Cyber Security Institute

Wednesday, July 27, 2016

IT Security News - 2016-07-27

Table of Contents

  • ​Australian firms face growing cyber litigation threat
  • As Biometric Scanning Use Grows, So Does Security Risk
  • Researchers Struggle to Determine True Cost of Data Breaches
  • Here are the key security features arriving with Windows 10 next week
  • Senate body approves controversial cyber-crime bill [ISLAMABAD]
  • Ransomware 2.0 is around the corner and it's a massive threat to the enterprise
  • Security Current Launches eBook on Phishing and Malware in Ongoing Series for CISOs
  • The rise in cyber attacks shows we need to change the way we think about crime
  • Nonprofit cybersecurity key to serving community responsibly, experts say
  • Changing security situation, deeply convinced practicing the new security concept [auto translated - so text is challenging]
  • The Cost of a Data Breach in India: What You Need to Know
  • WinMagic survey finds 23% of businesses claim to stop a data breach a day
  • The Information Security Leader, Part 4: Three Persistent Challenges for CISOs
  • Debunking the common myths of Data Loss Prevention (DLP)
  • Hands up, whose firewall rules are a mess? Yes? Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe. In fact, 65% of the 300 security professionals surveye
  • Enhancing cyber security by implementing a robust threat and vulnerability management program



​Australian firms face growing cyber litigation threat
Australian companies face ‘US levels’ of litigation if they fail to prepare for mandatory data breach reporting requirements which are likely to come into effect this year, a lawyer has warned. 
Speaking in Sydney, Adam Salter, a partner at law firm Jones Day’s cybersecurity, privacy and data protection practice, said companies not adequately prepared are at greater risk of being sued by their corporate customers.
Litigation would be initiated for breach of privacy obligations embedded in customer contracts and by consumer customers, he said. 
Salter based his view on the firm’s experience in other jurisdictions – such as the US and European Union – that have introduced mandatory data breach notification laws. 
Salter said Australian businesses should regularly review and strengthen their IT and data security systems, policies and procedures and prepare for how they would report a potential data breach to authorities and customers.
Link: http://www.cio.com.au/article/603956/australian-firms-face-growing-cyber-litigation-threat/



As Biometric Scanning Use Grows, So Does Security Risk 
The use of biometrics has exploded in recent years, with companies ranging from 24-Hour Fitness to NYU Langone Medical Center using this convenient technology to identify their customers. 
By 2019, biometrics are expected to be a 25-billion-dollar industry with more than 500 million biometric scanners in use around the world, according to Marc Goodman, an advisor to Interpol and the FBI.
Newest to the scene, Wells Fargo this fall will begin offering a smartphone app with biometric authentication for corporate customers — making all their financial information just an eye scan away. 
But there have already been cases of biometric hacking on a large scale.
An estimated 22 million people had their personal data stolen in a massive data breach at the Office of Personnel Management in December 2014, including RAND privacy expert and mother of two Rebecca Balebako.
She received a letter from OPM last year informing her that her personal information, including her ten fingerprints, were stolen in the breach. 
As biometric technology grows more personal and more widespread, so too do the risks to personal privacy.
Link: http://www.nbcnews.com/tech/tech-news/biometric-scanning-use-grows-so-do-security-risks-n593161



Researchers Struggle to Determine True Cost of Data Breaches 
Depending on the estimate, the average data breach can cost a company $7 million or $150 million.
Why are data breach costs so difficult to estimate? 
In May, tucked away in its quarterly filing to the Securities and Exchange Commission, retail giant Target updated its running total of the cost of its 2013 holiday season breach. 
While the retail giant may have outdone its peers with the bill for its breach, it is hardly alone.
U.K. mobile service provider TalkTalk attributed more than $80 million in losses to a breach that garnered information on 157,000 customers.
Following its breach in 2014, Home Depot tallied at least $161 million in costs from the loss of 40 million payment-card accounts and more than 50 million e-mail addresses, the company claimed in March. 
Yet, other companies have no idea how much damage their breaches have done.
In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem.
More than a year later, the company cannot put a number to its damages. 
Yet, other companies have no idea how much damage their breaches have done.
In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem.
More than a year later, the company cannot put a number to its damages. 
A more modest estimate, from the Ponemon Institute's “2016 Cost of Cybercrime” report, found that the average company could expect a $4 million loss per breach incident today.
U.S. companies have consistently higher losses, including an average breach cost of $7 million and an average per-capita breach cost of $221.
U.S. companies and organizations also encountered higher costs from the loss of customers, the report stated. 
Having a well-trained incident response team and extensively using encryption were the two strategies that most decreased the cost of data breaches, while the involvement of a third party in the data breach and a company’s use of an extensive cloud infrastructure were the two factors that most increased costs, according to the “2016 Cost of Cybercrime” report. 
The disagreement between approaches is par for the course in data-breach calculations.
In a paper comparing six data-breach cost calculators, two Colorado State University researchers found that each approach made different assumptions and arrived at different per-record costs for data breaches. (Three of the calculators were created in conjunction with the Ponemon Institute and three different sponsors.)
Link: http://www.eweek.com/security/researchers-struggle-to-determine-true-cost-of-data-breaches.html



Here are the key security features arriving with Windows 10 next week 
The new functionality aims to help IT departments protect their companies before and after a breach
Windows Information Protection aims to make it possible for organizations to compartmentalize business and personal data on the same device.
It comes alongside the general release of Windows Defender Advanced Threat Protection, a system that uses machine learning and Microsoft's cloud to better protect businesses after their security has been breached. 
Using Windows Information Protection, companies can encrypt their data on employee devices using keys that are controlled by IT. 
Companies can also set policies about which applications can be used to handle business data, so users can't live-tweet the content of a company's HR system, for example. 
For businesses to use Windows Information Protection, they'll need a Windows 10 Enterprise E3 subscription, which costs $7 per user per month. 
Windows Defender ATP requires a company be subscribed to the more expensive Windows 10 Enterprise E5 service, which is meant for companies looking for premium Windows 10 add-on features.
Link: http://www.computerworld.com/article/3100025/security/here-are-the-key-security-features-arriving-with-windows-10-next-week.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&idg_eid=d5d83



Senate body approves controversial cyber-crime bill [ISLAMABAD] 
ISLAMABAD: A Senate panel on Tuesday approved the controversial Prevention of Electronics Crimes Bill 2015. 
The bill, which has already been approved by the National Assembly, will now be put up for discussion in the Senate, which must approve it before it can be signed into law by the president. 
Salient features of bill

Up to seven years imprisonment, Rs10 million fine or both for hate speech, or trying to create disputes and spread hatred on the basis of religion or sectarianism
Up to three years imprisonment and Rs0.5 million fine or both for cheating others through internet
Up to five year imprisonment, Rs5 million fine or both for transferring or copying of sensitive basic information
Up to seven years imprisonment and Rs0.5 million fine or both for uploading obscene photos of children
Up to Rs50 thousand fine for sending messages irritating to others or for marketing purposes.
If the crime is repeated, the punishment would be three months imprisonment and a fine of up to Rs1 million
Up to three year imprisonment and a fine of up to Rs0.5 million for creating a website for negative purposes
Up to one year imprisonment or a fine of up to Rs1 million for forcing an individual for immoral activity, or publishing an individual’s picture without consent, sending obscene messages or unnecessary cyber interference
Up to seven year imprisonment, a fine of Rs10 million or both for interfering in sensitive data information systems
Three month imprisonment or a Rs50 thousand fine or both for accessing unauthorised data
Three year imprisonment and a fine of up to Rs5 million for obtaining information about an individual’s identification, selling the information or retaining it with self
Up to three year imprisonment and a fine of up to Rs0.5 million for issuing a SIM card in an unauthorised manner
Up to three year imprisonment and fine of up to Rs1 million rupees for making changes in a wireless set or a cell phone
Up to three year imprisonment and a fine of up to Rs1 million for spreading misinformation about an individual
Up to three years imprisonment and fine of up to Rs1 million for misusing internet
Link: http://www.dawn.com/news/1273324/senate-body-approves-controversial-cyber-crime-bill



Ransomware 2.0 is around the corner and it's a massive threat to the enterprise 
"The landscape is simple.
Attackers can move at will.
They're shifting their tactics all the time.
Defenders have a number of processes they have to go through," said Jason Brvenik, principal engineer with Cisco's security business group, discussing the Cisco 2016 Midyear Cybersecurity Report. 
Cisco used data from its customers to create the report, since there are more than 16 billion web requests that go through the Cisco system daily, with nearly 20 billion threats blocked daily, and with more than 1.5 million unique malware samples daily, which works out to 17 new pieces of malware every second, Brvenik said. 
The next step in the evolution of malware will be ransomware 2.0, which Brvenik said "will start replicating on its own and demand higher ransoms.
You'll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted.
That's really a nightmare scenario." 
Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company's network, Brvenik said. 
New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency.
For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions.
These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities, according to the report. 
Brevik noted that the nature of the attack is also likely to change, focusing on service-oriented technologies and systems, with teams ready to attack and try to compromise systems.
Advertising is a viable model for attack. 
"We saw a 300% increase in the use of HTTPS with malware over the past four months.
Ad injection is the biggest contributor.
Adversaries are using HTTPS traffic to expand time to operate.
That's the attacker opportunity as it exists today," he said.
Link: http://www.techrepublic.com/article/ransomware-2-0-is-around-the-corner-and-its-a-massive-threat-to-the-enterprise/?ftag=TRE684d531&bhid=21487072891631060763005914609462



Security Current Launches eBook on Phishing and Malware in Ongoing Series for CISOs
TENAFLY, N.J., July 26, 2016 /PRNewswire/—Security Current, an information and collaboration community by CISOs for CISOs, today announced the release of its latest ebook, A CISOs Guide to Phishing and Malware by Joel Rosenblatt, which now is publicly available.
The ongoing Security Current ebook series, A CISO's Guide to… provides insights and guidance on key issues facing today's CISO from a CISO's perspective. 
In this ebook, Rosenblatt, director of information security for Columbia University, explores real-world examples of advanced targeted attacks via email and social media, demonstrating how these evolving threats are increasing an organization's business risks.
More specifically, he explores attack vectors such as email that are being exploited as never before.
Link: http://www.prnewswire.com/news-releases/security-current-launches-ebook-on-phishing-and-malware-in-ongoing-series-for-cisos-300303829.html



The rise in cyber attacks shows we need to change the way we think about crime 
You are now 20 times more likely to have your money stolen online by a criminal overseas than by a pickpocket or mugger in the street, according to recent figures from the Office for National Statistics.
The figures, revealed that almost 6m fraud and cyber crimes were committed in the past year in England and Wales alone – making it now the most common type of crime experienced by adults in the UK.
The average frontline police officer also needs to be able to think about the digital crime scene as well as, or instead of, the physical one.
Being able to respond and investigate criminal cyber activity should no longer be the domain of police specialists – because, as the evidence shows, victims are more likely to suffer a cyber criminal act than any other form of crime.
Beyond law enforcement, society must think about the role of the private sector and their duty of care.
Everyone online is sitting on an internet service provider's network, which effectively owns the digital land upon which we have set up our digital lives.
In the physical world, landlords renting a property have a duty of care to the safety of their tenants, so surely it makes sense for our digital landlords to be held to the same standards.
To respond effectively we need to look at the data gathered on the nature of these crimes – to understand how cyber crimes occur, and who is most at risk.
In the long run, this will make it easier for law enforcement to work out how to tackle these cases.
But this must be done in a sensible and measured way, as the situation is likely to appear to get worse before it gets better as people become more aware of what these crimes are and how to report them.
Similarly organisations, such as the ONS and the City of London Police, will get better at recording cyber crime – causing the figures to go up again.
For now though, these new figures make it clear that cyber crime must become a significant priority for the police and crime commissioners up and down the country.
Link: http://phys.org/news/2016-07-cyber-crime.html



Nonprofit cybersecurity key to serving community responsibly, experts say 
Regardless of size or resources, nonprofits must keep cybersecurity top of mind. 
Regardless of size or resources, nonprofits must keep cybersecurity top of mind. 
Puckett has made cybersecurity a top priority for the foundation.
One of a nonprofit’s biggest risk areas is “reputation,” she said, and a breach of any kind can seriously compromise the trust a community places in an organization. 
“Nonprofits rely extremely heavily on their I.T. vendors,” she said. “ I know why — because they don’t know what they don’t know — but nonprofits need to become informed with some of the basics so that they at least know the questions to ask.
If they don’t know those questions, they need to reach out to resources that are available all over.” 
One of those resources is the West Michigan Cyber Security Consortium (WMCSC), a free-to-join group of more than 250 local businesses and organizations sharing best practices for remaining secure.
WMCSC is working with Trivalent Group Inc., the Better Business Bureau and the Michigan Small Business Development Center to host the third annual Michigan Cyber Security Conference on Oct. 5. 
Puckett said her organization performs multiple security audits throughout the year.
One audit reviews the foundation’s internal controls, such as password requirements, lockout policies, firewalls, two-factor authentication, etc.
Another audit involves a penetration test, in which a third-party consultant attempts to hack into the network to look for any weaknesses the foundation could patch up. 
The single most important issue to address, however, is employee education, sources said.
Considering how effective most of the modern security systems are, an uninformed or careless employee is actually the most likely cause of infiltration, according to Puckett.
That’s why she sends out monthly security awareness letters, as well as occasional phishing tests to see if employees will fall for the common password-stealing scam.
Even going to the wrong website can have disastrous results. 
For Goodwill, protecting the information of “the people we serve” is top priority, Wallace said.
Through various programs, such as career and health care services, Goodwill has access to many of its participants’ personal information.
As such, the Health Insurance Portability and Accountability Act (HIPAA) plays a large part in the organization’s security policies.
As one “very small example,” Wallace said that neither job coaches nor any other employees are allowed in any way to interact on social media with program participants. 
“It doesn’t matter what size you are,” Wallace said. “It’s important for any nonprofit that has private information about individuals.
You owe it to the people you’re serving.”
Link: https://mibiz.com/news/nonprofit-business/item/23843-nonprofit-cybersecurity-key-to-serving-community-responsibly,-experts-say



Changing security situation, deeply convinced practicing the new security concept [auto translated - so text is challenging] 
As China's first sales of over one billion yuan veteran security vendors in the security market, deeply convinced annual earnings growth of 30%.
By 2015, sales are deeply convinced of a breakthrough 1.6 billion in security virtualization and variety of products continued to maintain market share. 

