Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Sunday, October 27, 2019

Incident Response Newsalert - 27-Oct-2019

  • OWASP Top 10 Vulnerabilities List — You’re Probably Using It Wrong 
  • CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites 
  • 4 steps to RPA success 
  • JSON tools you don’t want to miss 
  • Slack rolls out new Salesforce integrations, launches Workflow Builder 
  • Windows 10 security: Microsoft reveals ‘Secured-core’ to block firmware attacks 
  • STEALTHY TOOL DETECTS MALWARE IN JAVASCRIPT 
  • ACSC warns of Windows malware Emotet spreading in Australia Featured 
  • Microsoft Office Bug Remains Top Malware Delivery Vector 
  • Cisco Networking Trends Report: ‘Intent-Based Networking Is Coming’ 
  • Nasty PHP7 remote code execution bug exploited in the wild 
  • Huawei: Banned and Permitted In Which Countries? List and FAQ 
  • Heed 5 security operations center best practices before outsourcing 
  • SOC Operations: 6 Vital Lessons & Pitfalls 
  • The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period 
  • Secureworks Welcomes Steve Hardy as Chief Marketing Officer 
  • The Secret To 5G Security? Turn The Network Into A Sensor 
  • inSOC Unveils Start-Up SOC Service for MSPs 
  • CYFIRMA Announces Its Separation From Antuit Group and Consolidates Its Intelligence Driven Product Offering 
  • Delta Risk’s New ActiveEye 2.0 Reduces 95 Percent of False Positives to Find and Resolve Cyber Threats Faster 
  • Managing Non-Security Incidents with Security Tools and Policies 
  • ALTR Hires Cylance Veteran Brian Stoner for Data Security Partner Push 
  • Beachhead Solutions Adds Encryption-as-a-Service for MSPs 
  • Trial Before the Fire: How to Test Your Incident Response Plan to Ensure Consistency and Repeatability 
  • Splunk’s Mission Control sends security operations center into new orbit 
  • Recorded Future Teams Up With ServiceNow on Integrated Security Intelligence Offering for Reducing Organizational Risk 
  • Nuspire upgrades its Managed Endpoint service that leverages SentinelOne’s endpoint technology 
  • Splunk enhances its Security Operations Suite to modernize and unify the SOC 
  • AttackIQ and The Chertoff Group help enterprise customers build and sustain security programs 
  • Kaspersky Allows Privileged Access to Curated Features of its Threat Intelligence Portal 

 

https://content.cdntwrk.com/files/aHViPTcyNTE0JmNtZD1mYXZpY29uJnZlcnNpb249MTU3MDM0MDM4NyZleHQ9cG5nJnNpemU9MTk1JnNpZz1hOTExYTZiMzQ2M2MxYzkzNGQxMDgxZDkyOTZlODg2MQ%253D%253D/favicon.png OWASP Top 10 Vulnerabilities List — You’re Probably Using It Wrong
Gabriel Avner 
White Source 
Gabriel AvnerFirst issued in 2004 by the Open Web Application Security Project, the now-famous OWASP Top 10 Vulnerabilities list (included at the bottom of the article) is probably the closest that the development community has ever come to a set of commandments on how to keep their products secure.
Unfortunately, as the OWASP Top 10 Vulnerabilities list has reached a wider audience, its real intentions as a guide have been misinterpreted, hurting developers instead of helping.
So how should we understand the purpose of this list and actually encourage developers to code more securely?   
In a recent interview, OWASP’s chairman Martin Knobloch voiced his disappointment at the list being used as a sort of checklist for a final run through before a release, serving more as a validation mechanism than a guide.
The OWASP Top 10 is not set up to resolve every attack in the book, but to help teams avoid the common mistakes which are far more likely to get their applications breached.
A determined attacker can find many avenues to breach their target.
However, the smart risk management advisories do not focus on the minority of cases but instead seek to address the issues facing the widest audience.
Security teams that do not engage with their developers, making the effort to understand how they can empower them to have security be an inherent element of their workflow, will quickly find themselves sidelined.
If you want to stay relevant, become an enabler, and use the OWASP Top 10 list as a way to start conversations, not to threaten.
In the end, you might find that you catch more (O)WASPS with honey than vinegar.
Link: https://resources.whitesourcesoftware.com/blog-whitesource/owasp-top-10-vulnerabilities?utm_medium=email&utm_source=topic%20optin&utm_campaign=awareness&utm_content=20191026%20prog%20nl&mkt_tok=eyJpIj

https://zdnet4.cbsistatic.com/hub/i/r/2019/10/23/e8d3d064-ab1d-48c7-95d3-5f296f7a4bb8/thumbnail/770x578/a8ff7400e9da118e4584db01b04059d7/cpdos.png CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites
Catalin Cimpanu 
ZD Net 
Two academics from the Technical University of Cologne (TH Koln) have disclosed this week a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites.
The new attack has been named CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been deemed practical in the real world (unlike most other web cache attacks).
According to the research team, three variants of the CPDoS attack exist, depending on how attackers decide to structure the malformed header.
The names are self-explanatory, with using oversized header fields, meta characters that trigger errors, or instructions that override normal server responses.
Mitigations against CPDoS attacks, fortunately, exist.
The simplest solution is that website owners configure their CDN service to not cache HTTP error pages by default.
Link: https://www.zdnet.com/article/cpdos-attack-can-poison-cdns-to-deliver-error-pages-instead-of-legitimate-sites/

https://alt.idgesg.net/images/furniture/insiderpro/favicon_package/IP-favicon-144x144.png 4 steps to RPA success
Eth Stackpole 
insider Pro 
Amidst the hype and promise of artificial intelligence (AI) and machine learning (ML), their less-familiar counterpart, RPA, is starting to gain traction, especially among banks, insurance companies, telecommunications firms and utilities.
The technology employs AI and ML to handle rules-driven, high-volume and repeatable business tasks such as queries, calculations and copying and pasting data across systems without any coding requirement.
According to Gartner, RPA software revenue spiked 63.1 percent in 2018 to $846 million with projections calling for $1.3 billion in sales this year.
By the end of 2022, Gartner expects 85 percent of large and very large organizations will have deployed some form of RPA, fueling a $2.4 billion market.
While initial RPA use cases are aimed at automating back-office functions such as reconciliations and accounts receivable and payables, experts in the field say it’s only a matter of time before RPA is deployed to automate middle office and front-office activities, including customer call centers where there is a lot of behind-the-scenes manual work to share data between multiple systems.
As companies move beyond limited RPA pilots to full-blown implementations, there are four practices to keep in mind to ensure things stay on track:
1) Don’t rush to automate
2) Governance is key, but don’t let it grind things to a halt
3) Align business and IT
4) Embrace change management
Link: https://www.idginsiderpro.com/article/3446657/4-steps-to-rpa-success.html?utm_source=Adestra&utm_medium=email&utm_content=Title%3A%204%20steps%20to%20RPA%20success&utm_campaign=CIO%20Daily&utm_term=Ed

http://blank.ico/ JSON tools you don’t want to miss
Paul Krill 
infoworld, from IDG 

