - 40%. "We took statistical analytics from other spheres and applied it to cyber security. I don't know why we haven't used it before, but now it's here."   "Maths is fast, doesn't lie and makes no assumptions."   Naidoo said machine learning and mathematical algorithms combined could be harnessed to constantly monitor user behaviour and seek anomalies across any data, as well as patterns that are precursors to events.

Bringing new concepts to infosec

April 26, 2017

Source: ITWeb   Young professionals with an interest in developing their infosec skills, meeting with like-minded individuals and gaining access to experts in their fields attended phase one of the inaugural #SS17HACK, to be held at ITWeb Security Summit 2017. The preselection process, Ideathon, took place in Tshwane on 22 April. The overall theme, "Innovation in Security", challenged disruptive innovators to build the most secure systems possible, as well as explore new innovative mechanisms for the security sector. The day kicked off early with over 40 aspiring 'hackers' arriving from different parts of Tshwane, Ekurhuleniand the Northern Cape. Their mandate was to spend time learning from experts on topics such as Twitter intelligence, malware threats, ethical hacking and integrating secure coding into the SDLC. They were also given the opportunity to mingle with infosec minds such as Manuel Corregedor of Telspace Systems, Nithen Naidoo of Snode, Ivan Burke and Francois Mouton of CSIR, Ashley Anthony of Isazi Consulting, and Grant Thompson of MTN. They later presented their ideas to this panel. During the ethical hacking session, presented by the CSIR, students got a snapshot of what happens online in any 60 seconds, as well as the number of data breaches over the same period. Over seven billion data records were lost or stolen since 2013, over four-and-a-half million daily and 52 per second. These take place across industries but are more prevalent in the retail and financial sectors. Attendees delved into the types of hackers out there, what phases hacking goes through and the questions ethical hackers need to answer. info|Guardian then provided students with a session on SDLC. Snode Twitter Intelligence Challenge, the next presentation of the morning, exposed how intelligence gleaned from Twitter has been used to track criminals, prevent potential terrorist attacks and monitor its users. Snode also revealed some data pertaining to the real agenda behind the recent #feesmustfall campaign. The students were exposed to the challenges associated with using such data to correctly predict patterns and come up with creative and innovative ways to apply possible solutions. The malware threat presentation by Telspace Systems drew attention to: what is malware really, are the current anti-malware products working and how they work. The afternoon was all about innovation, new ideas and concepts, with nine teams represented. Their ideas ranged from social media education to new voting techniques, facial recognition to artificial intelligence, and machine learning, all from a secure foundation. Only 30 of the over 140 registrants to #SS17HACK will be chosen and will further develop their concept, under the guidance of experts, at the main event on 16 and 17 May.   From ideas to reality   Judges and mentors at the event had this feedback for the up-and-coming infosec professionals: Ashley Anthony of Isazi Consulting noted: "One of the most important quotes that I think the students should think about based on the presentations that we heard comes from Albert Einstein: If you can't explain it simply, you don't understand it well enough." ITWeb's Ivan Regasek said: "The participants seemed to grasp the various security concerns presented. The problems addressed were largely on point, and ideas generated ranged from good try to brilliant. I trust the problems tackled will give food for thought to the security community at the event, and am much looking forward to the experienced community guiding the ambitious contestants towards hopefully creating real solutions." Manuel Corregedor of Telspace Systems said: "It was really great to meet students with different backgrounds and skill sets in IT. There were some really great ideas and it was good to see some attendees proposing solutions that could be used to better protect the end-user, through the use of technologies such as browser extensions, blockchains, artificial intelligence, mobile applications and biometrics. I am really looking forward to the hackathon, where we will see these ideas come to life and possibly change the world."