In recent years, emerging security events to promote the development of the network security market, the number of network security vendors continue to increase, the structural safety of the product are continuously enriched, market size and network security investment constantly increasing.
As China's first sales of over one billion yuan veteran security vendors in the security market, deeply convinced annual earnings growth of 30%.
By 2015, sales are deeply convinced of a breakthrough 1.6 billion in security virtualization and variety of products continued to maintain market share.
The changing face of the Internet and the escalating threat, as well as fierce competition in the market, deeply convinced of the safety concept to practice what is it.
Faced with ever-changing network security situation, the urgent need to change in response to changes in the security environment and IT attacks occurred.
Security is not safe or is it the product of a pile of security services, but an ability. 
First of all, the visual is security.
Know thyself only know yourself, see the security necessary capacity of enterprises.
Only through their own lack of understanding, to see to understand the security situation, in order to identify threats and targeted for construction safety. 
Second, companies need to continue the detection of risks, and respond quickly.
There is no perfect thing, there is no hundred percent security.
Faced advanced targeted attacks (APT), we can not completely prevent the control of an attacker in, effective approach is to control their behavior to avoid further attacks and destruction. 
inally, secure delivery should be easy to use.
First, because of the ability to secure corporate security managers have become increasingly demanding, they need only to understand the network but also to understand the application, it is necessary to understand the technology, but also need to know the laws and regulations in order to guarantee effective lines of business, operations process security; and second, because the security management becomes complex, the need for information assets, to track human behavior, security risk management, and timely elimination of security risks. 
To achieve safe optionally starting from the following three points: First, more visual elements.
The elements of user behavior, assets and other visual analysis, to find the point of risk, and in a timely manner for safe disposal.
The second point, bypassing behavior defense system visualization.
Mainly involving sensitive information, external links, abnormal traffic.
Third, in order to render the management perspective.
To make it easier to understand the risks and effective security management, security required from a management perspective will be visualized presentation. 
In continuous testing, the need for the event has occurred, unknown threats, as well as loopholes in the system for continuous detection by detecting the terminal, abnormal behavior of the server, to detect unknown threats and new threats, detect new vulnerabilities because the system updates frequently generated, and ultimately quickly issued a policy based on test results, narrow the scope of the threat, quickly fix vulnerabilities. 
In this regard, deep convinced technology from the server security, endpoint security, security cloud platform to form a continuous integral detection technology architecture that provides detection of unknown threats, cloud scanning, cloud testing and other testing services continued. 
Simple secure delivery of on-line needs easier deployment, simpler daily operation and maintenance.
Infrastructure Security delivery need to simplify the integration of security functions as possible, and in an integrated strategy deployed on the front line of safety testing, simplify policy deployment;
Link: http://news.securemymind.com/2016072624304.html



The Cost of a Data Breach in India: What You Need to Know 
IBM and Ponemon Institute recently released the “2016 Cost of Data Breach Study: India,” the annual benchmark study on the cost of data breach incidents for companies based in India. 
Below are the key takeaways from the report:

The average total cost of a breach was 9.73 crore INR.
This represents a 9.5 percent increase over 2015 costs.
In comparison, the global average total cost of a data breach increased by 5.4 percent.
The size of data breaches increased as well — the average size grew by 8.5 percent in 2016.
This is much more than the global average increase of 3.2 percent.
The impact of data breaches varied by industry.
Certain sectors, such as financial services, had higher data breach costs when compared with industries such as research and the public sector.
Forty-one percent of companies experienced a data breach as a result of a malicious or criminal attack, which was the most common root cause of a breach.
The cost of a data breach was directly related to the number of records comprised in the attack.
The greater the number of records lost, the higher the cost.
Data breaches that involved less than 10,000 records had an average cost of 5.96 crore INR, while breaches involving more than 50,000 records had an average cost of 16 crore INR.
The longer it takes to detect and contain a data breach, the more costly it becomes to resolve.
Link: https://securityintelligence.com/the-cost-of-a-data-breach-in-india-what-you-need-to-know/



WinMagic survey finds 23% of businesses claim to stop a data breach a day
LONDON, UK – July 26, 2016 – WinMagic Inc., the intelligent key management and data security company, has today released survey data in which IT managers say they thwart an attempted data breach at least once a month.
The survey of 250 IT Managers found that a staggering 23% stop a breach every day.
A data breach can be the result of an attack on the network, or an employee inadvertently sending or taking information out of the corporate network without adequate care. 
The survey also spoke with 1,000 employees, 41% of whom believe IT security is solely the IT department’s responsibility – A further 37% say they have a role to play in IT security too.
Even though so many employees seemingly abdicate themselves of responsibility for IT security, a fifth of IT managers want to be able to empower them to use personal devices to access work documents.
Interestingly only 36% felt such access should be restricted to approved employees. 
IT managers also rated employees as the second biggest risk behind hackers to security (24%).
Link: http://www.pressreleaserocket.net/winmagic-survey-finds-23-of-businesses-claim-to-stop-a-data-breach-a-day/474317/



The Information Security Leader, Part 4: Three Persistent Challenges for CISOs 
CISOs and their teams must embody two distinct roles: subject matter experts in the technical aspects of cybersecurity and trusted advisers in making recommendations about security-related risks.
CISOs and their teams need to become confident in addressing four fundamental questions about security-related risks to help guide executive-level discussions toward making better-informed business decisions about managing risks to an acceptable level, as opposed to providing the executives with updates of tactical metrics having to do with security’s activities, work progress and operational costs.
CISOs and their teams need to learn how to overcome three persistent challenges in identifying, assessing and communicating effectively about security-related risks.
A surprising percentage of information security professionals lack an accurate understanding of risk, in spite of the fact that risk is the very reason for the existence of the business function called information security. 
One of the biggest challenges for CISOs is that security professionals traditionally think of cybersecurity as intangible, which is yet another reason why engaging in executive-level discussions about the question “How secure are we?” makes very little sense.
If something is intangible, our instincts tell us it can’t be measured.
Not surprisingly, many people with predominantly technical and engineering-oriented backgrounds experience an inherent discomfort in not being able to quantify security-related risks with precision. 
Ironically, CISOs and their teams often use emotional and qualitative approaches to communicate risks with business decision-makers. 
Qualitative and semi-quantitative risk assessments have become extremely popular.
They’re manifested in five-by-five heat maps that are typically visualized in vibrant green, yellow and red.
Security leaders say they like them because the business decision-makers seem to get it and they often lead to better conversations about risk.
Link: https://securityintelligence.com/the-information-security-leader-part-4-three-persistent-challenges-for-cisos/



Debunking the common myths of Data Loss Prevention (DLP)
MYTH 1: DLP requires significant internal resources to manage and maintain
MYTH 2: DLP requires at least 18 months to deliver value
MYTH 3: DLP requires policy creation first
In summary, DLP represents one of the strongest lines of defence available for businesses looking to effectively protect themselves against the growing number of accidental and malicious threats out there.
However, lingering myths and misinformation about aspects such as ROI, resourcing and policy are holding it back unfairly.
It’s time the IT industry dispelled these myths once and for all, helping DLP to achieve it’s full potential as a cornerstone of modern data security.
Link: http://www.itproportal.com/2016/07/26/debunking-the-common-myths-of-data-loss-prevention-dlp/



Hands up, whose firewall rules are a mess? Yes? Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe. In fact, 65% of the 300 security professionals surveye 
Hands up, whose firewall rules are a mess.
Yes.
Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe.
In fact, 65% of the 300 security professionals surveyed said if their firewall rules were a teenager’s bedroom, their mom would be so angry she would ground them; and half of those said they would be grounded for life.
The same study also showed that 32% admitted they had inherited over half of the rules they manage from a predecessor – no wonder they are a mess.
And a quarter of security professionals confessed to being afraid to turn off legacy rules.
To add to the complexity, 72% of security professionals surveyed use two or more firewall vendors within their IT environments to try and manage rules for. 
If, like the majority of IT security professionals, you’re in danger of being grounded over your messy firewall rules, here are some tips from my colleague Tim Woods on how to start tidying up your firewall policies: 
Step 1: Remove technical mistakes
Step 2: Remove unused access
Step 3: Review, refine and organize access
Step 4: Continual policy monitoring
Link: https://www.firemon.com/messy-firewall-rules-get-security-professionals-grounded-life/



Enhancing cyber security by implementing a robust threat and vulnerability management program
Threat and vulnerability management is a process of identifying, analyzing, modeling, simulating the potential impact and risk thereby planning to remediate security threats and weaknesses.
The program could covered:
-  Asset inventory management
-  Vulnerability scanning
-  Vulnerability assessment and analysis
-  Vulnerability remediation and mitigation planning
-  Risk and threat modeling and impact analysis
-  Penetration testing
Threat and vulnerability management program managers need to deliver effective vulnerability management for traditional and emerging technologies in growing, perimeter-less IT environments including mobility, cloud and IoT.
To ensure a successful vulnerability management program, security leaders need to verify the effectiveness of their threat and vulnerability management efforts and align these with business context and objectives.
Assessing the impact of potential threats to evaluate their risk will become a primary tool in managing the large volume of vulnerabilities that enterprises need to detect and remediate on an ongoing basis in order to prevent the cyber advisories and data breaches.
Link: http://www.csoonline.com/article/3099988/vulnerabilities/enhancing-cyber-security-by-implementing-a-robust-threat-and-vulnerability-management-program.html

Tuesday, July 26, 2016

IR News Security - 2017-07-26

Table of Contents

  • DEFCON CYBER™ Joins FireEye Cyber Security Coalition
  • Digital Forensics – A Presentation In The Courts
  • California sets cybersecurity example for states to follow
  • California sets cybersecurity example for states to follow
  • Joint Task Force: Forensics and Anti-Forensics
  • Digital response teams need full access to data to prevent threats
  • Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
  • EVVO launches automated Security Operations Centre in Singapore
  • Former Splunk Security Executive Fred Wilmot Joins PacketSled as Chief Technology Officer
  • Spy Game: The Emerging Cybersecurity Realm of Threat Intelligence
  • AlienVault Unveils Latest Edition of Open Threat Exchange
  • ThreatQuotient Recognized on CRN’s 2016 Emerging Vendors List



DEFCON CYBER™ Joins FireEye Cyber Security Coalition 
MANASSAS, Va., July 25, 2016 /PRNewswire/—DEFCON CYBER™ offers a proactive cybersecurity solution cloud service that prioritizes incidents, automates the response workflow process, and measures activity responses across operations to produce a cybersecurity risk posture score.
DEFCON CYBER™ operationalizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework to be the business risk driver for incident prioritization and mitigation.
DEFCON CYBER™ enables an organization and its supply chain to significantly reduce priority incident response times and measure the cybersecurity risk posture through the successful execution of their respective cybersecurity risk management strategies.
DEFCON CYBER™ is offered as a hosted cloud service, on-premise cloud service (VMWare and Hyper-V), or an application plug-in to an existing Microsoft SharePoint enterprise platform. 
Rofori Corporation today announced its partnership with FireEye, as a member of the FireEye® Cyber Security Coalition—an ecosystem designed to simplify customers' complex security environments via the intelligence-led FireEye Global Threat Management Platform.
Joint customers will benefit from enhanced threat detection and faster, more efficient correlation and response.
Rofori Corporation has applied its patented collaboration technology to the application of cybersecurity best practice outcomes to precisely manage the incident prioritization, automated initialization and tracking the response activity, and closing mitigated incidents.
DEFCON CYBER™ continuously measures the activities across asset management, threat intelligence, and operations to calculate the organization's cybersecurity posture.
DEFCON CYBER™ makes full use of the output of FireEye's leading iSight Intelligence to provide instant correlation between actionable threat intelligence and indicators. "In today's environment, resources are limited to analyze and correlate vast amounts of information," said Chuck O'Dell, Rofori Corporation CEO. "The combination of DEFCON CYBER™ and FireEye's iSIGHT Intelligence enables automated and continuous correlation of threat intelligence data to priority incidents."
Link: http://www.marketwatch.com/story/defcon-cybertm-joins-fireeye-cyber-security-coalition-2016-07-25



Digital Forensics – A Presentation In The Courts 
In an exclusive interview with EITN at RSA Conference 2016, Singapore- Digital Forensics expert Stephen McCombie lists the 3 biggest challenges in Digital Forensics are as follows: 
1) Sheer amount of data
2) High complexity of data
3) Legalizing digital evidence
The biggest myth of Digital Forensics is that it is a technical process.
But the reality is it more about the PRESENTATION (of digital evidence) to the courts.
If the digital evidence is not admissible, useable and ‘case law tested‘, then what forensics is even about at all?
Link: http://www.enterpriseitnews.com.my/digital-forensics-a-presentation-in-the-courts/



California sets cybersecurity example for states to follow 
Once again, California has positioned itself as a leader in the effort to make U.S. business more cyber-secure.
California’s Attorney General Kamala Harris recently released the California Data Breach Report, which discusses the types of breaches that companies face in California and the frequency of those breaches.
Due to the personal privacy implications of a breach for any company’s customers, AG Harris argues in the report that state governments need to do much more to ensure that companies are providing reasonable security.
The report proposes that, in order to better protect company data and customers’ privacy, businesses operating both in California and across the country adopt the Center for Internet Security’s list of 20 controls for effective cybersecurity defense, the CIS 20. 
CSC 4: Continuous vulnerability assessment
It is critical for companies to regularly adapt to evolving threats and to continuously test their systems for cybersecurity weaknesses. 
CSC 6: Maintenance, monitoring, and analysis of audit logs
Similar to vulnerability assessment, analyzing audit logs to better understand the potential threats to a network is a full-time commitment. 
CSC 13: Data protection
CSC 13 recommends password protections and data encryption, popular ways to protect data in the cloud that your business may already utilize.
Most importantly, these protection mechanisms should include automated tools to periodically check if data is presented in clear text. 
CSC 19: Incident response and management  
Honest incident response and management is critical.
Without these, customers’ data is not truly safe, and CSC 19 offers a system for businesses to identify breaches, control the damage and move forward after the fact. 
For smaller businesses that lack the internal capacity to create a breach communication chain, partnering with an outside incident response team could be a huge benefit.
Having additional eyes to watch over the network could make the difference between responding to a breach right away and minimizing damage and letting an attack go unnoticed, burying your business with the high costs of taking care of the incident later.
Link: http://thehill.com/blogs/congress-blog/technology/289099-california-sets-cybersecurity-example-for-states-to-follow



California sets cybersecurity example for states to follow 
Once again, California has positioned itself as a leader in the effort to make U.S. business more cyber-secure.
California’s Attorney General Kamala Harris recently released the California Data Breach Report, which discusses the types of breaches that companies face in California and the frequency of those breaches.
Due to the personal privacy implications of a breach for any company’s customers, AG Harris argues in the report that state governments need to do much more to ensure that companies are providing reasonable security.
The report proposes that, in order to better protect company data and customers’ privacy, businesses operating both in California and across the country adopt the Center for Internet Security’s list of 20 controls for effective cybersecurity defense, the CIS 20. 
CSC 4: Continuous vulnerability assessment
It is critical for companies to regularly adapt to evolving threats and to continuously test their systems for cybersecurity weaknesses. 
CSC 6: Maintenance, monitoring, and analysis of audit logs
Similar to vulnerability assessment, analyzing audit logs to better understand the potential threats to a network is a full-time commitment. 
CSC 13: Data protection
CSC 13 recommends password protections and data encryption, popular ways to protect data in the cloud that your business may already utilize.
Most importantly, these protection mechanisms should include automated tools to periodically check if data is presented in clear text. 
CSC 19: Incident response and management  
Honest incident response and management is critical.
Without these, customers’ data is not truly safe, and CSC 19 offers a system for businesses to identify breaches, control the damage and move forward after the fact. 
For smaller businesses that lack the internal capacity to create a breach communication chain, partnering with an outside incident response team could be a huge benefit.
Having additional eyes to watch over the network could make the difference between responding to a breach right away and minimizing damage and letting an attack go unnoticed, burying your business with the high costs of taking care of the incident later.
Link: http://thehill.com/blogs/congress-blog/technology/289099-california-sets-cybersecurity-example-for-states-to-follow



Joint Task Force: Forensics and Anti-Forensics 
Looking at the field of digital forensics, we can go back to this old CSO article, entitled The Rise Of Antiforensics.
The article details information security professionals who have written software that “fools” (author’s words) industry standard computer/digital forensics tools and the article’s early tone seems to indicate a bias against antiforensics and it’s tools as they would be harmful to business and law enforcement.
The article itself comes around to a more nuanced view towards these tools; however, I want to explore a different nuance here: antiforensics has, in itself, an intrinsic value to a business organization’s information security program, just as forensics does. 
Incorporating digital forensics into your operations is, from a reasoning standpoint, fairly simple: in the event something happens – being able to identify a root cause.
Just as senior managers would be interested in why a marketing campaign was failing, not investing in digital forensic capabilities for your disaster recovery or incident response staff can not only properly identify root cause scenarios but can be built in to processes going forward to mitigate it from occurring again.
Some of this can be as simple as change management rules, system event logging and monitoring, while more specific software, tools or personnel can be brought in to augment in the event of an incident that requires it. 
There are two areas in which we should look for when we consider the term antiforensics –  prevention and destruction. 
In one hand, we have preservation of data used for root cause analysis and in the other, we have methods to destroy data.
At first glance, the two seem opposed and there is room for only one in organizational security policies.
Indeed, one might argue that according to the CIA Triangle model of Information Security (weighing the trade-offs to ensure the Confidentiality, Integrity and Availability of data),  only the preservation of data through encryption to mitigate forensic threats best fits the model, leaving data destruction out of the model at all. 
The CIA model runs of the premise that information needs to be accessible though.
In the event of where information must remain confidential with near-zero chance of data or information being accessible or recoverable from a piece of media.
However, some business cases might require data to be inaccessible.
Equipping your operations staff with the right tools and training is essential for making sure your organization is prepared for an event where data needs to be secured for retrieval later or destroyed beyond any recognition.
While information security professionals are entrusted to safeguard information, it’s equally important to have options to be able to act quickly in the event either solution is needed.
Link: https://dasseclabs.wordpress.com/2016/07/25/joint-task-force-forensics-and-anti-forensics/