  • JSONLint
  • JSONCompare
  • jtc  
  • ijson
  • JSON Formatter and Validator
  • Altova XMLSpy JSON and XML Editor
  • Code Beautify JSON Tools
  • Visual Studio Code
  • Eclipse JSON Editor Plugin

Link: https://www.infoworld.com/article/3446216/json-tools-you-dont-want-to-miss.html?utm_source=Adestra&utm_medium=email&utm_content=Title%3A%20JSON%20tools%20you%20don’t%20want%20to%20miss&utm_campaign=ID

https://idge.staticworld.net/ctw/computerworld-logo300x300.png Slack rolls out new Salesforce integrations, launches Workflow Builder
Matthew Finnegan 
Computerworld 
Slack has added new integrations with Salesforce’s customer relationship management (CRM) and customer service apps, part of its ongoing push to bolster connections with other “best of breed” cloud apps.
Slack now lets users search and preview Salesforce Sales Cloud and Service Cloud records such as accounts and opportunities in app by using a slash command to pull up details.  
Other features include the ability to send Salesforce records relating to an account or case directly to an individual Slack user or a channel, such as #customer-support, for instance.
In addition, sales and service reps using Salesforce will be able to see Slack conversations related to a Salesforce record.
Also this week, Slack announced that its Workflow Builder tool is now generally available.
The feature lets all users automate routine processes; they can, for instance, create messages sent to new members of a channel, set up their own automations or select a pre-built template from Slack.
Link: https://www.computerworld.com/article/3446881/slack-rolls-out-new-salesforce-integrations-launches-workflow-builder.html?utm_source=Adestra&utm_medium=email&utm_content=Title%3A%20Slack%20rolls%20out%

https://zdnet2.cbsistatic.com/hub/i/r/2019/10/21/394cfc4f-78ce-42df-b929-e357f673cf65/thumbnail/770x578/b51162ce37ec28b88c05a18e52691cca/programmeristock-912501574.jpg Windows 10 security: Microsoft reveals ‘Secured-core’ to block firmware attacks
Liam Tung 
ZD Net 
The new layer of security is for high-end PCs and the first Windows 10 ‘Secured-core’ PC is the Arm-powered Surface Pro X.
At its heart, the new firmware protection comes from a Windows Defender feature called System Guard.
That feature is intended to protect Windows 10 PCs from new attacks used by the likes of state-sponsored hacking group APT28 or Fancy Bear, which was caught late last year using a novel Unified Extensible Firmware Interface (UEFI) rootkit to target Windows PCs.   
“It’s pretty similar to what other manufacturers might be doing with a specific security chip, but we are doing this across all different manners of CPU architectures and OEMs, so we can bring this to a much broader audience, and they can select the form factor or product that matches them but with the same security guarantees as if Microsoft created it.” 
Microsoft already has Secure Boot.
However, that feature assumes the firmware is trusted to verify bootloaders, meaning attackers can exploit trusted firmware.
APT28’s rootkit was not properly signed, which meant Windows PCs with Windows Secure Boot enabled were not vulnerable because the system only permits signed firmware to load.
Link: https://www.zdnet.com/article/windows-10-security-microsoft-reveals-secured-core-to-block-firmware-attacks/

https://www.futurity.org/wp/wp-content/uploads/2018/08/futurity_ico.png STEALTHY TOOL DETECTS MALWARE IN JAVASCRIPT
Matt Shipman 
Futurity 
A new open-source tool called VisibleV8 allows users to track and record the behavior of JavaScript programs without alerting the websites that run those programs.
The tool runs in the Chrome browser and is designed to detect malicious programs that are capable of evading existing malware detection systems.
VisibleV8 saves all of the data on how a site is using JavaScript, creating a “behavior profile” for the site.
Researchers can then use that profile, and all of the supporting data, to identify both malicious websites and the various ways that JavaScript can compromise web browsers and user information.
You can download VisibleV8 from Kapravelos’ site.
Link: https://www.futurity.org/malware-in-javascript-visiblev8-2190792/

https://cdn0.tnwcdn.com/wp-content/themes/cyberdelia/assets/icons/favicon-194x194.png?v=1571995373 ACSC warns of Windows malware Emotet spreading in Australia Featured
Sam Varghese 
IT Wire 
An infection of Windows systems by the Emotet malware was the precursor to the recent ransomware attack on Victorian hospitals, the Australian Cyber Security Centre says, as part of a warning that Emotet, which has been around since 2014, is being spread in Australia by malicious emails.
The ACSC named the ransomware as being Ryuk.
According to the Israeli firm Check Point, Ryuk is used only for tailored attacks.
In a statement, the ACSC said it had received numerous reports of confirmed Emotet infections from different industries, including critical infrastructure providers and government agencies.
The ACSC has asked anyone who requires assistance to contact .(JavaScript must be enabled to view this email address).
Link: https://www.itwire.com/security/acsc-warns-of-windows-malware-emotet-spreading-in-australia.html

https://www.darkreading.com/default.asp Microsoft Office Bug Remains Top Malware Delivery Vector
Kelly Sheridan 
Dark Reading 
CVE-2017-11882 has been attackers’ favorite malware delivery mechanism throughout the second and third quarters of 2019.