Popular

#SS19Hack underway at Security Summit 2019

May 28, 2019

Author: ITWeb With the first day of ITWeb’s 2019 Security Summit underway at the Sandton Convention Centre in Johannesburg, 50 young tech enthusiasts are participating in this years’ Hackathon event sponsored by PwC. The hackathon, held by ITWeb in conjunction with ICT skills development company Geekulcha and Snode Technologies, aims to nurture individuals who are keen to develop their skills through learning and innovation, and who have a passion for cyber security.  Running for the third time alongside the summit, this year’s hackathon is themed ‘Protecting connected citizens in the 4IR’.  Aptly called #SS19hack, the hackathon has participants as young as 13 participating and engaging with industry leaders. Lerouro Mogeora, aged 13, is the youngest participant this year, while for 14-year old Sifiso Nkabinde this is the second year at the event. Those participating range from high school pupils to students from the Vaal University, the Tshwane University of Technology and the University of the Witwatersrand.  There are 13 teams hacking it out, creating secure IoT applications. As they code, they need to identify at least three vulnerabilities within their applications utilising OWASP, an open source cyber security platform for checking common vulnerabilities. OWASP also has tools to assist the coders in improving the security of their software. A week ago, at a similar hackathon event in Kimberly, eight teams were competing, with the winning team there creating a solution that provides encrypted file share and messaging applications for government ministries. The top three teams from the event will also have their projects judged alongside those in Johannesburg. The overall winning team from the two Hackathons will win R20 000 sponsored by Micro Focus, with the second and third placed teams winning R10 000 and R5 000 respectively, courtesy of MTN.  An added bonus for the top team in Johannesburg is that they will be awarded the Tshimologong Precinct Security Summit Hackathon trophy.  The #SS19hack continues during the second day of the ITWeb Security Summit 2019. Mentors Ivan Regasek, CEO, ITWebRidewaan Hanslo, CSIR Steve Jump, TelkomSolomon Bhala, PwCBernard Mashala, Transet Nithen Naidoo, SnodeFrancois Mouton, CyanreIcconies Ramatsakane, PwCGift Nyembe, PwCMarco Loots, PwCMichael van Rensburg, SnodeTsholofelo Rantao, PwCThulisile Dlamini, Ikusasa Tech Solutions  Panel of judges Doreen Mokoena, ZADNALucy Motsieloa, PwCSeth Robbertse, Micro FocusKendal Makgamathe, TshimologongSorene Assefa, Cyber Czar       

Freshworks Networking Meet – Consumerisation of IT

May 23, 2019

On Thursday 23 May 2019, we attended the Freshworks Networking Meet talking about the impact of an increasingly connected world. In 2019, the influence of IoT, cloud, and BYOD have a dramatic impact, not only in our personal lives, but also in the world of business. It is crucial that organisations shift their thinking from a historic view of cybersecurity as a “grudge purchase” to something that is vital to the running of your organisation, is crucial for success and can often win battles in the boardroom. Our Founder and CEO, Nithen Naidoo, spoke about the changes we have seen in our client environments, especially with the workforce becoming increasingly dominated by millennials who expect to be connected at all times. Unlike traditional antivirus software, DLPs and firewalls, the Guardian platform is able to detect even the smallest changes in your networked environment and provides organisations with an unprecedented level of visibility and control of their network. It allows businesses across the globe to identify and prevent potential data exfiltration, malware infections and avoid catastrophic ransomware attacks such as the well-known Wannacry malware. Once the floor was opened for questions, the audience raised concerns around how secure (1) Mac vs Windows Operating Systems are and (2) mobile vs desktop platforms, with a mention of the recent Huawei-Google ban. The long and short of it is that there is no one platform that is more or less secure than another, every system contains some form of vulnerability and can be exploited just as easily, the question comes in around what is most lucrative for the attacker. The myth of a Mac being more secure than a Windows PC is largely due to the fact that there are simply more Windows PCs out there and most organisations across the globe make use of Windows Operating Systems as the norm. Attackers, like businesses, often focus on ROI and will always focus their attention on where they believe they can have the greatest impact. When it comes to the mobile industry, mobile malware is growing at a rapid rate and often mobile devices are a greater concern than laptop or desktop devices as many users often blindly accept permissions on all their applications and are generally more trusting when it comes to a potentially “life-changing” application that appears on the app store. This poses a particular risk to organisations as these devices are often brought into the office and are connecting to the corporate network, allowing the malware to spread though the network and impact the business productivity and reputation. Following Naidoo’s keynote, we joined a panel discussion chatting about creating a balance between organisational productivity and enterprise security in the age of consumerisation. Naidoo was joined by Darren Bilse (Systems and Technology Manager at Spark Schools), Andre Fredericks (CIO at Indie Sanlam) and Greg Lock (Senior Solution Architect at ITEC South Africa); moderating the panel was Saurabh Prabhuzantye (Business Head – MEA at Freshworks). Topics covered in the panel covered everything from how consumerisation of IT has impacted the organisations for which the panellists’ work, to how migration to the cloud has brought both benefits and challenges to IT heads and CIOs around the world, to understanding what you are buying and whether or not it suits your organisation and the needs of your team on the ground; real world problems facing real world organisations. The meet was a great information and knowledge sharing platform, allowing vendors and customers alike to openly share their opinions and experiences and to leverage off of the combined knowledge of South African and global IT professionals.  We would like to thank the Freshworks team for inviting us to participate in this event and look forward to working with them in the future!