Digital response teams need full access to data to prevent threats
In order to handle digital threats, experts are saying that governments or companies must be able to establish their respective incident response teams with clear frameworks, as well as the ability to have access to absolutely every kind of data in a system. 
As Indonesia, a country where breaches are rampant, prepares to establish its own National Cybersecurity Agency (BCN) in August, observers have given recommendations about how prevention teams would be able to fully deal with particular matters. 
Clear frameworks in this case hinge on the aspects of proper governance, an outline to what threats are present and have occurred before and the technical methods of solving them.
Observers note that such coordinated guidelines can make a difference in the way companies and governments train their response teams and yield more effective results. 
“Incident response teams need hunters, pure and simple.
They can be centralized or even partly outsourced — it doesn’t matter.
The crucial aspect of it is to develop a clear framework on prevention so that these hunters can easily learn what the problems and solutions are.
It will be easier for these hunters to also pass what they learned down to newer ones,” he added. 
Indonesia itself currently has an internet incident response team (ID SIRTII) that had recently been integrated into the National Cybersecurity Agency. 
According to data from Microsoft Indonesia, cybersecurity attacks and breaches, especially in the banking sector, have cost the country up to Rp 33.29 billion (US$2.54 million), as Indonesia holds a 50 percent infection rate for malware viruses, the highest in Southeast Asia. 
About 22 percent of all crimes conducted in Indonesia in 2014 were cybercrimes, though the figure decreased to 18.26 percent in 2015.
Between 2012 and 2015, the police arrested 571 individuals in connection with cybercrimes, with the vast majority — 529 of them — foreign nationals operating in Indonesia.
Link: http://www.thejakartapost.com/news/2016/07/25/digital-response-teams-need-full-access-data-prevent-threats.html



Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat 
FREMONT, CA—(Marketwired - Jul 25, 2016) - Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced that the Attivo ThreatMatrix™ Deception and Response Platform has been enhanced to provide an organization's visibility and assessment of vulnerable attack paths that a cyber attacker would take to reach critical assets.
Attivo is empowering organizations with insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure.
Additionally, the company announced that its next generation software has enhanced its deception technology to misdirect and detect attackers seeking to begin their attack by targeting Microsoft Active Directory, which is a favored target for attackers seeking credentials for attack escalation.
The new release will also include an expansion of the ThreatMatrix Platform to support routed networks, for micro-segmented datacenters and enterprises networked across multiple locations and branch offices. 
The ThreatMatrix Deception and Response Platform provides real-time threat detection and attack forensic analysis for accelerated incident response and remediation.
The platform is designed to provide early detection of cyberattacks from all threat vectors including zero-day, stolen credential, ransomware and phishing attacks that are renowned for bypassing traditional prevention systems.
The platform is aligned to Gartner's Adaptive Security Architecture of Predict, Block/Prevent, Detect and Respond (Gartner, February 2016)* and is designed for early Detection of threats, accelerated incident Response and strengthening of Prevention systems based on attack information gathered while deceiving and engaging attackers.
The company's announcement expands the ThreatMatrix Platform into the pillar of Prediction and enhances its Detection capabilities. 
ThreatPath™: Provides an attack path vulnerability assessment based on likely attack paths that an attacker would have traversed through misconfigured systems or credential misuse. 
Active Directory Deception and Detection: Organizations running the Microsoft Windows Server platform are susceptible to attacks where attackers exploit and gain un-authorized access to Active Directory. 
Routed Network Support: ThreatMatrix BOTsink engagement servers can now engage with deceptive IP addresses and networks on routers over Layer 3 GRE tunnels, which is ideal for micro-segmented datacenters, enterprises networked across multiple locations and branch offices.
Link: http://www.marketwired.com/press-release/attivo-networks-launches-attack-path-vulnerability-assessments-continuous-threat-management-2144878.htm



EVVO launches automated Security Operations Centre in Singapore
EVVO Cybersecurity, a Singapore cybersecurity vendor and cloud solutions provider, has launched a Security Operations Centre (SOC) to extend cybersecurity services to SMEs.
The SOC is also the first in Singapore to leverage automation software. 
The new SOC will leverage automation software for level one tasks for security analysts such as assigning automated, playbook-based workflows to incidents for immediate and scalable response.
This will also enable EVVO Cybersecurity to increase productivity and accuracy enabling them to track and improve processes over time. 
The SOC will function as EVVO Cybersecurity’s threat defence and mitigation facility, catering to SMEs, empowering them to go beyond the traditional SOC functions of merely monitoring perimeter security. 
By integrating EVVO360, a cybersecurity analytics platform, and a suite of cybersecurity intelligence solutions, EVVO Cybersecurity aims to provide customers with a 360-degree view of all the endpoints and network traffic across the organisation.
This will greatly enhance the ability of organisations to detect, response and recover from incidents of compromise.
Link: http://www.networksasia.net/article/evvo-launches-automated-security-operations-centre-singapore.1469497028



Former Splunk Security Executive Fred Wilmot Joins PacketSled as Chief Technology Officer
SAN DIEGO, July 26, 2016 /PRNewswire/—PacketSled, Inc., the company that democratizes security investigations and response by providing its customers with automated network visibility, detection, incident response and forensics in the cloud, announced today that Fred Wilmot will be joining the company as its Chief Technology Officer, effective immediately.
In this role, he will be responsible for all aspects of the company's technology strategy, including software engineering, security research and development, and cloud operations. 
Fred brings more than 20 years of cybersecurity expertise to PacketSled.
Most recently, he served as Vice President, Solutions Engineering at Context Relevant, where he implemented a real-time transaction fraud platform for financial markets, weaponizing security use cases with data science automation and machine learning. 
During his tenure at Splunk, Fred was responsible for the company's ascension to a market leader in the security industry, placing the company in the Gartner SIEM magic quadrant.
As the founder and director of the global security practice, Fred prototyped innovation in the field, and built platform applications that were utilized in responding to some of the most major breaches in Internet history.
Fred and his team were responsible for architecting and delivering the first version of Splunk's enterprise security product.
Link: http://www.prnewswire.com/news-releases/former-splunk-security-executive-fred-wilmot-joins-packetsled-as-chief-technology-officer-300304209.html



Spy Game: The Emerging Cybersecurity Realm of Threat Intelligence 
While Watson might be the most famous cyberpersonality to take on the challenge of defending networks against attacks, it isn’t the first.
This is the latest development in the emerging field of cyberthreat intelligence (CTI), a discipline dedicated to applying military-style intelligence techniques to the collection, analysis and use of information about cybersecurity threats. 
CTI providers do the heavy lifting of cybersecurity analysis that most enterprises simply don’t have the resources to undertake.
They typically combine information from at many different categories of sources to generate products that help their clients better understand and react to the evolving cybersecurity threat landscape.
Some of hese sources include: 
- Gathering threat information from deployed security tools. 
- Deploying their own sensors. 
- Gathering intelligence from public sources. 
- Recruiting spies. 
After CTI providers gather information from all of these sources, they feed it to a team of analysts who have the job of transforming it into actionable intelligence.
One of the most common products offered by CTI vendors is a real-time feed of known malicious hosts on the Internet.
Link: http://www.gocertify.com/articles/spy-game-the-emerging-cybersecurity-realm-of-threat-intelligence



AlienVault Unveils Latest Edition of Open Threat Exchange 
-  Launched in 2012, Open Threat Exchange (OTX) has grown to more than 47,000 users who contribute approximately 4 million artifacts each day to the OTX community.
-  With the latest version, OTX members can now create private communities and discussion groups, where they can share content and selected pulses with members.
-  OTX data works hand-in-hand with security platforms, such as AlienVault Unified Security Management, to ensure users have the latest intelligence to identify threats. 
With this release, OTX members can now create private communities and discussion groups, where they can share threat information with only members of the group.
This capability enables more targeted, in-depth discussion and threat information distribution related to specific industries, particular regions and types of threats.
This new feature supports the mission of Information Sharing and Analysis Centers (ISACs) pursuant to Presidential Decision Directive-63 (PDD-63) by providing a platform for information sharing and risk mitigation for specific groups and teams.
In addition, managed service providers can use this feature to distribute threat data to their subscribers. 
OTX data works hand-in-hand with security platforms, such as AlienVault USM, to ensure users have the latest intelligence to identify, respond to and mitigate threats.
As part of AlienVault's commitment to continually innovating and enabling even the smallest IT departments to detect and respond to threats more effectively, a new version of USM, with enhanced capabilities like USB detection, will also be available in early August.
Link: http://finance.yahoo.com/news/alienvault-unveils-latest-edition-open-130000037.html



ThreatQuotient Recognized on CRN’s 2016 Emerging Vendors List 
RESTON, Va.—(BUSINESS WIRE)—ThreatQuotient™, a leading provider of enterprise-class threat intelligence platforms, announced today that CRN®, a brand of The Channel Company, has named ThreatQuotient to its 2016 list of Emerging Vendors.
This annual list recognizes recently founded, up-and-coming technology suppliers who are shaping the future of the IT channel through unique technological innovations.
In addition to celebrating these standout companies, the Emerging Vendors list also serves as a valuable resource for solution providers looking to expand their portfolios with cutting-edge technology.
Link: http://www.businesswire.com/news/home/20160726005486/en/ThreatQuotient-Recognized-CRN%E2%80%99s-2016-Emerging-Vendors-List

IT Security Industry News - 2016-07-26

Table of Contents

  • Scanning Code for Viruses Is No Longer a Job for Humans
  • No More Ransom: Law Enforcement and IT Security Companies Join Forces to Fight Ransomware
  • Cybersecurity firm offers users reimbursement for ransomware infections
  • DEFCON CYBER™ Joins FireEye Cyber Security Coalition
  • How to ensure your A.I. gets good nutrition
  • Sydney IT company looking to educate about security
  • Australia’s security software spending sees growth spurt
  • Juniper Networks reports lower profit
  • How predictive analytics discovers a data breach before it happens
  • 3 Reasons To Buy FireEye
  • Trustwave opens Waterloo office, strengthens ties with Rogers Communications
  • Tenable Network Security Names Seasoned Security Leader Dave Cole as Chief Product Officer
  • Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
  • Former IBM Cloud Chief Sets Sights on Hot Security Market
  • Belden Industrial Cyber Security Initiative Builds Momentum
  • Imperva Named by Gartner as the Only Leader in the 2016 Magic Quadrant for Web Application Firewalls for the Third Straight Year
  • Fortinet to Provide Enterprises With On-Demand Security at Scale With Verizon Virtual Network Services
  • RiskVision Teams With Offensive Security to Advance Enterprise Vulnerability Management
  • Ingram Micro Named Cisco Asia Pacific Security Distributor of the Year
  • Palo Alto Networks clinch 500 customers in India in past 2 years
  • Centripetal Networks Joins with Infoblox to Offer Actionable Threat Intelligence
  • AlienVault Unveils Latest Edition of Open Threat Exchange



Scanning Code for Viruses Is No Longer a Job for Humans 
Alexey Malanov, malware expert at Kaspersky Lab, said 99 percent of the code his firm analyzes is seen only by machines—and it's been that way for five years.
The process keeps improving in terms of speed and efficacy, he said. 
Automation works because most malware is an alteration of code already known. “Even if a cybercriminal creates something from scratch, in most cases he’ll integrate previously known malicious functionality,” said Malanov. "Automation will process all this." 
Machine learning works along with a wide range of clustering and classifying algorithms, used to identify whether or not the scanned file is malicious or not, said Liviu Arsene, senior e-threat analyst at Bitdefender, another antivirus company that uses machines to process over 99 percent of the malware it receives. 
Humans are better at discovering new features hidden within the malware, they have a better intuition and make non-obvious connections.
They are able to tackle a problem from creative angles.
Link: http://motherboard.vice.com/en_uk/read/scanning-code-for-viruses-is-no-longer-a-job-for-humans



No More Ransom: Law Enforcement and IT Security Companies Join Forces to Fight Ransomware 
WOBURN, Mass.—(BUSINESS WIRE)—Today, the Dutch National Police, Europol, Intel Security and Kaspersky Lab join forces to launch an initiative called No More Ransom, a new step in the cooperation between law enforcement and the private sector to fight ransomware together.
No More Ransom (http://www.nomoreransom.org) is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals. 
The aim of the online portal http://www.nomoreransom.org is to provide a helpful online resource for victims of ransomware.
Users can find information on what ransomware is, how it works and, most importantly, how to protect themselves.
Awareness is key as there are no decryption tools for all existing types of malware available to this day.
If you are infected, the chances are high that the data will be lost forever.
Exercising a conscious internet use following a set of simple cyber security tips can help avoid the infection in the first place. 
The project provides users with tools that may help them recover their data once it has been locked by criminals.
In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June 2016 for the Shade variant. 
The project has been envisioned as a non-commercial initiative aimed at bringing public and private institutions under the same umbrella.
Due to the changing nature of ransomware, with cybercriminals developing new variants on a regular basis, this portal is open to new partners’ cooperation.
Link: http://www.businesswire.com/news/home/20160725005101/en/Ransom-Law-Enforcement-Security-Companies-Join-Forces



Cybersecurity firm offers users reimbursement for ransomware infections 
Security firm SentinelOne is confident it can beat any of today’s ransomware—and is willing to put money behind that claim. 
The company is offering a new service that will cover up to $1 million in damages for any customers infected by ransomware. 
SentinelOne is calling it the “Cyber Threat Guarantee” and treating it like an extended warranty that customers can buy starting Tuesday. 
SentinelOne’s guarantee works like this: for individual computers infected with ransomware, the company will pay up to $1,000 to free the system.
The number of computers it will cover is up to 1,000 systems. 
The policy has been designed this way because most ransomware attackers ask for around $250 or more to decrypt any data held hostage, Grossman said. 
Customers who opt-in to the guarantee will pay an additional $5 fee for each Windows PC or server protected on top of their existing service.
The coverage will last a year before it can be renewed again. 
Grossman joined SentinelOne last month after designing a similar guarantee program for his previous company, Whitehat Security.
Under that program, WhiteHat would refund customers if their websites ever got hacked with a vulnerability that the company failed to detect.
Link: http://www.computerworld.com/article/3099999/security/cybersecurity-firm-offers-users-reimbursement-for-ransomware-infections.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&idg_eid=d5d