The third quarter of 2019 brought the rise of keylogger Agent Tesla, the decline of phishing-delivered ransomware-as-a-service (RaaS), and attackers’ continued preference for exploiting the CVE-2017-11882 Microsoft Office vulnerablity to deliver phishing campaigns.
Throughout the second and third quarters, researchers saw little change in the significant delivery mechanisms used to spread malware.
The most common method, as seen in more than 600 incidents, is Microsoft Office vulnerability CVE-2017-11882, which remains a “prolific technique” for attackers to spread malware through phishing attacks, researchers report.
Following CVE-2017-11882, the other two most common delivery mechanisms were Office macros and Windows Script Component (WSC) downloaders.
Attackers’ consistent use of the same delivery mechanisms could change as the holidays approach and Emotet reemerges, driving innovation among cybercriminals who may start using new variants and tactics.
Another notable trend third quarter was the drop in RaaS, which has decreased as attackers swap large-scale campaigns for narrowly focused ones.
GandCrab was taken offline; Sodinokibi, the ransomware that shares some of its code base, has seen a low rate of dissemination.
Targeted attacks let cybercriminals keep a lower profile and benefit from a higher return ratio.
Link: https://www.darkreading.com/operations/microsoft-office-bug-remains-top-malware-delivery-vector/d/d-id/1336182

https://www.sdxcentral.com/wp-content/themes/genesis-sdx/build/images/favicon-192.png Cisco Networking Trends Report: ‘Intent-Based Networking Is Coming’
Sydney Sawaya 
sdX Central 
Winter is coming, and according to Cisco’s 2020 Global Networking Trends Report, so is intent-based networking (IBN).
Cisco conducted a web-based survey of 505 IT leaders and 1,566 network strategists across 13 countries about the current state of their networks, their network aspirations over the next two years, and their network operational and talent readiness. 
The survey found maximizing business value to be IT’s No. 1 priority with 40% of respondents naming it their top concern.
But seeing the top of the mountain is one thing, and getting up there is another.
In order to maximize business value, IT teams will require greater insight into data along with the right tools.
Still, Cisco’s findings suggest IBN will be the next “IT girl” of networking in the coming years — essentially the second phase of SDN.
Some 41% of those surveyed claim to have at least one instance of SDN in at least one of their network domains.
SDN has given network operators a way to design, build, and operate their networks through a centralized view. 
However, only 28% of respondents indicated having reached SDN or IBN on Cisco’s Digital Network Readiness Model, yet 78% expect to their networks to move beyond SDN or IBN within the next two years.
Likewise, only 4% indicated that their currently deployed networks are intent-based, and 35% plan to be within two years.
Link: https://www.sdxcentral.com/articles/news/cisco-networking-trends-report-intent-based-networking-is-coming/2019/10/

https://zdnet4.cbsistatic.com/hub/i/r/2018/10/14/8cb090a5-da9d-47c8-b769-e1a9692a5c62/thumbnail/770x578/849c80cda3b52bf3fbbaec0c39f0c8db/php.png Nasty PHP7 remote code execution bug exploited in the wild
Catalin Cimpanu 
ZD Net 
Exploiting the bug is trivial, and public proof-of-concept exploit code has been published on GitHub earlier this week.
“The PoC script included in the GitHub repository can query a target web server to identify whether or not it is vulnerable by sending specially crafted requests,” says Satnam Narang, Senior Security Response Manager at Tenable. “Once a vulnerable target has been identified, attackers can send specially crafted requests by appending ‘?a=’ in the URL to a vulnerable web server.”
Fortunately, not all PHP-capable web servers are impacted.
Only NGINX servers with PHP-FPM enabled are vulnerable.
PHP-FPM, or FastCGI Process Manager, is an alternative PHP FastCGI implementation with some additional features.
This blog post from Wallarm, the company that found the PHP7 RCE, includes instructions on how webmasters can use the standard mod_security firewall utility to block %0a (newline) bytes in website URLs, and prevent any incoming attacks.
Due to the availability of public PoC code and the simplicity of exploiting this bug, website owners are advised to check server settings and update PHP as soon as possible if they run the vulnerable configuration.
Link: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

https://www.channele2e.com/wp-content/uploads/2018/12/huawei.jpg Huawei: Banned and Permitted In Which Countries? List and FAQ
Joe Panettieri 
CHANNEL e2e 
Here’s an FAQ explaining the Huawei controversy, along with a list of countries, organizations and technology companies, and their current business status with the China-based technology giant.
Link: https://www.channele2e.com/business/enterprise/huawei-banned-in-which-countries/?utm_medium=email&utm_source=sendpress&utm_campaign

https://searchsecurity.techtarget.com/apple-touch-icon-144x144-precomposed.png Heed 5 security operations center best practices before outsourcing
Johna Till Johnson 
Tech Target - Security 
Research showed highly successful cybersecurity organizations, as measured by mean total time to contain, are 52% more likely to have deployed an SOC than their less successful peers.  
In fact, merely deploying a SOC can improve an organization’s mean time to contain a breach by almost half.  
But, as always, the devil is in the details in terms of assessing security operations center best practices: Should cybersecurity pros outsource the SOC function or develop one in-house.
And, if they outsource, what should the selection criteria be?
First is the operational model: Is the SOC provider primarily focused on event notification, or does it work in a team extension mode and proactively take steps to respond to events?  
Second is the SOC run book itself.
Regardless of who executes it—the internal team or the SOC provider—how is the run book developed.
Does the SOC provider have a standardized run book that can be customized to each client, or should the client plan to develop it?  
The third step to ensure security operations center best practices is to examine the portfolio of services the SOC provider offers.  
Fourth is the set of tools and technologies the SOC provider relies on.  
Finally, as counterintuitive as it sounds, there’s the question of how the relationship will be terminated.
Link: https://searchsecurity.techtarget.com/tip/Heed-5-security-operations-center-best-practices-before-outsourcing

https://www.darkreading.com/default.asp SOC Operations: 6 Vital Lessons & Pitfalls
Todd Thiemann 
Dark Reading 
Lesson #1: Locate and Retain High-Quality SOC Talent
Lesson #2: Improve Your SOC Incrementally
Lesson #3: Coordinate SOC and Network Operations
Lesson #4: Realistic Goals
Lesson #5: Staffing Delusions
Lesson #6: The “AI Cure-All” Fallacy
Link: https://www.darkreading.com/operations/soc-operations-6-vital-lessons-and-pitfalls-/a/d-id/1336076