“Electricfish” – The latest malware from North Korea’s Hidden Cobra government hacking crew.

May 10, 2019

The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) have issued a joint Malware Analysis Report (AR19-129A) on a new malware variant used by the North Korean government. This malware was detected while tracking the malicious activities of the North Korean-backed hacking group Hidden Cobra (also known as Lazarus) and has been identified as Electricfish. Lazarus Group is a cybercrime group made up of an unknown number of individuals. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them over the last decade. A notable attack by the group is the attack on Sony Pictures in 2014, which was the start to one of the largest corporate breaches in recent history. The hackers were able to cripple the Sony network for several days and gain access to valuable insider information including previously unreleased films and the personal information of approximately 4,000 past and present employees. The group was also able to access internal emails and reveal some very speculative practices going on at Sony.  This latest report on Electricfish, published on the US-CERT website, comes with a detailed analysis of one malicious 32-bit executable file found to be infected with Lazarus' Electricfish malware. In this file, the malware appears to implement a custom protocol that creates a connection between the infected host and an external, malicious, destination host, bypassing authentication controls to reach outside of the network. Once a connection has been established, the Electricfish malware is able to funnel internet traffic between the two machines allowing the malicious actors to funnel information collected from compromised computers to servers that they control. The full, detailed report and analysis for the Electricfish malware sample as well as a full list of Indicators of Compromise (IoC’s) are available within the AR19-129A advisory.

#SS19Hack Ideathon young developers aim to protect connected citizens

April 11, 2019

Author: ITWeb Africa "Intriguingly challenging," is how one student described ITWeb's 2019 #SS19Hack Ideathon, held at the Tshimologong Digital Innovation Precinct in Braamfontein this past weekend. The ideathon is a build-up to the third annual cyber security-focused hackathon that will run alongside ITWeb Security Summit 2019 from 27 to 31 May. Organised by ITWeb in partnership with Snode Technologies and Geekulcha, the full-day software development training and brainstorming event hosted a bunch of young tech enthusiasts eager to learn new skills and solve problems. Mixo Ngoveni, founder of Geekulcha, told ITWeb the aim of the #SS19Hack Ideathon, and ultimately the hackathon in May, is to improve cyber security skills, tools and capabilities in the country. "With this one in particular, it is all about protecting the connected citizen." Those in attendance (students, tech entrepreneurs, software and hardware developers, designers and analysts) were welcomed by Kendal Makgamathe, community manager at Tshimologong, and Ivan Regasek, ITWeb CEO. The participants were separated into two teams: the red team (the attackers) and the blue team (the defence). Nithen Naidoo, founder and CEO of Snode Technologies, said the idea behind breaking the teams into two was about the "gamification" concepts, and making it more exciting for both the players and supporters. Ridewaan Hanslo, software engineer, advisor and researcher at CSIR, told the blue team: "You are the people that must find solutions. They [hackers] get glorified by finding problems; that's typically how it works." Steve Jump, head of corporate information security governance at Telkom, was one of the mentors and spoke to students about the importance of "securing by design" when writing software. Solomon Bhala, senior manager of cyber threat detection and response at PwC, gave a detailed credit card fraud presentation that had teams actively participating and asking questions around cyber attacks and credit card fraud. Naidoo noted Snode is working with PwC and a few large security companies to offer all the participants three-month internships so they can take the skills they have learned at the #SS19Hack Ideathon and implement them. They would get to work with knowledgeable cyber security teams, get paid, and potentially become full-time employees of those companies. "So it is a great opportunity not just for us to nurture talent but to source it for other cyber security companies."

Videos

Nithen Naidoo on South African start-up Snode’s use of Big Data analytics for Cybersecurity

February 26, 2018

Nithen Naidoo, Founder and CIO, Snode talks about: what the company does and how; how Snode Guardian can identify cyber-attacks; how the company has been funded; and future plans.

PHP Meetup (16 Jan 2018) – Part 2

February 15, 2018

The second in a series of videos from the PHP Meetup event hosted at the Hello Group on 16 January 2018.

PHP Meetup (16 Jan 2018) – Part 1

January 25, 2018

The first in a series of videos from the PHP Meetup event hosted at the Hello Group on 16 January 2018.

Snode | Who We Are

September 8, 2017

Snode is a data analytics platform that is designed to make the lives of whomever uses it easier, to assist in solving problems that were previously thought impossible, and to ultimately make a fundamental difference in the world as we know it.