DEFCON CYBER™ Joins FireEye Cyber Security Coalition 
MANASSAS, Va., July 25, 2016 /PRNewswire/—DEFCON CYBER™ offers a proactive cybersecurity solution cloud service that prioritizes incidents, automates the response workflow process, and measures activity responses across operations to produce a cybersecurity risk posture score.
DEFCON CYBER™ operationalizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework to be the business risk driver for incident prioritization and mitigation.
DEFCON CYBER™ enables an organization and its supply chain to significantly reduce priority incident response times and measure the cybersecurity risk posture through the successful execution of their respective cybersecurity risk management strategies.
DEFCON CYBER™ is offered as a hosted cloud service, on-premise cloud service (VMWare and Hyper-V), or an application plug-in to an existing Microsoft SharePoint enterprise platform. 
Rofori Corporation today announced its partnership with FireEye, as a member of the FireEye® Cyber Security Coalition—an ecosystem designed to simplify customers' complex security environments via the intelligence-led FireEye Global Threat Management Platform.
Joint customers will benefit from enhanced threat detection and faster, more efficient correlation and response.
Rofori Corporation has applied its patented collaboration technology to the application of cybersecurity best practice outcomes to precisely manage the incident prioritization, automated initialization and tracking the response activity, and closing mitigated incidents.
DEFCON CYBER™ continuously measures the activities across asset management, threat intelligence, and operations to calculate the organization's cybersecurity posture.
DEFCON CYBER™ makes full use of the output of FireEye's leading iSight Intelligence to provide instant correlation between actionable threat intelligence and indicators. "In today's environment, resources are limited to analyze and correlate vast amounts of information," said Chuck O'Dell, Rofori Corporation CEO. "The combination of DEFCON CYBER™ and FireEye's iSIGHT Intelligence enables automated and continuous correlation of threat intelligence data to priority incidents."
Link: http://www.marketwatch.com/story/defcon-cybertm-joins-fireeye-cyber-security-coalition-2016-07-25



How to ensure your A.I. gets good nutrition
A.I. shouldn’t be allowed to drink wildly from a data lake where data has not been cleansed, packaged and structured for easy consumption.According to the Compliance, Governance and Oversight Counsel (CGOC), nearly 70% of the data that companies produce and collect has no business, legal or compliance value, so you must develop a way to understand and specify the scope and criteria of the data to be fed to A.I.
Which data stores and what file types.
What connections exist between the data.
Who is responsible for making the determination and for final approval? 
You need to tag and classify the data to ensure that it can be properly digested.
Depending on the A.I. task, some metadata has more value than others.
If you are looking for marketing insights, you will likely value metadata drawn from EXIF files associated with images on social media sites, including geolocation, timestamps, camera type and serial numbers.
In medical settings, metadata elements including patient ID-date of birth, provenance-timestamp, and privacy-content are essential. 
Finally, you must have governance capabilities built into the system to track responses to the information used and adjust the diet accordingly.
Link: http://www.cio.com/article/3098428/artificial-intelligence/how-to-ensure-your-a-i-gets-good-nutrition.html?token=%23tk.CIONLE_nlt_cio_insider_2016-07-26&idg_eid=e87b17913ba9d312d52f2efa84a73904&utm_so



Sydney IT company looking to educate about security 
SYDNEY — A Sydney-based information technology company that relaunched this spring is looking to solve the data and security breaches some small- and medium-sized companies face as business grows. 
Devantec IT surfaced again in April after about a three-year hiatus due to president and CEO James Mackinnon’s work on other projects. 
Devantec recently announced it is offering free network assessments to companies this summer.
The company is looking to educate local businesses in the dos and don’ts of IT best practices.
Local businesses should consider their IT strategy from the outset and how it can work as efficiently as possible to ensure growth over the long-term, he said. 
It could be as straight forward as a company setting a goal to grow to 50 employees and expanding to a second location, said Danielle Patterson, Devantec’s chief marketing officer. 
“We want people to stop feeling scared of technology.”
Link: http://www.capebretonpost.com/News/Local/2016-07-25/article-4597848/Sydney-IT-company-looking-to-educate-about-security/1



Australia’s security software spending sees growth spurt 
According to Gartner, the global security software market rose by 3.7% in 2015, while Australia recorded a 19.4% leap in spending. 
Australia’s national focus on computer security should increase after the appointment of the country’s first cyber security minister.
Former diplomat Dan Tehan was announced in mid-July as minister assisting the prime minister for cyber security. 
Australian organisations are also being urged to be more vigilant about information governance – so that even if cyber attackers get past the padlocks and cameras, the information available to them is tightly managed and controlled. 
A new organisation, Information Governance ANZ, will be launched formally in August as a forum for Australian and New Zealand governance professionals.
Co-founder and director Susan Bennett said Australia is lagging behind the US in information governance, despite there being significant risks for organisations that choose to store every piece of computer-generated data just because it is technically possible.
Link: http://www.computerweekly.com/news/450300891/Australia-security-software-spending-growth-spurt



Juniper Networks reports lower profit 
Juniper Networks Inc. on Tuesday reported an 11% decline in second quarter profit and warned challenging market conditions would continue to pressure margins. 
The Sunnyvale, Calif., company said it expects operating margins to decline slightly from the 18.8% it reported last year. 
Shares, down 12% this year, fell 0.9% to $24 in after-hours trading. 
Over all, Juniper reported a profit of $140 million, or 36 cents a share, down from $158 million, or 40 cents a share, a year earlier.
Excluding stock-based compensation and other items, profit was 50 cents a share, compared with 53 cents a year earlier and analysts' projections of 47 cents a share.
The most recent results are based on 2.7% fewer shares outstanding.
Link: http://www.marketwatch.com/story/juniper-networks-reports-lower-profit-2016-07-26-17485198



How predictive analytics discovers a data breach before it happens 
]The traditional approach to fighting cyberattacks involves gathering data about malware, data breaches, phishing campaigns, etc., and extracting relevant data into signatures, i.e. the digital fingerprint of the attack.
These signatures will then be compared against files, network traffic and emails that flow in and out of a corporate network in order to detect potential threats. 
Though a very promising trend, predictive analytics has some hefty requirements when applied to cybersecurity use cases.
For one thing, the variety and volume of data involved in identifying and predicting security threats are overwhelming.
This necessitates the use of analytics solutions that can scale to the huge storage, memory and computation requirements. 
“The challenges are the same, yet amplified, as those encountered when applying analytics in general,” says Lucas McLane (CISSP), Director of Security Technology at machine learning startup SparkCognition. “This is because predictive analytic processing requires a lot more computing resources (i.e.
CPU, memory, disk I/O throughput, etc.).
This is especially true when the algorithms are operating on large-scale data sets.
Predictive analytics engines need to be paired with computing resources that are designed to scale with the volume of data targeted for analysis.” 
Forging alliances across industries certainly has its benefits.
As Orad explains, advanced analytics platforms such as Sisense enable cybersecurity firms to obtain “an end-to-end solution for modeling, analyzing and visualizing data, without investing vast resources into building a data warehouse as traditional tools would necessitate.” 
“Predictive analytics in security provide a forecast for potential attacks — but no guarantees,” says McLane from SparkCognition.
That’s why he believes it has to be coupled with the right machine learning solution in order to be able to harness its full potential. 
SparkCognition’s platform, SparkSecure, uses “cognitive pipelining,” a technique that involves the combination of machine-learning-based predictive analytics with the company’s own patented and proprietary static and dynamic natural language processing engine, called DeepNLP. 
Not everyone believes that predictive analytics is the ultimate solution to deal with advanced threats.
Arijit Sengupta, CEO of business analysis company BeyondCore, suggests that we look at the problem from a different perspective. 
According to Sengupta, cybersecurity challenges stem from two factors.
Firstly, the value and volume of online assets are exploding at and exponential rate.
Secondly, hackers are increasingly growing in sophistication due to their easy and inexpensive access to large compute resources through cloud computing. 
Invincea’s Ghosh believes it is inevitable the security industry will need to re-tool to address an ever-changing threat. “We are making our bet on artificial intelligence is the solution to predict our adversaries’ next moves,” he says.
Link: https://techcrunch.com/2016/07/25/how-predictive-analytics-discovers-a-data-breach-before-it-happens/



3 Reasons To Buy FireEye 
Though FireEye shares have gained momentum on the back of buyout speculation, investors should not ignore the company's robust long-term prospects.
The cost of data breaches is set to increase to over $2.1 trillion by 2019, representing a four-fold increase compared to the estimated cost of breaches in 2015.
The company is well-prepared to tap this opportunity by shifting its business to an "as-a-service" model, since this will help it enjoy economies of scale and enhance margins.
By enhancing economies of scale, FireEye expects product gross margin in the high-60% range and service margin in the mid-70% range for the full year.
The company is also enhancing operational efficiency by shifting toward lower-cost locations, consolidating support and SoC operations, improving purchasing efficiencies, and reducing discretionary spending.
Link: http://seekingalpha.com/article/3990991-fireeye-3-reasons-buy?auth_param=137vrm:1bpb0s2:868907aba33eb11dad51e4eed0db6dbf&uprof=45&dr=1#alt2



Trustwave opens Waterloo office, strengthens ties with Rogers Communications 
Global security firm Trustwave has opened a new office in Waterloo, Ontario, announced a new wave of hiring, and added a new country manager, Michael Sims, to oversee the company’s Canadian operations. 
Trustwave had previously leased an approximately 850 square metre space in Cambridge, Ontario. 
Sims joined Trustwave in April 2016, after serving as Canadian Country Manager for Optiv Security, where he oversaw that company’s go-to-market strategy for managed security services and other offerings.
Link: http://www.cantechletter.com/2016/07/trustwave-opens-waterloo-office-strengthens-ties-rogers-communications/



Tenable Network Security Names Seasoned Security Leader Dave Cole as Chief Product Officer 
COLUMBIA, Md.—(BUSINESS WIRE)—Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, announced today that it has hired security industry veteran Dave Cole as chief product officer, responsible for leading continued technology innovation and product excellence. 
Before joining Tenable, Cole served as chief product officer at CrowdStrike, where he drove the design, development and support of the company’s cloud-based endpoint security product.
Prior to that, he led product management for Norton at Symantec.
As a seasoned product leader, Cole also held senior product positions at Foundstone and Internet Security Systems.
Link: http://www.businesswire.com/news/home/20160725005027/en/Tenable-Network-Security-Names-Seasoned-Security-Leader



Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat 
FREMONT, CA—(Marketwired - Jul 25, 2016) - Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced that the Attivo ThreatMatrix™ Deception and Response Platform has been enhanced to provide an organization's visibility and assessment of vulnerable attack paths that a cyber attacker would take to reach critical assets.
Attivo is empowering organizations with insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure.
Additionally, the company announced that its next generation software has enhanced its deception technology to misdirect and detect attackers seeking to begin their attack by targeting Microsoft Active Directory, which is a favored target for attackers seeking credentials for attack escalation.
The new release will also include an expansion of the ThreatMatrix Platform to support routed networks, for micro-segmented datacenters and enterprises networked across multiple locations and branch offices. 
The ThreatMatrix Deception and Response Platform provides real-time threat detection and attack forensic analysis for accelerated incident response and remediation.
The platform is designed to provide early detection of cyberattacks from all threat vectors including zero-day, stolen credential, ransomware and phishing attacks that are renowned for bypassing traditional prevention systems.
The platform is aligned to Gartner's Adaptive Security Architecture of Predict, Block/Prevent, Detect and Respond (Gartner, February 2016)* and is designed for early Detection of threats, accelerated incident Response and strengthening of Prevention systems based on attack information gathered while deceiving and engaging attackers.
The company's announcement expands the ThreatMatrix Platform into the pillar of Prediction and enhances its Detection capabilities. 
ThreatPath™: Provides an attack path vulnerability assessment based on likely attack paths that an attacker would have traversed through misconfigured systems or credential misuse. 
Active Directory Deception and Detection: Organizations running the Microsoft Windows Server platform are susceptible to attacks where attackers exploit and gain un-authorized access to Active Directory. 
Routed Network Support: ThreatMatrix BOTsink engagement servers can now engage with deceptive IP addresses and networks on routers over Layer 3 GRE tunnels, which is ideal for micro-segmented datacenters, enterprises networked across multiple locations and branch offices.
Link: http://www.marketwired.com/press-release/attivo-networks-launches-attack-path-vulnerability-assessments-continuous-threat-management-2144878.htm



Former IBM Cloud Chief Sets Sights on Hot Security Market 
Lance Crosby, who co-founded SoftLayer, the cloud computing company IBM bought three years ago for about $2 billion, is finally ready to talk about StackPath, his cybersecurity startup. 
It’s a well-funded effort; StackPath has $150 million in backing from Boston-based private equity fund ABRY Partners, and another $30 million from what Crosby calls “friends and family.” 
-  MaxCDN built a content delivery network (CDN) with 19 global points of presence, which monitor and speed up delivery of content for some 16,000 customers.
-  Fireblade offers a web application firewall, to protect against malignant content.
-  Staminus works to stop distributed denial of service (DDoS) attacks.
-  Cloak is a virtual private network that brings secure Wi-Fi for iOS and Mac applications.
This is an ambitious undertaking.
StackPath will compete with Akamai in CDNs, Prolexic, and others in DDOS—CloudFlare, which offers CDN, DDOS and firewall capabilities, for example.
Link: http://fortune.com/2016/07/25/stackpath-ceo-on-his-startup/



Belden Industrial Cyber Security Initiative Builds Momentum 
ST.
LOUIS—(BUSINESS WIRE)—Belden Inc. (NYSE: BDC), a global leader in high quality, end-to-end signal transmission solutions for mission-critical applications, today announced the achievement of four strategic milestones of its industrial cyber security initiative over the first half of 2016.
Together, these milestones demonstrate Belden’s commitment to the emerging industrial cyber security market and realization of its strategic vision for this market segment. 
Key cyber security milestones include: 
he Tofino Xenon Industrial Security Appliance now solves many of the most specialized energy-specific cyber and physical security challenges.
The easy-to-deploy appliance protects against malicious and unauthorized access due to system vulnerabilities, improves supervisory control and data acquisition (SCADA) system reliability, provides greater security control for industrial control system (ICS) devices, and supports more industrial protocols than any other device available, including DNP3 and IEC 104. 
In response to customers’ requests for a pragmatic solution to the complexities of industrial cyber security, Belden has developed a practical three-step approach to industrial cyber security strategies.
The Belden 1-2-3 model provides industrial organizations with practical advice on developing a cyber security program that reduces risks while supporting and enhancing availability, reliability and safety. 
Belden’s partnership with FireEye brings together advanced detection, targeted threat intelligence and specialized Mandiant ICS services from FireEye with an industrial cyber security portfolio that includes deep visibility; endpoint intelligence and change detection from Tripwire; secure noninvasive network segmentation from Tofino; and ruggedized industrial networking solutions from GarrettCom. 
Tripwire® Configuration Compliance Manager (CCM) now monitors industrial automation environments.
It allows customers to measure the configuration security of industrial environments against ANSI/ISA-62443, a global standard for securing industrial automation systems, controllers and associated networking equipment configurations.
Tripwire CCM can now reduce cyber security risks from external attacks, as well as malicious insiders and human error.
It does this while protecting critical infrastructure reliability, uptime and safety in industrial automation and manufacturing environments.
Link: http://www.businesswire.com/news/home/20160725005741/en/Belden-Industrial-Cyber-Security-Initiative-Builds-Momentum



Imperva Named by Gartner as the Only Leader in the 2016 Magic Quadrant for Web Application Firewalls for the Third Straight Year 
REDWOOD SHORES, Calif., July 25, 2016 (GLOBE NEWSWIRE)—Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today announced that it has been named the sole leader in the Gartner Magic Quadrant for Web Application Firewalls (WAF).
Imperva is unique in that it is the only vendor that has been the sole leader in a Gartner Magic Quadrant for the past three years.
Link: http://globenewswire.com/news-release/2016/07/25/858649/0/en/Imperva-Named-by-Gartner-as-the-Only-Leader-in-the-2016-Magic-Quadrant-for-Web-Application-Firewalls-for-the-Third-Straight-Year.html



Fortinet to Provide Enterprises With On-Demand Security at Scale With Verizon Virtual Network Services
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced that it has been selected as a vSecurity technology partner as part of Verizon Enterprise Solutions' new Virtual Network Services. 
The Fortinet Security Fabric will provide enterprise customers of Verizon Virtual Network Services with open, adaptive virtual security and actionable threat intelligence, turning network protection into a driver of business insight and agility. 
A broad range of security features within the FortiGate virtual network function (VNF), including enterprise firewalls, FortiManager single pane of glass management, integrated threat intelligence from FortiGuard Labs, data loss prevention, IP security, and intrusion detection system will enable enterprises to deploy advanced software-defined networking (SDN) security functions to protect all points in their network. 
As part of Verizon's Virtual Network Services, Fortinet will provide plug-and-play vSecurity VNFs so businesses can deploy security network functions in software.
With a broad range of advanced virtual network security features offered, including Fortinet FortiGate enterprise firewalls, advanced threat intelligence, global policy controls, and internal segmentation to protect mission-critical data from breaches, Fortinet vSecurity will deliver all the performance of traditional network security in virtualized solutions.
Link: http://www.broadwayworld.com/bwwgeeks/article/Fortinet-to-Provide-Enterprises-With-On-Demand-Security-at-Scale-With-Verizon-Virtual-Network-Services-20160725