https://www.darkreading.com/default.asp The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period
Cision PR Newswire 
NEW YORK, Oct. 21, 2019 /PRNewswire/— The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period.
Market growth is influenced by factors like growing cyber-attacks, absence of staff availability, strict laws and compliance, absence of centralized views on threats, and a large amount of false alerts that contribute significantly to the SOAR ecosystem.
Market players are taking step-by-step approaches to leverage market possibilities.
Companies focus on innovative market-space competitive strategies.
For instance, in August 2019, Splunk integrated with Deloitte in order to provide automated security monitoring and response capabilities which helps in driving higher fidelity and greater consistency into security workflows and outputs for organizations.
The same month, FireEye launched FireEye® Network Security 8.3 and FireEye Endpoint Security 4.8; are used for enhanced detection and investigation related to advanced attacks.
Similarly, Tufin collaborated with Cisco in order to launch Tufin Orchestration Suite R19-2 for helping the customers to increase the mitigation process to Cisco ACI.
Link: https://www.prnewswire.com/news-releases/the-global-security-orchestration-automation-and-response-soar-market-size-is-expected-to-reach-2-3-billion-by-2025—rising-at-a-market-growth-of-16-3-cagr-dur

https://s.yimg.com/cv/apiv2/default/fp/20180826/icons/favicon_y19_32x32.ico Secureworks Welcomes Steve Hardy as Chief Marketing Officer
Business Wire 
Yahoo - Finance 
Secureworks® (SCWX), a leading global cybersecurity company that protects organizations in a digitally connected world, announced the appointment of Steve Hardy as its new Chief Marketing Officer, effective today.
As CMO, Steve will lead Secureworks’ global marketing strategy, including product marketing, demand generation, corporate communications and field marketing.
He will report directly to Secureworks President and CEO Mike Cote and will be based at the company’s Atlanta headquarters.
Steve most recently served as Vice President, Head of Marketing at PerkinElmer, Inc. where he aligned go-to-market activities with product-focused business units to effect double-digit marketing-sourced revenue growth.
An experienced B2B leader in both global and growth technology firms, he has held marketing leadership roles at Automatic Data Processing (ADP) and at Gartner, Inc., where he led customer-focused strategies that increased awareness, drove revenue, and increased customer retention.
Link: https://finance.yahoo.com/news/secureworks-welcomes-steve-hardy-chief-131400952.html

https://www.africa.com/wp-content/uploads/2019/02/a-favicon.ico The Secret To 5G Security? Turn The Network Into A Sensor
Enrique Vale 
Africa.com 
With 5G, there will be more networks doing more complex things and delivering more kinds of services than we’re used to. “Slicing” will become the norm: virtualization that allows network resources to be shared with third parties, with guaranteed quality of service (QoS) and isolation.
Having end-to-end slices that terminate in private networks will increase the attack surface service providers need to protect: beyond securing the network as a whole, they will have to protect every individual slice, each with its own distinct requirements.
Another change that will require providers to fundamentally shift how they think about security is the nature of the services themselves.
Today’s network services tend not to change once they’ve been designed, and they operate more or less in isolation from each other.
They’re static and siloed.
But sliced-based 5G network services will be incredibly dynamic, responding to evolving conditions in real time.
What does flexible, adaptive, end-to-end security look like in a 5G scenario — and how can service providers build it in from the start?
The first prerequisite is visibility from the device up through the network and into the cloud.  
5G security operations also need to be predictive and automated.  
While firewalls and other defenses will still be important to help stop hackers before they access the network, attacks will inevitably get through.
This is especially true in 5G because the network will not have conventional boundaries: it will be an open ecosystem in which all kinds of unmanaged third-party devices are connected.
he job of security teams in the 5G era will be to limit how and where hackers can attack networks and services.
Link: https://www.africa.com/the-secret-to-5g-security-turn-the-network-into-a-sensor/

https://www.msspalert.com/wp-content/uploads/2019/10/paris-2.jpg inSOC Unveils Start-Up SOC Service for MSPs
Dan Kobialka 
MSSP Alert 
inSOC unveiled Start-Up SOC at this week’s DattoCon Paris conference.
The Start-Up SOC announcement comes after the company unveiled its One Stop SOC turnkey SOC solution at the DattoCon19 conference in San Diego, California earlier this year.
Start-Up SOC allows MSPs and MSSPs to select a subset of One Stop SOC security services, according to inSOC.
In doing so, Start-Up SOC enables MSPs and MSSPs to offer specific security services to small and medium-sized businesses (SMBs) or provide security services as part of existing managed services contracts.
A growing list of technology companies, distributors and service providers offer SOCaaS-type solutions to MSPs and MSSPs.
Here’s a list of SOCaaS options for MSPs and MSSPs.
Link: https://www.msspalert.com/cybersecurity-services-and-products/soc/insoc-start-up-soc-service/?utm_medium=email&utm_source=sendpress&utm_campaign

https://www.businesswire.com/news/home/20191021005906/en/favicon.ico CYFIRMA Announces Its Separation From Antuit Group and Consolidates Its Intelligence Driven Product Offering
Business Wire 
SINGAPORE & TOKYO—(BUSINESS WIRE)—CYFIRMA, a predictive cyber threat visibility and intelligence analytics platform company, backed by Goldman Sachs Merchant Banking Division and Zodius Capital, announces its separation from Antuit Group, receives additional funding towards its growth aspirations.
CYFIRMA helps organisations to keep their cybersecurity posture up-to-date, resilient, and ready against upcoming attacks, through the use of proprietary AI/ML deep technology.
Link: https://www.businesswire.com/news/home/20191021005906/en/CYFIRMA-Announces-Separation-Antuit-Group-Consolidates-Intelligence

https://s.yimg.com/cv/apiv2/default/fp/20180826/icons/favicon_y19_32x32.ico Delta Risk’s New ActiveEye 2.0 Reduces 95 Percent of False Positives to Find and Resolve Cyber Threats Faster
Business Wire 
Yahoo - Finance 
Delta Risk, a leading provider of SOC-as-a-Service and security services, announced the release today of version 2.0 of its cloud-native Security Orchestration and Automation (SOAR) platform, ActiveEye.
With a focus on advanced security automation, the ActiveEye 2.0 platform eliminates more than 95 percent of false positives from thousands of daily security alerts generated by next-generation endpoint detection and response solutions, security information and event management (SIEM) devices and software, cloud applications, and cloud infrastructure.
New ActiveEye 2.0 features include:  