RiskVision Teams With Offensive Security to Advance Enterprise Vulnerability Management
SUNNYVALE, CA—(Marketwired)—07/26/16—RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced it will be utilizing the Exploit Database, a non-profit project maintained by Offensive Security.
As part of the RiskVision offering, exploit information is correlated with RiskVision-configurable business context and vulnerability attributes to prioritize exploitable threats in vulnerability risk scoring.
This helps security and business risk owners reduce network operations activity while dramatically improving risk posture in their organizations. 
he Exploit Database's aim is to serve the most comprehensive collection of exploits gathered through direct submissions and mailing lists, as well as other public sources, and then present them in a freely-available, easy-to-navigate database.
The database is a repository for exploits and proof-of-concepts, rather than advisories, making it a valuable resource for those who need actionable data right away. 
RiskVision's closed-loop vulnerability management delivers innovation in every step of the cyber vulnerability work flow.
In addition to integrating with threat exploit services such as Offensive Security, RiskVision utilizes products and services from vendors in the threat intelligence, vulnerability scanning, endpoint security, SIEM and DLP, IT service management and configuration management spaces. 
RiskVision's approach to vulnerability management improves operational efficiency by performing automated risk scoring based on threat and business context, as well as filtering for relevant incidents based on event monitoring data.
Uniquely, with RiskVision, Security Operations analysts can prioritize remediation, Organizational Unit risk experts can participate in decision-making with compliance oversight and IT Operations can be assured their workloads do not require additional staff.
Link: http://news.sys-con.com/node/3881210



Ingram Micro Named Cisco Asia Pacific Security Distributor of the Year 
IRVINE, CA—(Marketwired - Jul 26, 2016) - Ingram Micro Inc. (NYSE: IM) today announced it has earned Cisco's Security Distributor Award for Outstanding Performance in the Asia-Pacific-Japan (APJ) region for 2016.
Link: http://www.marketwired.com/press-release/ingram-micro-named-cisco-asia-pacific-security-distributor-of-the-year-nyse-im-2145482.htm



Palo Alto Networks clinch 500 customers in India in past 2 years
Bangalore: US based Palo Alto Networks, a network and enterprise security provider is growing faster with an expanding base of customers in the Indian market, according to company's top executive. 
"Most of these customers are replacing products and solutions of legacy security vendors and migrating to our offerings," added Bhasin, who was appointed as top executive of company's India operations in 2013. 
The steady rise in customer base does suggest how Palo Alto Network's business in India is flourishing, although it doesn't provide specifics of its business in India. 
However, citing IDC study, Bhasin said that company's growth has been faster than the top four security vendors in India. 
Company is moving fast enough to close in the gap between its two close competitors Cisco and Check with market share of 17.4 percent and 13.8 percent respectively. 
Although, Palo Alto Networks was a late entrant in the Indian market, which is largely dominated by established security vendors like Cisco, Juniper, Check Point, Fortinet and others, but it has significantly successful in penetrating this market.
Link: http://cio.economictimes.indiatimes.com/news/corporate-news/palo-alto-networks-clinch-500-customers-in-india-in-past-2-years/53395107



Centripetal Networks Joins with Infoblox to Offer Actionable Threat Intelligence
Centripetal Networks Inc., the leading provider of Real-Time Active Network Defense solutions, today announced it is joining with Infoblox to provide a platform to easily apply cyber threat intelligence to directly defend networks with up-to-date intelligence.
The relationship further expands Centripetal’s RuleGate® Network Protection System with the addition of Infoblox’s ActiveTrust data, which combines threat intelligence from trusted white-hat allies, including law enforcement agencies and internet infrastructure providers, with vetted data from select open-source providers. 
Centripetal’s RuleGate® Network Protection System dynamically updates threat intelligence from Infoblox, and more than 40 other sources, normalizes the intelligence, and applies it to the network to alert, block or redirect malicious traffic.
The platform includes the Advanced Cyber Threat™ (ACT) service, the RuleGate® network appliance and QuickThreat®, Centripetal Networks’ real-time threat intelligence analytics application.
Link: http://www.pressreleaserocket.net/centripetal-networks-joins-with-infoblox-to-offer-actionable-threat-intelligence/474462/



AlienVault Unveils Latest Edition of Open Threat Exchange 
-  Launched in 2012, Open Threat Exchange (OTX) has grown to more than 47,000 users who contribute approximately 4 million artifacts each day to the OTX community.
-  With the latest version, OTX members can now create private communities and discussion groups, where they can share content and selected pulses with members.
-  OTX data works hand-in-hand with security platforms, such as AlienVault Unified Security Management, to ensure users have the latest intelligence to identify threats. 
With this release, OTX members can now create private communities and discussion groups, where they can share threat information with only members of the group.
This capability enables more targeted, in-depth discussion and threat information distribution related to specific industries, particular regions and types of threats.
This new feature supports the mission of Information Sharing and Analysis Centers (ISACs) pursuant to Presidential Decision Directive-63 (PDD-63) by providing a platform for information sharing and risk mitigation for specific groups and teams.
In addition, managed service providers can use this feature to distribute threat data to their subscribers. 
OTX data works hand-in-hand with security platforms, such as AlienVault USM, to ensure users have the latest intelligence to identify, respond to and mitigate threats.
As part of AlienVault's commitment to continually innovating and enabling even the smallest IT departments to detect and respond to threats more effectively, a new version of USM, with enhanced capabilities like USB detection, will also be available in early August.
Link: http://finance.yahoo.com/news/alienvault-unveils-latest-edition-open-130000037.html

Monday, July 11, 2016

IT Security News - 2017-07-11

Table of Contents

  • How to handle security risks in Red Hat virtualization environments
  • Google is already fighting hackers from the future with post-quantum cryptography
  • If My Website Is Hacked and Customer Data Exposed, Am I Liable?
  • Business travellers putting organisations' cyber-security at risk
  • Protecting a BIT of Integrity BYTES
  • Global Cybergangs Take The ‘Cyber Arms Race’ Lead
  • Cybercrime Now Surpasses Traditional Crime In UK
  • Report: Firms see cyber threats, but not the means to deal with them
  • Business Intelligence and Data Security: A Double-Edged Sword
  • 8 Ways Ethically Compromised Employees Compromise Security



How to handle security risks in Red Hat virtualization environments 
Here's a rundown of the types of threats to virtualization environments, and ways they can be mitigated: 
- Denial of Service (DOS) attacks
- Memory corruption and leakage  
- Guest-to-Host escape
Mitigation Techniques
-You can use control groups to protect the four core resources (memory, CPU, disk or network) that can be exploited. 
-SELinux is Red Hat's Linux Security Module and it operates by implementing Mandatory Access Controls (MAC). 
-sVirt (secure virtualization) combines SELinux and virtualization. 
-SecComp is a kernel feature still early in development which also provides sandboxing like capabilities.
Link: http://www.techrepublic.com/article/how-to-handle-security-risks-in-red-hat-virtualization-environments/?ftag=TRE684d531&bhid=21487072891631060763005914609462



Google is already fighting hackers from the future with post-quantum cryptography 
"We're announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used," Google Software Engineer Matt Braithwaite wrote in a blog post Thursday, pointing out that Google plans to discontinue the experiment after two years, and hopefully move on to an even better algorithm. 
What does all this mean for Chrome users.
Not much.
Regular users won't be part of the test.
Those who want to have a fraction of their online communication protected with a post-quantum key exchange algorithm should install the latest Chrome Canary build.
To check whether post-quantum crypto was on, go to a HTTPS-secured page, click on the lock next to the URL in the address bar, click on "details," and check if Key Exchange starts with “CECPQ1”.
Link: http://mashable.com/2016/07/08/google-chrome-quantum-cryptography/#zm1AzEuUGuqW



If My Website Is Hacked and Customer Data Exposed, Am I Liable?
That is a question most small business owners aren’t losing sleep over or are readily prepared to answer.
But in an era where data breaches routinely occur, it warrants serious consideration. 
Unfortunately, there is no cut-and-dried answer to that question.
Some attest that the entity holding the information is liable while others suggest the customer bears responsibility. 
Perez, weighing in on the liability issue, warns that small businesses running an ecommerce site must comply with the Payment Card Industry Data Security Standard (PCI DSS). 
“The landscape of cyber security is shifting rapidly as data breaches are spiking,” Delaney said. “Congress, regulators and state attorneys general are taking a hard look at how companies … are protecting consumer information from unauthorized access.
Hearings have been held, and new laws pushed.” 
Notification can quickly become very expensive, however, particularly if you have thousands of customers with which to communicate. 
Unfortunately, standard commercial property and liability insurance does not cover the loss of personally identifiable information.
To address the issue, several companies now offer cyber liability policies intended to cover a data breach where customer information, such as Social Security or credit card numbers, is exposed or stolen. 
While the question of liability is still not clear cut, businesses can protect themselves and their customers by following the guidelines included in this article.
Link: http://smallbiztrends.com/2016/07/website-hacked-customer-data-exposed-liable.html



Business travellers putting organisations' cyber-security at risk 
A survey by Kaspersky Lab of 11,850 people from across Europe, Russia, Latin America, Asia Pacific and the US found that the pressure from work to get online is clouding the judgment of business travellers when connecting to the internet. 
It said that three in five (59 percent) of people in senior roles say they try to log on as quickly as possible upon arrival abroad because there is an expectation at work that they will stay connected.
The research also found that 47 percent think that employers, if they send staff overseas, must accept any security risks that go with it. 
Almost half (48 percent) of senior managers and more than two in five (43 percent) of mid-level managers use unsecure public access Wi-Fi networks to connect their work devices when abroad.
At least two in five (44 percent and 40 percent, respectively) use Wi-Fi to transmit work emails with sensitive or confidential attachments. 
One in five (20 percent) senior executives admit to using work devices to access websites of a sensitive nature via Wi-Fi – compared to an average 12 percent.
One in four (27 percent) have done the same for online banking – compared to an average 16 percent.
Link: http://www.scmagazine.com/business-travellers-putting-organisations-cyber-security-at-risk/article/508027/



Protecting a BIT of Integrity BYTES 
Leveraging the NIST Cybersecurity Framework to apply necessary albeit painful and often overlooked cyber changes to protect your most critical high-value assets (“Crown Jewels”) from advanced cyber threats
This post will focus primarily on Identify function’s Asset Management component and the Protect function of the NIST framework as it relates to often overlooked operational changes needed to isolate critical high-value assets. 
What to Protect? 
How to Protect? 
Rise above the threats.
Leverage the NIST Cybersecurity Framework and follow best practices to isolate and protect your most critical “crown jewels” and tier-0 credentials using operational security practices and not just dependence on the latest “shiny object” security tools.
Bad guys have these same security tools before they attack, so we need to change the way we isolate and operate on our network.
These changes can be painful and often not intuitive, but defending against advanced attackers require advanced operational defenses to keep a breached PC from becoming a totally owned network.
Link: https://blogs.technet.microsoft.com/staysafe/2016/07/07/protecting-a-bit-of-integrity-bytes/



Global Cybergangs Take The ‘Cyber Arms Race’ Lead 
In the release of its first Cyber Crime Assessment report on Thursday (July 7), the U.K.’s National Crime Agency (NCA) said that police and businesses are losing the “cyber arms race” to these sophisticated criminals. 
According to the data, the most significant and advanced threat to the U.K. is actually from a small group of international crooks that use “highly profitable” malware to fuel cyberattacks.
These organized gangs of criminals are able to launch attacks directly at both businesses and individuals. 
According to the report, advertisements — ranging from “DDOS attacks for as low as $5 USD an hour” to “Online tutorials from $20 USD that cover DDOS attacks, cracking Wi-Fi, Crypters and much more” — are just a sample of the offerings posted across the underground marketplace, which it describes as growing bigger, more sophisticated and competitive. 
The intelligence analysts found that malware is becoming “much cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information,” posing an even greater threat to unsuspecting groups, consumers, private organizations and the government.
Link: http://www.pymnts.com/news/security-and-risk/2016/cybergangs-cyber-arms-race-malware/



Cybercrime Now Surpasses Traditional Crime In UK
Cybercrime is currently outpacing traditional crime in the United Kingdom in terms of impact spurred on by the rapid pace of technology and criminal cyber-capability, according to the UK’s National Crime Agency. 
The trend suggests the need for a more collective response from government, law enforcement, and industry to reduce vulnerabilities and prevent crime, the NCA report says. 
One security expert notes that the cybercrime situation here in the US is even more dire. 
“I think it is more dramatic in the US and I do think cybercrime is a larger industry than narcotics trafficking because of intellectual property theft and secondary infection,” says Tom Kellermann, co-founder and CEO of Strategic Cyber Ventures, which invests in next-generation security technology.
Link: http://www.darkreading.com/threat-intelligence/cybercrime-now-surpasses-traditional-crime-in-uk/d/d-id/1326208



Report: Firms see cyber threats, but not the means to deal with them 
The study, “Taking the Offensive: Working Together to Disrupt Cyber Crime,” was undertaken by international consulting firm KPMG and telecoms group BT. 
While awareness of the threat has never been higher — 73 percent of respondents said digital security was on the agenda of board meetings — most organizations still don’t understand the scale of the threat and aren’t ready for it, according to the report. 
Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication—what the report calls a “vast dark market” for cyber crime tools.
Less than a quarter (22 percent) said they were “fully prepared” to combat security breaches by ever-more-agile cyber criminals. 
Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber crime.
Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes.
Lack of investment and even cultural change within organizations were cited as barriers.
Link: http://fedscoop.com/organizations-fully-aware-of-growing-cyber-threat-but-few-ready-to-deal-with-it-study-finds



Business Intelligence and Data Security: A Double-Edged Sword 
Business intelligence represents great opportunities for businesses that have the right people, processes and technology in place.
According to a recent ComputerWorld survey, 50 percent of respondents are increasing their IT security budget. 41 percent are increasing their analytics investment.
Another survey found that 35 percent of respondents considered security concerns to be the biggest obstacle surrounding data analysis.
The analytics software space is packed with vendors looking to cash in on this opportunity.
Proof positive is how hot the big data market has been over the past several years.
New data frontiers like social media, mobile ecommerce and web content performance represent new challenges and opportunities for insight for companies of all sizes.
Security Information and Event Management systems are powerful analytics solutions in their own right.
The latest security analytics systems are positioned as more advanced than SIEM could offer.
Threat Analytics/Intelligence solutions, delivered via the cloud by companies like FireEye, Palo Alto Networks and Fortinet are seen as the next generation of security intelligence.
Traditional BI vendors collect a lot of data from various repositories such as ERP, CRM and asset management systems, though they have typically left security and threat analytics to the leading vendors in that space.
Sharing business performance information across your company should be carried out on a “need to know” basis.
Providing permission-based access to data visualizations and executive dashboards should be provisioned with consideration of:
Standards-based API’s, certified by credible sources makes for safer analytics hub than coding your own connections.
Analytics engines are often at the center of multiple systems, which makes them a potentially lucrative target for opportunistic hackers.
Since many data breaches are as a result of employee activities, it emphasizes the need to govern access to reporting systems.
Link: http://www.business2community.com/business-intelligence/business-intelligence-data-security-double-edged-sword-01577755#KvjcbYs2JVLiiH8q.97



8 Ways Ethically Compromised Employees Compromise Security
The fact is that there are always a few bad apples in the barrel, and when it comes to employees—whether IT or your typical corporate user—the bad actors can introduce a lot of risk to the organization.
But some IT executives may not realize just how many potential bad apples there can be, depending on the circumstances. 
Here are a few statistics that show how prevalent shaky ethics really are in the workplace.
Link: http://www.darkreading.com/threat-intelligence/8-ways-ethically-compromised-employees-compromise-security/d/d-id/1326196

Sunday, July 10, 2016

Security Industry News - 2016-07-10

Table of Contents

  • Novosco buys UK IT security services firm NetDef
  • Independent Research Firm Cites BeyondTrust as a Leader in Privileged Identity Management Report
  • Thai companies beef up security as malware threats evolve
  • Kaspersky ATM security solution promises big malware defense in a small package
  • Cybersecurity firms step up intel sharing despite issues of trust
  • Skyport interacts with Cisco ACI
  • European tech investors spot safe havens from Brexit worries
  • Why FireEye Is A Toxic Investment
  • UPDATED: Michael Yell joins RSA



Novosco buys UK IT security services firm NetDef
UK IT security solutions and managed services company NetDef has been acquired by Irish cloud provider Novosco for a 7-figure sum.
The deal will expand Novosco's workforce to 140 and expand its UK business.
Link: http://www.telecompaper.com/news/novosco-buys-uk-it-security-services-firm-netdef—1152320



Independent Research Firm Cites BeyondTrust as a Leader in Privileged Identity Management Report 
PHOENIX—(BUSINESS WIRE)—BeyondTrust,
the leading cyber security company dedicated to preventing privilege
abuse and stopping unauthorized access, today announced it has been
named a Leader in The Forrester WaveTM: Privileged Identity
Management, Q3 2016 report.
According to The Forrester Wave, BeyondTrust
excels with its privileged session management capabilities.
Link: http://tucson.com/business/independent-research-firm-cites-beyondtrust-as-a-leader-in-privileged/article_da699be3-f0ae-541e-907a-b1f62a430533.html



Thai companies beef up security as malware threats evolve 
Spending on computer security in Thailand is expected to resume double-digit growth this year, fuelled by the growing sophistication of malware threats and development of the digital economy and the national e-payment system, says a security software firm. 
The surge follows high-single-digit growth in 2015.
No raw figures are available on computer security spending. 
Khongsak Kortrakul, senior manager for technical service at Trend Micro (Thailand), said the growth of malware threats is boosting demand for automated data protection software. 
Companies in Thailand experience about 10 malware incidents a month, with medium-sized enterprises heavily targeted.
Link: http://www.thestar.com.my/tech/tech-news/2016/07/08/companies-beef-up-security-as-malware-threats-evolve/



Kaspersky ATM security solution promises big malware defense in a small package 
Kaspersky Lab recently announced the availability of Kaspersky Embedded Systems Security, a targeted enterprise-grade solution designed to defend ATMs, point-of-sale systems and point-of-service machines against malware attacks. 
The solution works to protect a variety of Windows-based platforms that handle sensitive financial operations, a press release said. 
The solution supports Windows versions from XP up to and including Windows XP Embedded, Windows Embedded 8.0 Standard and Windows 10 IoT.
Additionally, it can run on systems with as little as 256 megabytes of memory and just 50 megabytes of available disk space, Kaspersky said.
Link: http://www.atmmarketplace.com/news/kaspersky-atm-security-solution-promises-big-malware-defense-in-a-small-package/



Cybersecurity firms step up intel sharing despite issues of trust
“We have to win this war together,” said Ben Johnson, chief security strategist of Carbon Black. 
The company is the latest to help pool together security expertise with a new platform called the Detection eXchange. 
In 2014, Palo Alto Networks joined with rivals including Fortinet, Intel Security and Symantec to form the Cyber Threat Alliance.
The vendors are each sharing around 1,000 malware samples each day and using that data to bolster their security products. 
The alliance is still small, with only about eight members, but Howard believes it will be a “game changer” if the group can expand to 50. 
The intelligence sharing fills gaps in what each security vendor knows.
For instance, Palo Alto Networks and Symantec overlap in only about 70 percent of the malware intelligence they share, according to Howard. 
A major fear is that information shared about vulnerabilities or a company's infrastructure may be leaked accidentally to other hackers.
But the pros can outweigh the cons.
Companies Wright has talked to see the benefits of wider collaboration and even expect it from their vendor.
They realize they’re walking a fine line between the risk of sharing too much and potentially stopping the next cyber attack.
Link: http://www.pcworld.com/article/3093477/cybersecurity-firms-step-up-intel-sharing-despite-issues-of-trust.html



Skyport interacts with Cisco ACI 
Skyport's SkySecure converged system brings together zero trust compute, virtualization and a full stack of security technologies.
It logs all traffic at a forensically auditable level, enabling users to see where traffic originates, where it is headed, whether it was allowed or not, what policy allowed or blocked it, and when and who put that policy into action.
Remote management capability allows users to easily secure branch infrastructure without firewalls, proxies, MPLS or other security measures.
Link: http://www.convergedigest.com/2016/07/skyport-interoperates-with-cisco-aci.html



European tech investors spot safe havens from Brexit worries 
Technology investors seeking refuge after Brexit are picking companies delivering instant access to services for Web and mobile customers or firms mainly doing business globally which can benefit from the pound's fall. 
They are shying away from hardware makers or e-commerce suppliers with sizeable UK sales, which count for less after currency swings driven by Britain's vote to leave the EU. 
Shareholders are also wary of software and services firms getting caught short by budget freezes by customers scrambling to reassess their businesses and resulting slowing economic growth. 
Two UK-based safe havens are ARM Holdings (ARM.L), which licenses chip technology used in most smartphones worldwide, and Sophos (SOPH.L), driven by demand for its computer security software and services, most financial analysts say. 
U.S. names like Salesforce.com (CRM.N) and Red Hat (RHT.N), with long-term subscriptions for Internet-delivered software and little direct exposure to Britain, are safe bets, said Silicon Valley-based analyst Trip Chowdhry.
Amazon.com (AMZN.O) and Apple (AAPL.O), while active in Britain, enjoy strong brands and have sticky subscription business models likely to insulate them from any UK slowdown, he said.
Link: http://www.reuters.com/article/us-britain-eu-tech-results-idUSKCN0ZQ0F2



Why FireEye Is A Toxic Investment 
FireEye investors who have bought the stock in the hopes of an acquisition should consider selling their holdings as none will buy out the company at its asking valuation. 
FireEye has removed its CEO who used to specialize in selling several emerging companies and was spearheading companies like McAfee and Documentum when they were acquired. 
No buyer will pay a premium for FireEye as its expenses have been rising at a faster pace than the revenue, while the debt is also substantial. 
Due to a rapid growth in expenses, FireEye's operating cash flow has slipped deep into the red, which is why no buyer might pay its $30/share asking price. 
FireEye has made a mistake by not accepting two buyout offers this year, while the management shake-up indicates that the board does not intend to sell the company. 
With expenses increasing at a faster rate than revenue, FireEye's business model is currently unsustainable.
Clearly, the company is bleeding money and will continue to do so as the trend above suggests. 
In my opinion, an acquisition would have been the best possible outcome.
However, due to the reasons mentioned above, the chances of the company getting acquired at $30 per share are next to zero now.
Hence, I think investors should stay away from the stock.
Link: http://seekingalpha.com/article/3987377-fireeye-toxic-investment#alt2



UPDATED: Michael Yell joins RSA
Security vendor RSA has appointed a new head of channels and alliances for Asia Pacific and Japan, naming former TeleSign executive Michael Yell to the role. 
Yell joined the company as of June 2016 and will be based at RSA’s Sydney offices. 
The company has recently moved a number of APJ roles to Sydney including channel, inside sales, business unit leads and marketing. 
As part of the role, Yell will be charged with implementing regional channel strategy in the region and managing the company’s partner base.
Link: http://www.arnnet.com.au/article/603160/michael-yell-joins-rsa/

Friday, July 08, 2016

IT Security News - 2017-07-08

Table of Contents

  • Commission boosts cybersecurity industry and steps up efforts to tackle cyber-threats
  • Endpoint and Network Security: The rise of “Defense in Depth”
  • EU to invest €450 million in cybersecurity partnership fund
  • The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges
  • Password Sharing Is a Federal Crime, Appeals Court Rules
  • French internet security report urges use of best practice
  • Meeting the cyberchallenge
  • BT : Industrialisation Of Cybercrime Is Disrupting Digital Enterprises
  • Brian Krebs at TMG Executive Summit: Financial institutions have to empower security leaders
  • Microsoft Cybersecurity Advocates for Coordinated Norms



Commission boosts cybersecurity industry and steps up efforts to tackle cyber-threats 
Since the adoption of the EU Cybersecurity Strategyin 2013, the European Commission has stepped up its efforts to better protect Europeans online.
It has adopted a set of legislative proposals, in particular on network and information security, earmarked more than €600 million of EU investment for research and innovation in cybersecurity projects during the 2014-2020 period, and fostered cybersecurity cooperation within the EU and with partners on the global stage. 
But more work is needed to address the increasing number and complexity of cyber-threats.
This is why the Commission proposes today a series of measures to reinforce cooperation to secure Europe's digital economy and society, and to help develop innovative and secure technologies, products and services throughout the EU. 
The Commission has proposed an action plan to further strengthen Europe’s cyber resilience and its cybersecurity industry.
This includes measures to: 
- Step up cooperationacross Europe
- Support the emerging single market for cybersecurity products and services in the EU
- Establish a contractual public-private partnership (PPP) with industry  
The EU Cybersecurity Strategy and the forthcoming NIS Directive already lay the groundwork for improved EU-level cooperation and cyber resilience. 
The forthcoming NIS Directive establishes two coordination mechanisms:
-  the Cooperation Group which supports strategic cooperation and exchange of relevant information related to cyber incidents among Member States, and
-  the Network of Computer Security Incident Response Teams (so-called CSIRT network) which promotes swift and effective operational cooperation on specific cybersecurity incidents and sharing information about risks.
Link: http://europa.eu/rapid/press-release_MEMO-16-2322_en.htm



Endpoint and Network Security: The rise of “Defense in Depth” 
While there is an important place for network security – the simple fact that no system will ever be 100% secure shines light on the need for additional layers of security.
Often network security solutions are trying to filter dangerous content from reaching vulnerable endpoints, but isn’t it better if we can make the endpoints less vulnerable.
With this in mind, the best strategy is to build security from the endpoint out - reducing the attack surface and building defendable infrastructure. 
While network-based security solutions can attempt to block threats before they hit the endpoint, the major problem with this approach is that companies that rely heavily on network security end up with an “eggshell” security stance – whereby a system is reliant on a single outer shell to protect all of the organization’s data. 
The main difficulty faced by detection solutions is the impossible trade-off between security and usability.
Namely, all threats need to be deeply analyzed, but security teams simply cannot make employees wait while they address these issues, which would reduce productivity and staff morale. 
Intel Security found that more than 30% of organizations disable network-based security features for this exact reason.
Malware authors know this, and therefore will create attacks that simply lay dormant for a period of time to bypass the network sandbox.
This has caused malware to evolve new methods of avoiding networks security products, including:
• Delayed onset
• Detecting virtualized environment
• Checking the number of CPU cores (network sandbox usually only presents one)
• Checking if user is real (monitor mouse movement, etc.)
• Exploiting the virtual environment to escape
The most effective way to complement a strong network defense is by reducing the attack surface of the endpoint. 
1- Removing administrator privileges
2- Application whitelisting
3- Sandboxing
A bank doesn’t leave the vault door open just because they have a security guard on the door – they start from the vault and layer security outward.
If the endpoint isn’t secure, and security admins do not ensure that both systems work in tandem, companies simply risk losing data, intellectual property, resources, money and invaluably, trust – in other words, everything.
Link: http://www.information-management.com/news/security/endpoint-and-network-security-the-rise-of-defense-in-depth-10029240-1.html



EU to invest €450 million in cybersecurity partnership fund
The Commission said that it will invest an initial €450 million in the partnership and expects organisations including national, regional and local government bodies, research centres and academia to invest three times as much. 
The partnership will bring companies together for research into cybersecurity solutions for different sectors including energy, health, transport and finance, the Commission said. 
The Commission will encourage EU countries to make use of cooperation mechanisms which will be established under the new Network and Information Security (NIS) Directive, which is expected to be adopted by the European Parliament this week.
Link: http://www.out-law.com/en/articles/2016/july/eu-to-invest-450-million-in-cybersecurity-partnership-fund/



The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges 
This kernel of wisdom comes from a certain high-tech headhunter in the late 1980s, who passed it on as she was helping her candidates prepare for their next job.
Twenty years later, it showed up again in “What Got You Here Won’t Get You There,” a best-selling business book by Marshall Goldsmith. 
Two Distinct Roles
As recommended in a strategy map for security leaders, successful next-generation CISOs should strive for their information security teams to be perceived by key stakeholders as being strong in both of two distinct roles: 
- Subject matter experts
- Trusted advisers
Four Fundamental Questions
1) What’s the risk? 
2) What’s the annualized risk in the specific context
3) How does an incremental investment quantifiably reduce risk? 
4) How does one investment compare to another
Three Persistent Challenges
1) A language challenge
2) A measurement challenge
3) A communications challenge
Link: https://securityintelligence.com/the-information-security-leader-part-1-two-distinct-roles-four-fundamental-questions-and-three-persistent-challenges/



Password Sharing Is a Federal Crime, Appeals Court Rules 
One of the nation’s most powerful appeals courts ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all “hacking” law that has been widely used to prosecute behavior that bears no resemblance to hacking. 
In this particular instance, the conviction of David Nosal, a former employee of Korn/Ferry International research firm, was upheld by the Ninth Circuit Court of Appeals, who said that Nosal’s use of a former coworker’s password to access one of the firm’s databases was an “unauthorized” use of a computer system under the CFAA. 
At issue is language in the CFAA that makes it illegal to access a computer system “without authorization.” McKeown said that “without authorization” is “an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.” The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?
Link: http://motherboard.vice.com/read/password-sharing-is-a-federal-crime



French internet security report urges use of best practice
An official report on internet security in France has urged all players in the sector to follow best practice recommendations for the BGP, DNS and TLS security protocols. 
The Resiliance of the French Internet report also encouraged all those in the sector to prepare themselves against the distributed denial-of-service (DDoS) attacks that have been behind some of the higher-profile failures of internet services. 
The 2015 report, the fifth of its kind, made the following principle recommendations: monitor prefix advertisements, and be prepared to react in case of hijacking; use protocols that support forward secrecy and discontinue the increasingly vulnerable SSLv2 and SHA-1 algorithms; diversify the number of SMTP and DNS servers in order to improve the robustness of the infrastructure; apply best practices to limit the effects of failures and operational errors and pursue the deployment of IPv6, DNSSEC, and RPKI to help develop skills and to anticipate possible operational problems.
Link: http://www.telecompaper.com/news/french-internet-security-report-urges-use-of-best-practice—1152056



Meeting the cyberchallenge 
Each year, the United States falls farther behind in educating K-12 students in science, technology, engineering and math (STEM).
It falls behind in teaching the next generation of technology workers for American companies.
And it falls behind in instructing cybersecurity professionals who will help protect our country.
This deficiency puts our national security at greater risk.
After years of analyzing this challenge, it’s now time for the federal government to act and help address this vulnerability.
Congress should invest in the future by providing adequate resources for K-12 computer science education for the next fiscal year, especially in this transition period between presidential administrations. 
In addition, at a time of increasing cyberthreats and greater complexity in cyberwarfare, the nation also needs skilled cybersecurity.
We now require individuals who can design weapons to support U.S. warfighters and provide cyberdefense for our country’s assets.
Our cyberstrength relative to that of our nation’s adversaries is too vital to ignore.
Link: http://www.washingtontimes.com/news/2016/jul/4/meeting-the-cyberchallenge/