https://www.infosecurity-magazine.com/_common/img/icons/528x528.png Managing Non-Security Incidents with Security Tools and Policies
Matt Petrosky 
Info Security Magazine 
Not every security incident is a disaster, but many can easily become one.
User friendly, auto-fill features can easily send sensitive data unintentionally to the wrong recipients with just a few keystrokes.
Emails mistakenly sent to the wrong person also pose a real danger to corporate information so it is important to manage messages at every step within the email lifecycle. 
This is why comprehensive email security strategies should incorporate tools and processes capable of managing email post-delivery in addition to preventing phishing and social engineering. 
One of the most important metrics in incident response is the time it takes to contain an event.
Pre- and post- message delivery protection is key.
From automated removal to easy bulk remediation, integrated incident response capabilities can speed response times making it easier for security analysts to perform bulk removal on “mistake” emails that have already made it to employee mailboxes.
Link: https://www.infosecurity-magazine.com/opinions/managing-security-incidents-tools/

https://www.msspalert.com/wp-content/uploads/2017/06/talent.jpg ALTR Hires Cylance Veteran Brian Stoner for Data Security Partner Push
Joe Panettieri 
MSSP Alert 
ALTR, which focuses on programmable data security and governance, has hired Cylance veteran Brian Stoner as VP of channels and alliances, MSSP Alert has confirmed.
Link: https://www.msspalert.com/cybersecurity-talent/altr-brian-stoner-interview/?utm_medium=email&utm_source=sendpress&utm_campaign

https://www.msspalert.com/wp-content/uploads/2017/07/encryption-code-cybersecurity.jpg Beachhead Solutions Adds Encryption-as-a-Service for MSPs
Dan Kobialka 
MSSP Alert 
Beachhead Solutions, a company that specializes in cloud-managed PC and mobile device encryption, security and data access control, has added encryption-as-a-service capabilities to its SimplySecure management system for MSPs and MSSPs.
MSPs and MSSPs now can use SimplySecure to deliver encryption-as-a-service, according to Beachhead.
In doing so, MSPs and MSSPs can help organizations secure their data and comply with European Union (EU) General Data Protection Regulation (GDPR) requirements.

SimplySecure provides a web-based management tool that allows MSPs and MSSPs to remotely secure mobile devices, Beachhead noted.
It is delivered as a service and enables MSPs and MSSPs to add SimplySecure modules as needed.
Beachhead is also developing a SimplySecure integration module for the Datto Autotask PSA, a professional services automation (PSA) platform for MSPs.
Link: https://www.msspalert.com/cybersecurity-services-and-products/beachhead-simplysecure-encryption-for-msps/?utm_medium=email&utm_source=sendpress&utm_campaign

https://www.cpomagazine.com/wp-content/uploads/2017/03/logo_favicon_144.png Trial Before the Fire: How to Test Your Incident Response Plan to Ensure Consistency and Repeatability
Nimmy Reichenberg 
CPO Magazine 
Fifty-nine percent of incident response (IR) professionals admit that their organizations follow a reactive approach, according to a report from Carbon Black.
Essentially, teams assume their processes work reasonably well to address the incident at hand … until they don’t.
While organizations must have IR plans in place, it’s even more important that they a) work consistently and b) are updated and improved over time.
Once you have a clear, documented plan in place, you should periodically test it through simulations to assess effectiveness and make continuous improvements.
So, how can you put your processes to the test.
Most security operations teams today use three methods:
1)     Paper tests
2)     Tabletop exercises
3)     Simulated attacks
Simulated attacks are often still done tabletop style, but an increasing number of security orchestration tools – via playbooks for common use cases –  help teams automate the response to attacks,  
As an added benefit, playbooks will help you identify opportunities to apply automation to your IR processes to expedite remediation and free up your analysts to focus on higher-value tasks.
Link: https://www.cpomagazine.com/cyber-security/trial-before-the-fire-how-to-test-your-incident-response-plan-to-ensure-consistency-and-repeatability/

https://d15shllkswkct0.cloudfront.net/wp-content/themes/siliconangle/img/favicon-SA.png Splunk’s Mission Control sends security operations center into new orbit
Mark Albertson 
Silicon Angle 
Splunk Inc.’s newly launched enhancement for the Security Operations Suite is called Mission Control.
Secure management of the entire stack has landed.  
Song spoke with John Furrier (@furrier), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Splunk .conf19 event in Las Vegas.
She was joined by Oliver Friedrichs (pictured, right), vice president of security automation and orchestration at Splunk, and they discussed the need for cross-platform observability and a number of security enhancements announced by the company today (  
In addition to the launch of Mission Control, Splunk also rolled out a number of new enhancements for its Security Operations Suite.
These included the latest version of Enterprise Security (ES) 6.0, a User Behavior Analytics release to help security teams build machine-learning models and Splunk Phantom 4.6 for security orchestration, response and automation.
Link: https://siliconangle.com/2019/10/22/splunks-mission-control-sends-security-operations-center-into-new-orbit-splunkconf19/

https://mma.prnewswire.com/media/956635/Recorded_Future_Logo.jpg?p=facebook Recorded Future Teams Up With ServiceNow on Integrated Security Intelligence Offering for Reducing Organizational Risk
Cision PR Newswire 
BOSTON, Oct. 22, 2019 /PRNewswire/— Recorded Future, the leading provider of security intelligence, today announced a new relationship with ServiceNow to expedite security professionals’ decision-making processes across security operations programs.
Two new integrations are designed to reduce risk, while empowering ServiceNow users by delivering contextual security intelligence for faster incident response and continuous vendor risk analysis.
The Recorded Future ServiceNow integration allows customers to bring external enrichment into the tools they currently work with today, helping to reduce incremental costs and increase the ROI of existing investments.
Users will be able to efficiently triage and prioritize alerts based on the severity of risk tied to each threat.
By incorporating real-time intelligence, organizations reduce uncertainty and can thereby reduce overall operational risk.
Link: https://www.prnewswire.com/news-releases/recorded-future-teams-up-with-servicenow-on-integrated-security-intelligence-offering-for-reducing-organizational-risk-300943035.html