BT : Industrialisation Of Cybercrime Is Disrupting Digital Enterprises 
DALLAS, July 5, 2016 /PRNewswire/—Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals.
The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG. 
The report, Taking the Offensive - Working together to disrupt digital crime finds that, while 94 per cent of IT decision makers are aware that criminal entrepreneurs are blackmailing and bribing employees to gain access to organisations, roughly half (47 per cent) admit that they don't have a strategy in place to prevent it. 
The report also finds that 97 per cent of respondents experienced a cyber-attack, with half of them reporting an increase in the last two years.
At the same time, 91 per cent of respondents believe they face obstacles in defending against digital attack, with many citing regulatory obstacles, and 44 per cent being concerned about the dependence on third parties for aspects of their response. 
Mark Hughes, CEO Security, BT, said: "The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft.
The twenty-first century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market." 
The BT-KPMG report shows that Chief Digital Risk Officers (CDROs) are now being appointed to hold strategic roles which combine digital expertise with high-level management skills.
With 26 per cent of respondents confirming that a CDRO has already been appointed, the report's data suggests that the security role and accountability for it is being re-examined.
Link: http://www.4-traders.com/BT-GROUP-PLC-11943/news/BT-Industrialisation-Of-Cybercrime-Is-Disrupting-Digital-Enterprises-22632905/



Brian Krebs at TMG Executive Summit: Financial institutions have to empower security leaders
DES MOINES, IA (July 7, 2016) — TMG Executive Summit keynote speaker Brian Krebs told a room full of credit union and community bank leaders that layers of technology are not enough to stop a data breach.
Instead, the investigative reporter insisted, security is only as effective as the people managing it for you. 
“Organizations buy into the idea that doing security right is layering on the right mix of technology software and services, and that this magic combination will block 99 percent of attacks,” said Krebs, mastermind behind the popular Krebs on Security blog. “It’s just not true.
It’s very expensive to do security right, and that’s partly because the actual security of your organization comes from security specialists.” 
It’s not uncommon, Krebs said, for an organization to look at its event logs for the first time after someone like him gives them a call.
He devotes a lot of energy to breach notification.
Comparing the experience of being notified of a breach to the five stages of grief, Krebs says the people he notifies are almost always in denial. “Those with a high degree of security maturity skip through the first stages and go straight to depression,” Krebs said to a roomful of nervous laughter. 
Phishing, he said, is becoming increasingly sophisticated, even though some cybersecurity experts talk about it as a solved problem.
Over a span of three weeks, Krebs notified several different companies of phishing threats facing their C-suites.
He had seen actual communications spoofing CEO email addresses on the dark web.
No one from any of these vulnerable organizations returned his calls. 
Krebs concluded his hour-long talk by coming back to his point about the importance of human security leadership.
The head of security, Krebs advised, should always report to the COO, CEO or the board of directors.
Organizations with what he calls a high degree of security maturity have created separation between IT and security: “The surest way to deny your security people any say is to have them report to the head of IT.”
Link: https://www.cuinsight.com/press-release/brian-krebs-tmg-executive-summit-financial-institutions-empower-security-leaders



Microsoft Cybersecurity Advocates for Coordinated Norms 
Microsoft wants new standards for the cybersecurity world, a vision proposed in its recently published paper “From Articulation to Implementation: Enabling Progress on Cybersecurity Norms.” 
Overall, the Microsoft cybersecurity viewpoint emphasizes the need for a consensus across the industry.
Specifically, the company wants to establish norms regarding the effective disclosure of security issues as well as methods to deal with the attribution of hostile acts directed at software. 
What Microsoft wants is a “coordinated disclosure” approach.
This is a variant of responsible disclosure that also allows disclosure to computer emergency response teams (CERTs) along with the vendor.
The company believes that public disclosure should only happen after a patch has been issued and believes this should be the new cybersecurity norm. 
But Juan Andres Guerrero-Saade, a senior security researcher at Kaspersky Lab, may have identified a problem with trying to establish any norms.
He told SecurityWeek that “the whole concept of norms assumes that they relate to some homogeneous body guided by the same basic principles.
That clearly isn’t so in cyberspace.”
Link: https://securityintelligence.com/news/microsoft-cybersecurity-advocates-for-coordinated-norms/

Thursday, July 07, 2016

Security Industry News - 2016-07-07

Table of Contents

  • 10 cutting-edge tools that take endpoint security to a new level
  • mindSHIFT unveils new proactive IT security offerings to protect customers' information
  • Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice
  • Despite Decline, FireEye Is Still Not Cheap
  • Faraday: Collaborative pen test and vulnerability management platform
  • Faraday: Collaborative pen test and vulnerability management platform
  • UpGuard Becomes Member of the Center for Internet Security, Develops Solution to Help Businesses Meet CIS Guidelines
  • Twistlock Secures $10 Million in Series A Funding
  • Ixia Combines Visibility and Test Technology to Speed Network Fault Isolation and Outage Resolution
  • Report: Here's Who FireEye Could Be Eyeing For An Acquisition
  • Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio
  • Worldwide cloud IT infrastructure revenue grows to $6.6 billion
  • Fusion Wins $1.3 Million Contract to Provide Cloud Services to Leading Cybersecurity Company
  • Antivirus merger: Avast to buy AVG for $1.3 billion
  • Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out
  • Cyphort Strengthens Management Team with Two New Executive Hires
  • Palo Alto offers $16,000 in looming CTF hack off



10 cutting-edge tools that take endpoint security to a new level
The 10 products we tested in this review go beyond proactive monitoring and endpoint protection and look more closely at threats.
They evaluate these threats in a larger ecosystem, combining the best aspects from network intrusion detection and examining the individual process level on each computer.
That is a tall order, to be sure. 
Evidence of how important this product category has become is Microsoft's latest entry, called Windows Defender Advanced Threat Protection.
Announced at the RSA show in March, it will be slowly rolled out to all Windows 10 users (whether they want it or not, thanks to Windows Update).
Basically what Microsoft is doing is turning every endpoint into a sensor and sending this information to its cloud-based detection service called Security Graph.
No remediation feature has been announced to work with this yet. 
Besides Microsoft, there are many products to choose from.
We looked at Outlier Security, Cybereason, Sentinel One, Stormshield SES, ForeScout CounterAct, Promisec PEM, CounterTack Sentinel, CrowdStrike Falcon Host, Guidance Software Encase, and Comodo Advanced Endpoint Protection. (BufferZone, Deep Instinct, enSilo, Triumfant, ThreatStop and Ziften declined to participate.) 
The best products combine both hunting and gathering approaches and also look at what happens across your network, tie into various security event feeds produced by both internal systems and external malware collectors, work both online and offline across a wide variety of endpoint operating systems and versions, and examine your endpoints in near real-time. 
As you might suspect, no one product does everything.
You will have to make compromises, depending on what other security tools you already have installed and the skill levels of your staff.
Because of this, we weren't able to score each product numerically or award an overall winner.
Link: http://www.infoworld.com/article/3091100/endpoint-protection/10-cutting-edge-tools-that-take-endpoint-security-to-a-new-level.html



mindSHIFT unveils new proactive IT security offerings to protect customers' information 
STERLING, Va., July 6, 2016 /PRNewswire/—mindSHIFT Technologies, Inc., a Ricoh company, today announced the launch of mindSHIFT IT Security, Risk and Compliance Services.
This latest addition to mindSHIFT's robust IT services portfolio will enable customers to take a proactive approach to information security. 
Available to customers today, mindSHIFT's IT Security, Risk and Compliance Services consist of three distinct services to help organizations identify and mitigate risk from security breaches, cyberattacks, rogue employees and to help organizations achieve compliance with federal, state and industry regulations.
These services include External Vulnerability Assessments, Penetration Testing and Cybersecurity Risk Assessments.
Link: http://finance.yahoo.com/news/mindshift-unveils-proactive-security-offerings-133000140.html



Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice 
Kroll (“the Company”), a global leader in risk mitigation, compliance, security, and incident response solutions, today announced the appointment of J.
Andrew Valentine as an Associate Managing Director in its Cyber Security and Investigations practice.
With a wide range of experiences and skills that bridge the private sector and law enforcement, Valentine is a highly accomplished practitioner as well as a recognized thought leader, author, and speaker on computer crime and cyber security.
He has managed numerous high-profile criminal forensic and data breach investigations in the United States and internationally, where his work proved instrumental in the arrests and successful prosecutions of notorious hackers and criminals. 
Over the course of a 14-year career, Valentine became well-versed in criminal and civil investigative requirements, including computer forensics, evidentiary procedures, and fact-finding techniques, during his service with the Florida Department of Law Enforcement’s Computer Crime Center and with Verizon/Cybertrust.
He has regularly collaborated with government and state/provincial law enforcement agencies worldwide, including the Federal Bureau of Investigation, U.S.
Secret Service, and Department of Homeland Security.
Adept at making a complex and challenging subject matter clear and comprehensible, Valentine has served as an expert witness in criminal and civil trials.
Link: http://finance.yahoo.com/news/kroll-names-j-andrew-valentine-155300383.html



Despite Decline, FireEye Is Still Not Cheap 
FireEye’s economic earnings, the true cash flows of the business, have declined from -$40 million in 2012 to -$587 million over the trailing twelve months.
By removing stock based compensation expense, FEYE is able to report non-GAAP results that, while not positive, are improving year-over-year while the true profits are declining. 
With shares now greatly overvalued plus large profit losses and strong competition, FireEye (NASDAQ:FEYE) is this week's Danger Zone pick. 
The security industry is highly competitive and FEYE faces significant challenges from each of its competitors.
As noted in the company's 10-K, competition comes from Cisco (NASDAQ:CSCO), Juniper (NYSE:JNPR), Intel (NASDAQ:INTC), IBM (NYSE:IBM), and Palo Alto Networks (NYSE:PANW), among others.
Figure 3 makes it clear that FEYE's competition have higher margins and ROICs.
With such negative profitability, FireEye has competitive disadvantages in the form of less capacity to invest in product development and less pricing flexibility. 
More recently, in 1Q16, revenue grew by 34% year-over-year.
However, cost of revenues grew 37%, R&D grew 31%, and general and administrative costs grew 30% year-over-year.
In order to buy into the bull case, one must believe FEYE can significantly cut costs in order to improve margins, while simultaneously growing revenue to maintain the "growth story" initially sold to the market.
Link: http://seekingalpha.com/article/3986664-despite-decline-fireeye-still-cheap?auth_param=137vrm:1bnqfrk:d48164696a98d79d229d4e247763caad&uprof=45&dr=1



Faraday: Collaborative pen test and vulnerability management platform 
Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time.
It gives CISOs a better overview of their team’s job, tools and results.
You can run it on Windows, Linux and OS X. 
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan. 
Radical changes to the tool – how looks and behaves – are in the works.
One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
Link: https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/



Faraday: Collaborative pen test and vulnerability management platform 
Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time.
It gives CISOs a better overview of their team’s job, tools and results.
You can run it on Windows, Linux and OS X. 
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan. 
Radical changes to the tool – how looks and behaves – are in the works.
One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
Link: https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/



UpGuard Becomes Member of the Center for Internet Security, Develops Solution to Help Businesses Meet CIS Guidelines 
MOUNTAIN VIEW, CA—(Marketwired - Jul 6, 2016) -  UpGuard today announced that it has become a member of the Center for Internet Security (CIS), and will continue to help businesses expand visibility into their cyber risk by providing hardening benchmarks to all customers.
By incorporating these benchmarks, UpGuard's CSTAR solution builds on its lead in providing the most complete assessment of both internal and external cyber risk.
Link: http://finance.yahoo.com/news/upguard-becomes-member-center-internet-160000777.html



Twistlock Secures $10 Million in Series A Funding 
SAN FRANCISCO, CA—(Marketwired - Jul 6, 2016) - Twistlock, the leading provider of security solutions for virtual containers, today announced it has completed a $10 million round of funding led by TenEleven Ventures.
The round was completed with strong support from new investor Rally Ventures and existing backers YL Ventures and a strategic venture firm. 
Twistlock also announced that Alex Doll, founder of TenEleven Ventures, has joined its board of directors.
Alex is a long-time security industry veteran who cofounded PGP Corporation and currently is an investor in and director of several high-growth cybersecurity companies, including CounterTack, Cylance and Ping Identity.
Link: http://finance.yahoo.com/news/twistlock-secures-10-million-series-113000696.html



Ixia Combines Visibility and Test Technology to Speed Network Fault Isolation and Outage Resolution 
Ixia, a leading provider of network testing, visibility, and security solutions, today announced TrafficREWIND™, a new solution that captures traffic patterns from a production network and accurately recreates them in a controlled sand-box environment.
TrafficREWIND, based on new patent pending technology, enables enterprises, service providers, and network equipment manufacturers to dramatically speed fault isolation and outage resolution with real world testing.
Ixia is planning a demonstration of TrafficREWIND at Cisco Live (Booth #3019) in Las Vegas 2016, July 10th – 14th. 
TrafficREWIND leverages the advanced functionality of several of the company’s solutions, including the Vision ONE™ network visibility solution to capture production network traffic profiles, the BreakingPoint™ testing platform to replay the traffic in a controlled environment such as a pre-deployment lab or a staged network, as well as Ixia’s Application and Threat Intelligence (ATI) technology for advanced threat intelligence. 
Ixia’s BreakingPoint validates the stability, accuracy, and quality of networks and network devices.
Adding TrafficREWIND enables customers to review past production traffic conditions and replay them, plan for the future by scaling or changing traffic dynamics, and freeze time to examine a specific incident at the exact moment it happened, for rapid fault analysis.
Link: http://finance.yahoo.com/news/ixia-combines-visibility-test-technology-173700737.html



Report: Here's Who FireEye Could Be Eyeing For An Acquisition 
After making two acquisitions earlier this year, a report by financial services company The Cowen Group speculated that FireEye could be on the acquisition trail again.
- Bromium
- ForeScout Technologies  
- Cato Networks
- Securonix
Cowen report aside, rumors have again emerged that FireEye could be the target of a buyout bid itself.
Link: http://www.crn.com/slide-shows/security/300081243/report-heres-who-fireeye-could-be-eyeing-for-an-acquisition.htm/pgno/0/1



Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio 
LONDON—(BUSINESS WIRE)—Technavio analysts forecast the global security intelligence and analytics solutions market to grow at a CAGR of over 10% during the forecast period, according to their latest report. 
The research study covers the present scenario and growth prospects of the global security intelligence and analytics solutions market for 2016-2020.
The report also lists security intelligence and security analytics as the two main product segments, with security intelligence accounting for more than 71% of the market share. 
Most internet service providers have a distributed architecture hence, a security solution at the network level cannot limit the threat of attacks.
Most attacks on systems originate from the web.
For consumers, most threats are sourced from web interactions and peer-to-peer usage.
As these threats target specific systems, they are difficult to detect and prevent at the network level.
Therefore, end-users are increasingly adopting security intelligence and analytics solutions at a rapid pace, as these solutions help in detecting and eliminating the threats. 
According to Amrita Choudhury, a lead analyst at Technavio for IT security research, “Security breaches pose the threat of loss of end-user data and will lead potential customers away from the company as well as erode the brand image and equity of the company.
Thus, investments in threat intelligence security have considerably increased due to increased need for enterprises to preserve their reputation and brand image.” 
The complexity of threats directed toward end-users is increasing.
For instance, threats such as advanced persistent threats are on the rise.
Unlike the traditional threats that were individual in nature and were targeted at a single system, these threats are targeted at a whole setup.
Furthermore, they have the capability to bring down the infrastructure of a whole entity.
Hence, to counter these attacks, which are increasing in both frequency and complexity, end-users are adopting security analytics solutions at a rapid pace. 
Growing use of mobile devices such as laptops, smartphones, and other handheld devices is contributing to the growth of the market.
The increased use of mobile devices leads to the storage of critical information and easy access to this information.
This increases the need to protect these devices.
Link: http://www.businesswire.com/news/home/20160705005292/en/Increased-Complexity-Attacks-Create-Opportunities-Global-Security



Worldwide cloud IT infrastructure revenue grows to $6.6 billion 
Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew by 3.9% year over year to $6.6 billion in the first quarter of 2016 (1Q16) on slowed demand from the hyperscale public cloud sector, according to the IDC. 
Total cloud IT infrastructure revenues climbed to a 32.3% share of overall IT revenues in 1Q16, up from 30.2% a year ago.
Revenue from infrastructure sales to private cloud grew by 6.8% to $2.8 billion, and to public cloud by 1.9% to $3.9 billion. 
Total cloud IT infrastructure revenues climbed to a 32.3% share of overall IT revenues in 1Q16, up from 30.2% a year ago.
Revenue from infrastructure sales to private cloud grew by 6.8% to $2.8 billion, and to public cloud by 1.9% to $3.9 billion.
Link: https://www.helpnetsecurity.com/2016/07/07/worldwide-cloud-it-infrastructure/



Fusion Wins $1.3 Million Contract to Provide Cloud Services to Leading Cybersecurity Company 
NEW YORK, NY—(Marketwired - July 07, 2016) - Fusion (FSNN), a leading provider of cloud services, today announced that it has been selected to provide a fully integrated suite of advanced cloud solutions to an award-winning cybersecurity company.
The company, well recognized for its innovative cybersecurity solutions, has specialized in advanced threat detection, analysis and remediation for more than twenty years.
The cybersecurity leader cited Fusion's fully redundant and diverse cloud network, its secure data centers, and its built-in business continuity and disaster recovery solutions as primary reasons for awarding Fusion the contract, which has a minimum three year term.
The contract is expected to generate more than $1.3 million in cloud-based services revenue. 
In addition to selecting Fusion for its cloud voice services, dedicated Internet access and a powerful managed cloud network solution connecting three of the company's sites, the cybersecurity company trusted Fusion to provide a secure Data Center Service solution, which houses the company's cloud applications, servers and additional business-critical equipment in a fully certified data center.
Further, the cybersecurity company wanted to maintain control over its service environment and was impressed with Fusion's powerful management portals, including a voice portal that allows the company to distribute its calls across multiple sites, lowering costs while guaranteeing that communications can continue to flow during peak periods or unforeseen service interruptions.
The company was looking for a single source cloud solutions provider and found it in Fusion, ensuring that service delivery is seamlessly and securely delivered through one contract and managed through one experienced point of contact.
Link: http://finance.yahoo.com/news/fusion-wins-1-3-million-124625349.html



Antivirus merger: Avast to buy AVG for $1.3 billion 
The deal will give Avast access to more than 400 million "endpoints," or devices running its and AVG's software, 160 million of them phones or tablets, the company said Thursday. 
Avast hopes the deal will make the combined company more efficient, as well as allowing it to take advantage of new growth opportunities such as securing the internet of things.
Link: http://www.computerworld.com/article/3092501/security/antivirus-merger-avast-to-buy-avg-for-13-billion.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-07&idg_eid=d5d8326c323742a4ed7bf4fd3d



Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out 
Stuart McClure, goateed and soft-spoken, is confident and calm as he recites a well-rehearsed pitch on how his company, Cylance, is using artificial intelligence to shake up the antivirus industry. “We block 99.9% of the attacks out there,” he says, sounding like he’s selling a bottle of Purell. “Response to our product has been so overwhelming that we’re almost compelled to accelerate expansion so everyone can get their hands on it.” 
McClure has a lot to be confident about: In June his nearly four-year-old, 420-employee company was valued at $1 billion after raising a $100 million Series D round from Blackstone Tactical Opportunities and Insight Venture Partners.
But mention the name George Kurtz, his former partner and the current CEO of rival unicorn CrowdStrike, and the even-keeled 47-year-old security entrepreneur loses his cool. “George is a major competitor, and he’ll say anything to stop you from writing a story like this,” McClure says in a burst. “We’re beating him constantly in the market because he doesn’t do anything around prevention–they only do detection, and they don’t do it all that well.” 
McClure and Kurtz – once pals, partners and bestselling coauthors – are now fierce competitors. 
The race is on for Cylance and CrowdStrike - as well as other richly-valued security startups like FireEye and Palo Alto Networks – to convince corporate clients that their software will keep out the criminals in the cheapest and most efficient way possible. 
Cylance acts like a border guard, blocking shady actors before they enter the network. 
CrowdStrike, meanwhile, is a digital cop, patrolling networks for suspicious behavior. 
As for their bestselling book, Hacking Exposed, McClure says Kurtz’s name should never have been on it: “He wrote one chapter, but he makes it sound like it’s his book.
I gave him the book cover because I’m a nice guy.” Kurtz responded: “The claim that I wrote one chapter is not true.
I spent six months writing almost a third of the book.”
Link: http://www.forbes.com/sites/thomasbrewster/2016/07/06/duelling-unicorns-crowdstrike-vs-cylance-in-brutal-battle-to-knock-hackers-out/#16c05c4f1211



Cyphort Strengthens Management Team with Two New Executive Hires 
SANTA CLARA, Calif.—(BUSINESS WIRE)—Cyphort, the next generation Advanced Persistent Threat (APT) defense company, today announced it has hired Gord Boyce as Chief Customer Officer and Franklyn Jones as Vice President of Marketing.
Both Boyce and Jones offer decades of experience with technology leadership and will have oversight of the strategic direction and operation of their respective sales and marketing teams.
Boyce and Jones will report to Manoj Leelanivas, president and CEO. 
A high-tech veteran, Gord Boyce brings nearly 25 years of industry experience to Cyphort.
Prior to Cyphort, Boyce was CEO of file security company FinalCode, and CEO of network security and continuous monitoring company ForeScout Technologies.
He joined ForeScout as SVP of Worldwide Sales and Marketing, helping the company to expand its global channel, strategic partner base and market share.
Under his tenure, the company’s enterprise customer base increased from 200 to well over 1500 globally, including some of the world’s largest financial and military organizations.
Prior to ForeScout, Boyce held several senior management positions within the Nokia Internet Communications group and the Enterprise Solutions business group.
As the Chief Customer Officer for Cyphort, Boyce will be responsible for leading worldwide sales and driving customer engagement programs. 
Franklyn Jones has provided marketing leadership for innovative start-ups and established market leaders for more than 25 years.
His experience in cybersecurity includes CMO of Spikes Security, VP of Marketing at Bromium and nearly five years at Palo Alto Networks, which included helping launch and lead the company’s revenue growth in EMEA.
Jones also ran Solutions Marketing at Blue Coat Systems, helping the company accelerate its revenue growth and expand its leadership in the secure web gateway market.
In his role as Vice President of Marketing at Cyphort, Jones will be responsible for all aspects of corporate, product, and channel marketing, with a goal of accelerating Cyphort’s growth in the market.
Link: http://www.businesswire.com/news/home/20160707005166/en/Cyphort-Strengthens-Management-Team-Executive-Hires



Palo Alto offers $16,000 in looming CTF hack off 
In eight days, Palo Alto is launching a capture the flag competition offering a total of US$16000 (£12340, A$21,245) for the first to complete the six trials. 
The first to solve all six challenges will receive US$5000 (£3866, A$6640), and can score six lots of US$1000 (£773, A$1328) if they are also the first to complete each individual track.
Each track in the CTF dubbed LabyREnth will test competitor's abilities in disciplines including reverse engineering, programming, and threat intelligence. 
The tracks, designed by Palo Alto's @Unit42's Richard Wartell (@wartortell) will become increasingly difficult over time.
Link: http://www.theregister.co.uk/2016/07/07/palo_alto_offers_16000_in_looming_ctf_hack_off/

Incident Response Newsalert - 2016-07-07

Table of Contents

  Breach Secure Now!’s New Breach Prevention Platform Provides MSPs with Tools to Minimize the Chance of Client Data Breaches
  Data Breach Digest: Breach trends that will define incident response
  Risk analytics market to experience serious growth
  Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
  Corax Selects Splice Machine’s Dual-Engine RDBMS to Deliver Faster, Real-Time Cyber Security Analytics to its Customers
  Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio

Breach Secure Now!’s New Breach Prevention Platform Provides MSPs with Tools to Minimize the Chance of Client Data Breaches
Breach Secure Now! has released its highly anticipated Breach Prevention Platform, a suite of security tools to help MSPs reduce the likelihood of their clients having a data breach.
MSPs can add these breach prevention tools to their portfolio of IT services, and offer them to clients under their own label.
Breach Prevention Platform sits behind the MSP’s branded security portal and lets clients access a variety of tools, from automated security risk assessments (SRA) and simulated phishing attacks to security policies and ongoing employee security training.
A new addition to the Breach Prevention Platform is the variety of employee security training tools, since the majority of breaches happen due to human error.
The security training starts with an overview of security threats, such as phishing scams, ransomware, social media hoaxes, hackable wifi, etc., and the information is bolstered with ongoing lessons aimed at reinforcing the initial material.
As an option, MSPs can add $100,000 of financial protection and breach response services to the Breach Prevention Platform.
These value-added services can provide the critical help their clients will need to survive and recover if a breach does occur.
The breach response services supplement the services MSPs already provide to their clients.
Unlike the MSP’s typical security offerings of firewalls, anti-virus and security patches that are invisible to clients, Breach Prevention Platform is customer-facing and interactive.
Link: http://www.pressreleaserocket.net/breach-secure-nows-new-breach-prevention-platform-provides-msps-with-tools-to-minimize-the-chance-of-client-data-breaches/467332/

Data Breach Digest: Breach trends that will define incident response
Along with being a great way to make sense of the major security news we see every day, a key part of effective breach response is being able to anticipate the emerging threats and effectively integrate them into the incident response process.
The following reviews a few of our 2015 predictions to see how they fared and some fresh threats for businesses to consider:
EMV Chip and PIN Liability Shift Will Not Stop Payment Breaches
The Healthcare Industry Will Face New Attacks and Stay in the Crosshairs
Cyber Conflicts Between Countries Will Leave Consumers and Businesses as Collateral Damage
The first half of 2016 has also presented several threats that companies must be on the lookout to address:
Phishing for Data (Not Malware)
Username and Password Hacks Are Back in Style
Corporate Extortion
Link: http://www.securityinfowatch.com/article/12228883/data-breach-digest-breach-trends-that-will-define-incident-response

Risk analytics market to experience serious growth
The risk analytics market is estimated to grow from USD 16.55 billion in 2016 to USD 30.18 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 12.8%, according to MarketsandMarkets.
The major vendors in the Risk Analytics Market include IBM, SAP, SAS Institute, Oracle, FIS Global, and Verisk Analytics, along with others.
The GRC software is expected to dominate the market from 2016 to 2021.
This is due to the fact that this software empowers organizations with the ability to identify, manage, monitor, and analyze risk and compliance across the enterprise in a single integrated solution.
Scorecard and visualization tools software is expected to gain traction in the next five years as it enables representation of multi-dimensional data to enhance the quality of analysis and insight by facilitating rapid and accurate observations.
The manufacturing segment is expected to grow at a rapid rate from 2016 to 2021 in the Risk Analytics Market.
The high growth rate can be attributed to the rapidly changing customer expectations, fierce market competition, and stringent regulatory constraints faced by the manufacturing industries.
North America is expected to have the largest market share and dominate the Risk Analytics Market from 2016 to 2021, due to increasing adoption of risk analytics software and services by organizations in order to safeguard their businesses from losses and also because of the stern non-compliance measures adopted by the government and various regulatory bodies in this region.
APAC offers potential growth opportunities due to the rise in technology penetration and presence of large number of SMEs which are under tremendous competitive pressure from large enterprises.
Link: https://www.helpnetsecurity.com/2016/07/06/risk-analytics-market/

Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
Congratulations, you’re the new CISO.
Whether you have served in the role previously or it’s new to you, you’ll be asked to observe your new organization, to develop a 100-day plan, to evaluate people, processes, and technology, and of course you’ll need to tell the CEO where you would attack the organization and how you will protect against that.
It’s a daunting and exciting task to be the new CISO.
Your SOC became sick for several reasons.

The technology you have is antiquated and completely signature-based, best suited for static threats, not advanced threats.
While signature-based solutions have a role, it’s a secondary protection role.
The organization failed to keep up with technology and the evolving threat.
For years, the organization has relied on incremental funding.
This budget strategy has a typical result; a disparate mix of capabilities purchased individually as security silos without consideration for how the capabilities will work together.
The tools don’t work together.
It’s an integration nightmare!
Your goal now is to bring it back to a healthy state.
Here are five strategies to overcome SOC-atrophy.
- Research to understand all SOC investments.
- Perform a SOC-focused assessment.
- Study the threat landscape.
- Resist the urge to fund your tools piecemeal.
- Encourage cross-organizational collaboration.
Link: http://www.darkreading.com/threat-intelligence/diagnosis-soc-atrophy-what-to-do-when-your-security-operation-center-gets-sick/a/d-id/1326118

Corax Selects Splice Machine’s Dual-Engine RDBMS to Deliver Faster, Real-Time Cyber Security Analytics to its Customers
SAN FRANCISCO, July 6, 2016 /PRNewswire/—Splice Machine, the dual-engine RDBMS for mixed operational and analytical workloads, powered by Hadoop and Spark, today announced that Corax, a startup company that provides cloud-based cyber security operations, analysis and reporting software, has selected Splice Machine to manage its risk quantification calculations, store large datasets and meet future scalability requirements.
Leveraging machine learning and a streamlined user interface, Corax will be able to provide faster, meaningful recommendations to its customers about cyber security actions, investment and insurance, helping them make decisions that prevent cyber crime and data loss.
Splice Machine is a dual-engine RDBMS for mixed operational and analytical workloads, powered by Hadoop and Spark.
Instead of having to synchronize data across multiple compute engines like a traditional Lambda architecture, Corax is able to rely on a less complex architecture with a dual-engine RDBMS, enabling its analytical systems to propagate threat data in real-time, while simultaneously performing compute-heavy analytics jobs – all from one data source.
Link: http://finance.yahoo.com/news/corax-selects-splice-machines-dual-120000362.html

Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio
LONDON—(BUSINESS WIRE)—Technavio analysts forecast the global security intelligence and analytics solutions market to grow at a CAGR of over 10% during the forecast period, according to their latest report.
The research study covers the present scenario and growth prospects of the global security intelligence and analytics solutions market for 2016-2020.
The report also lists security intelligence and security analytics as the two main product segments, with security intelligence accounting for more than 71% of the market share.
Most internet service providers have a distributed architecture hence, a security solution at the network level cannot limit the threat of attacks.
Most attacks on systems originate from the web.
For consumers, most threats are sourced from web interactions and peer-to-peer usage.
As these threats target specific systems, they are difficult to detect and prevent at the network level.
Therefore, end-users are increasingly adopting security intelligence and analytics solutions at a rapid pace, as these solutions help in detecting and eliminating the threats.
According to Amrita Choudhury, a lead analyst at Technavio for IT security research, “Security breaches pose the threat of loss of end-user data and will lead potential customers away from the company as well as erode the brand image and equity of the company.
Thus, investments in threat intelligence security have considerably increased due to increased need for enterprises to preserve their reputation and brand image.”
The complexity of threats directed toward end-users is increasing.
For instance, threats such as advanced persistent threats are on the rise.
Unlike the traditional threats that were individual in nature and were targeted at a single system, these threats are targeted at a whole setup.
Furthermore, they have the capability to bring down the infrastructure of a whole entity.
Hence, to counter these attacks, which are increasing in both frequency and complexity, end-users are adopting security analytics solutions at a rapid pace.
Growing use of mobile devices such as laptops, smartphones, and other handheld devices is contributing to the growth of the market.
The increased use of mobile devices leads to the storage of critical information and easy access to this information.
This increases the need to protect these devices.
Link: http://www.businesswire.com/news/home/20160705005292/en/Increased-Complexity-Attacks-Create-Opportunities-Global-Security