https://www.helpnetsecurity.com/wp-content/uploads/2019/09/cropped-hns2-270x270.png Nuspire upgrades its Managed Endpoint service that leverages SentinelOne’s endpoint technology
Help Net Security 
Nuspire, a Managed Security Services Provider (MSSP), announced that it has upgraded its Managed Endpoint service to include Endpoint Protection that leverages SentinelOne’s endpoint security platform that actively blocks threats on a business’ endpoints.
This managed endpoint service includes unlimited research and investigation for indicators of compromise (IoC) by security engineers at Nuspire’s Security Operations Center along with full remediation support of threats identified.
In addition, this service includes flexible deployment options, where it can operate in endpoint detection and response mode (passive detection and behavior logging) or endpoint protection mode (adds active quarantine/process termination and device isolation).
Link: https://www.helpnetsecurity.com/2019/10/23/nuspire-sentinelone/

https://www.helpnetsecurity.com/wp-content/uploads/2019/09/cropped-hns2-270x270.png Splunk enhances its Security Operations Suite to modernize and unify the SOC
Help Net Security 
Anchored by the newly launched Splunk Mission Control, the Splunk Security Operations Suite makes it easier than ever for security analysts to turn data into doing by managing security across the entire threat lifecycle.
Splunk Mission Control is a new, cloud solution that connects Splunk SIEM (Splunk Enterprise Security), SOAR (Splunk Phantom) and UEBA (Splunk UBA) products into a single unified analyst experience.
Combined, these powerful innovations form the Splunk Security Operations Suite, which allows customers to act on threats and other high-priority security issues through the entire event lifecycle.
Splunk Enterprise Security (ES) 6.0: The latest version of Splunk’s flagship security offering, Splunk ES, builds upon its industry-leading SIEM platform.
Splunk User Behavior Analytics (UBA) 5.0: Splunk UBA enables SOC teams to build advanced, customized Machine Learning (ML) models for baselining and tracking deviations, based on their security environment and use cases.
Splunk Phantom 4.6: Splunk Phantom brings the power of security orchestration, automation and response (SOAR) to your mobile phone.
Phantom on Splunk Mobile allows customers to automate repetitive, manual tasks from the palm of their hand, enabling analysts to focus on mission-critical security threats that fuel security operations.
And More: Splunk also announced today several new security apps and updates to Splunk ES Content Update, which delivers pre-packaged Security Content to Splunk ES customers.
Link: https://www.helpnetsecurity.com/2019/10/23/splunk-security-operations-suite/

https://www.helpnetsecurity.com/wp-content/uploads/2019/09/cropped-hns2-270x270.png AttackIQ and The Chertoff Group help enterprise customers build and sustain security programs
Help Net Security 
AttackIQ, the largest independent leader of the continuous security validation market, announced a partnership with The Chertoff Group, a leading global security risk management firm, to offer a joint solution to help organizations measure security risk, train security staff and justify security investments.
The service, called the ATT&CK Diagnostic, is designed to help enterprise customers build and sustain security programs that are strategic, risk-based and focused on proven effectiveness.
Leveraging AttackIQ’s automated testing platform which operationalizes the MITRE ATT&CK framework1, the industry’s most authoritative approach to mapping threat actors to tactics, techniques and procedures (TTPs), the ATT&CK Diagnostic measures the effectiveness of an organization’s defensive countermeasures with unparalleled transparency and precision.
The ATT&CK Diagnostic creates a risk-based threat model, maps a customer’s current defenses to TTPs in the threat model, clearly identifying what technologies and standards are addressing what TTPs, and identifying holes in coverage.
Link: https://www.helpnetsecurity.com/2019/10/23/attackiq-the-chertoff-group/

https://www.businesswire.com/news/home/20191024005040/en/favicon.ico Kaspersky Allows Privileged Access to Curated Features of its Threat Intelligence Portal
Business Wire 
WOBURN, Mass.—(BUSINESS WIRE)—Driven by the goal of building a safer world, Kaspersky today announces new access to its threat intelligence portal offering its revered threat analysis to a wider audience of incident responders and Security Operation Center (SOC) analysts working in-house and at Managed Security Service Providers (MSSPs).
Kaspersky Threat Intelligence Portal is a single point of access for the company’s threat intelligence and provides all cyberattack data and insights gathered by Kaspersky, allowing enterprises to investigate and respond to threats in a timely manner.
In addition to advanced threat detection technologies, information about submitted files, URLs, IP addresses or hashes, the portal is also enriched with threat intelligence aggregated from fused, heterogeneous and highly reliable sources.
This includes information from the Kaspersky Security Network which is made up of the company’s own web crawlers, spam traps, research findings, partner information and more.
The heavily anonymized data is carefully inspected and refined using several preprocessing techniques and technologies such as statistical systems, similarity tools, sandboxing, behavioral profiling, whitelisting verification and analyst validation.
Link: https://www.businesswire.com/news/home/20191024005040/en/Kaspersky-Privileged-Access-Curated-Features-Threat-Intelligence

 

Posted on 10/27
NewsPermalink

OEM Security Newsalert - 27-Oct-2019

  • Check Point Revamps Small and Medium Businesses Security to Protect from the Most Advanced Cyber Attacks 
  • How BlackBerry Used Improv Comedy To Make Cybersecurity A More ‘Human’ Topic 
  • Zscaler: Time To Buy 
  • Apollo Global in rumoured $5bn takeover bid for Tech Data 
  • The software-defined rebirth of the load balancer 
  • Nutanix and the ‘messy middle’ of the subscription software model 
  • French VAR looks to triple revenues to €1bn through M&A 
  • Global Software-Defined Perimeter (SDP) Market key Insights Based on Product Type, End-use and Regional Demand Till 2025 
  • Avast says hackers breached internal network through compromised VPN profile 
  • Proofpoint Announces Third Quarter 2019 Financial Results 
  • Trustwave Unveils Government, Enterprise Security Testing Services 
  • Atos Acquires Identity Management 
  • Accenture Acquires Happen for Digital Transformation Services 
  • Trend Micro has acquired Cloud Conformity, a software platform that helps partners and customers to spot and mitigate cloud security misconfigurations across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). 
  • Radiflow and Asset Guardian Introduce Joint Solution to Enrich Industrial Asset Monitoring and Risk Assessment English T 
  • Upstream Security raises $30 million to protect connected cars from cyberattacks 
  • Upstream Security raises $30 million to protect connected cars from cyberattacks 
  • Ubiq Hires Steve Pataky, Pursues Data Security MSSP 
  • Rackspace Selects Armor to Deliver Best-in-Class Security for Hybrid Cloud Environments 
  • Forescout Joins Global Cyber Security Alliance for Operational Technology 
  • Foundries.io raises $3.5 million to fix IoT and Edge security 
  • Ian McLeod Joins Veracode as Chief Product Officer 
  • Cynet’s free vulnerability assessment offering helps organizations significantly increase their security 

 

https://software.einnews.com/favicon.ico Check Point Revamps Small and Medium Businesses Security to Protect from the Most Advanced Cyber Attacks
Nasaq Globe Newswire 
EIN News 
/EIN News/—SAN CARLOS, Calif., Oct. 17, 2019 (GLOBE NEWSWIRE)—Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, announced the release of the new 1500 series security gateways for SMBs.
The two new SMB appliances set new standards of protection against the most advanced fifth-generation cyberattacks, and offer unrivalled ease of deployment and management.
The 1550 and 1590 gateways are powered by Check Point’s R80 release.
R80 is the industry’s most advanced security management software, and includes multi-layered next-generation protection from both known threats and zero-day attacks using the award-winning SandBlast™ Zero-Day Protection, plus antivirus, anti-bot, IPS, app control, URL filtering and identity awareness. 
ffective May 30th, 2020, Check Point will cease to sale the following security gateway models:  730, 750, 770, 790, 1430, 1450, 1470 and 1490 wired and wireless (excluding VDSL).
Link: https://software.einnews.com/pr_news/499529696/check-point-revamps-small-and-medium-businesses-security-to-protect-from-the-most-advanced-cyber-attacks?n=2&code=oFvCCJC2r-jYysMo&utm_source=NewsletterN

https://thumbor.forbes.com/thumbor/600x315/https%3A%2F%2Fspecials-images.forbesimg.com%2Fimageserve%2F5da9e9c16763cb0006091403%2F960x0.jpg%3FcropX1%3D76%26cropX2%3D987%26cropY1%3D0%26cropY2%3D512 How BlackBerry Used Improv Comedy To Make Cybersecurity A More ‘Human’ Topic
Marty Swant 
Forbes 
BlackBerry wants to make data breaches a laughing matter.
To illustrate how even the smartest and most capable employees can make accidental mistakes that put sensitive information at risk, the Canadian company is taking a more “human” approach to the serious subject of cybersecurity.
It’s not that Mark Wilson–who’s been CMO of the brand since 2017–doesn’t take threats lightly.
Rather, he said an overwhelming majority of customers surveyed viewed their own staff as more of an accidental threat than an outside hacker.
According to research conducted by BlackBerry, 94% of chief security officers and other executives don’t trust their own employees with critical information.
In fact, 72% suspected their employees were working around existing security measures. (For example, BlackBerry found that a nurse at a hospital sent X-ray images to a doctor via Snapchat because she was locked out of the company’s software.)
To promote its own security software, BlackBerry—which has pivoted from its earlier smartphone-making days to enterprise tech made for the era of self-driving cars and the Internet of Things—decided to humanize accidental errors.
But instead of just passing a brief over to an creative agency to come up with a TV spot and some billboards or print ads, Blackerry worked with Oakland-based Funworks to hire improv comedians to create a campaign alongside BlackBerry teams ranging from marketing and tech to sales.
The goal: to translate the technical side of security to something more relatable.
“The key to this is how do you evoke emotion into something that can be at times a very dry topic,” Wilson says. “That’s kind of the fun of what we do.
How do you break through a sea of sameness with something that’s an evolutionary or provocative point of view and that’s a very human point of view?”
Link: https://www.forbes.com/sites/martyswant/2019/10/18/how-blackberry-used-improv-comedy-to-make-cybersecurity-a-more-human-topic/#4ec87b51cf5a

https://software.einnews.com/pr_news/499302287/aviatrix-names-cloud-industry-veteran-as-senior-vice-president-of-worldwide-sales Zscaler: Time To Buy
Stefan Ong 
Seeking Alpha 
Summary
Zscaler has fallen roughly 46% since its 52-week high.
The stock has grown strongly with revenue growth rates above 50% for the past three years.
Moreover, Zscaler is undervalued by 9.5% based on my estimates.
Link: https://seekingalpha.com/article/4296361-zscaler-time-buy

http://www.channelpartnerinsight.com/w-images/3096ea17-863e-4316-a5b9-bfe9850eb420/2/TechData-370x229.png Apollo Global in rumoured $5bn takeover bid for Tech Data
Doug Woodburn 
Channel Partner Insight 
Tech Data’s shares have spiked following a report that it is the subject of a near $5bn (€4.53bn) takeover approach.
According to a report today by Reuters, private equity firm Apollo Global Management is offering to pay about $130 a share for the global distribution giant.
It cited “people familiar with the matter”.

Tech Data’s shares have hiked 14 per cent in after-hours trading this evening.
Apollo was linked with a $7.5bn bid for Tech Data’s arch-rival Ingram late last year.
Link: https://www.channelpartnerinsight.com/channel-partner-insight/news/3082668/apollo-global-in-rumoured-usd5bn-takeover-bid-for-tech-data?utm_medium=email&utm_content=&utm_campaign=Channel%20Partner%20In

http://www.channelpartnerinsight.com/w-images/39d5a844-bf05-45cc-83aa-354837bba5e7/1/networkingcomputerdatacable-370x229.jpg The software-defined rebirth of the load balancer
Frank J. Ohlhorst 
Channel Partner Insight 
Software-defined technologies have quickly transformed traditional WAN optimization solutions and load balancers into solutions now referred to as application delivery controllers (ADCs).  
ZK Research revealed that software defined technologies, along with cloud native applications, are being deployed more frequently, with 50 percent of UK businesses and 29 percent of US businesses expecting to move over half of their applications into the cloud within the next 12 months.
It’s a transformation that ZK expects to have a profound impact on the ADC Market.  
According to ZK Research, F5 and Citrix are the most commonly used ADCs by today’s businesses, yet ZK opines that cloud native ADCs are beginning to show strength as applications transform into cloud-based entities.  
Forrester’s Application Experience (AX) for Asia Pacific Enterprises in Multi-cloud Environments report reveals that 84 percent of CIOs in APAC believe that a multi-cloud deployment will constitute up to half of their web and application hosting environment in the next three years.
Link: https://www.channelpartnerinsight.com/channel-partner-insight/analysis/3082956/the-death-of-the-load-balancer-is-the-adc-market-primed-for-a-revolution?utm_medium=email&utm_content=&utm_campaign=Chann

http://www.computing.co.uk/w-images/1e666726-9996-41ad-8712-f48f0af50f87/2/NutanixX-370x229.png Nutanix and the ‘messy middle’ of the subscription software model
Ohn Leonard 
Computing 
Moving to a new licensing model always carries a degree of risk.
For hyperconvergence vendor Nutanix, the change to a subscription software vendor was more radical than for the many software vendors that have taken that route, in that Nutanix went public three years ago as a hardware vendor.
It is, perhaps, the only enterprise vendor to go directly from hardware to subscription software, according to VP investor relations Tonya Chin.
The company moved to the software subscription model two years ago and finally stopped selling hardware appliances altogether in 2018.
Speaking at a media briefing during the .NEXT event in Copenhagen this month, Chin put the dip down to a number of factors.
First, revenues for a three-year subscription contract will be realised three years later with than an equivalent up-front deal, so in the short-term income will inevitably decline.
Chin forecasts that company will get through its ‘messy middle’, becoming a fully-fledged subscription software company within the next two years.
Link: https://www.computing.co.uk/ctg/news/3083008/nutanix-and-the-messy-middle-of-the-subscription-software-model?utm_source=Adestra&utm_medium=email&utm_content=&utm_campaign=CTG.Daily_RL.EU.A.U&im_edp=14

http://www.channelpartnerinsight.com/w-images/25204121-aac7-4c3d-b414-2446e0aa1806/1/mergersandacquisitionsimage-370x229.jpeg French VAR looks to triple revenues to €1bn through M&A
Josh Budd 
Channel Partner Insight 
French VAR C’PRO is aiming to hit €1bn revenues by 2025 as part of an M&A strategy which will see it acquire 10 competitors every year.
Print provider C’PRO merged with IT services firm Quadria at the start of 2018 to create a €300m-revenue entity with 1,000 employees.
Through acquiring Quadria, C’PRO, which claims to be Canon’s and Toshiba’s number one print partner in Europe, has now moved beyond its print provider roots into new areas of IT, including reselling PCs and infrastructure, systems integration, managed services, cloud, security and telco services.
Link: https://www.channelpartnerinsight.com/channel-partner-insight/news/3082869/french-var-looks-to-triple-revenues-to-eur1bn-through-m-a?utm_medium=email&utm_content=&utm_campaign=Channel%20Partner%20Insi

https://mw4.wsj.net/mw5/content/images/favicons/apple-touch-icon-180x180.png Global Software-Defined Perimeter (SDP) Market key Insights Based on Product Type, End-use and Regional Demand Till 2025
Market Watch 
Oct 21, 2019 (AmericaNewsHour)—The Global Software-Defined Perimeter (SDP) Market was valued at USD 998.26 million in 2016 and is projected to reach USD 15,077.28 million by 2025, growing at a CAGR of 35.21% from 2017 to 2025.
Competitive Landscape:The major players in the market are as follows: 
1. Cisco Systems, Inc. 
2. Catbird Networks, Inc. 
3. Intel Corporation 
4. Symantec Corporation 
5. Check Point Software Technologies Ltd. 
6. Certes Networks, Inc. 
7. EMC RSA 
8. Palo Alto Networks, Inc. 
9. Fortinet, Inc. 
10. Juniper Networks, Inc.
These major players have adopted various organic as well as inorganic growth strategies such as mergers & acquisitions, new product launches, expansions, agreements, joint ventures, partnerships, and others to strengthen their position in this market.
Link: https://www.marketwatch.com/press-release/global-software-defined-perimeter-sdp-market-key-insights-based-on-product-type-end-use-and-regional-demand-till-2025-2019-10-21

https://zdnet3.cbsistatic.com/hub/i/r/2019/10/21/bd7b8f71-50b2-4bad-aaa7-0fd1c52f3c80/thumbnail/770x578/3628a68700490410cb6a35402e5f126c/avast.png Avast says hackers breached internal network through compromised VPN profile
Catalin Cimpanu 
ZD Net 
Czech cyber-security software maker Avast disclosed today a security breach that impacted its internal network.
In a statement published today, the company said it believed the attack’s purpose was to insert malware into the CCleaner software, similar to the infamous CCleaner 2017 incident.
Avast said the breach occurred because the attacker compromised an employee’s VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution.
Baloo said Avast intentionally left the compromised VPN profile active, with the purpose of tracking the attacker and observing their actions.
This lasted until October 15, when the company finished auditing previous CCleaner releases, and pushed out a new clean update.
Link: https://www.zdnet.com/article/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile/

https://ml.globenewswire.com/media/5c97f3d3-aee5-4cc1-87c0-1cef1b628f18/small/proofpoint-logo-k-jpg.jpg Proofpoint Announces Third Quarter 2019 Financial Results
Nasdaq Globe Newswire 
EIN News 
Total revenue of $227.4 million, up 23% year-over-year
Billings of $277.8 million, up 26% year-over-year
GAAP EPS of $(0.79) per share, Non-GAAP EPS of $0.49 per share
Operating cash flow of $68.6 million and free cash flow of $58.6 million
Increasing FY19 revenue and profitability guidance
Link: https://software.einnews.com/pr_news/500248740/proofpoint-announces-third-quarter-2019-financial-results?n=2&code=oFvCCJC2r-jYysMo&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Targeted+Thre

https://www.msspalert.com/wp-content/uploads/2019/08/trustwave-2019.jpg Trustwave Unveils Government, Enterprise Security Testing Services
Dan Kobialka 
MSSP Alert 
Trustwave, a Top 200 MSSP for 2019, has launched Trustwave Security Testing Services to help government agencies and enterprises leverage security scanning and testing capabilities across their IT environments.
Trustwave Security Testing Services provide access to a catalog of scanning and testing services and security personnel that can be scaled as required, according to the company.
They are built on the Trustwave Fusion cloud-based cybersecurity platform and offer a variety of security scanning and testing capabilities, including:
• Network and application scanning scheduling and execution.
• Security tests led by Trustwave SpiderLabs.
• Risk analysis.
Link: https://www.msspalert.com/cybersecurity-companies/mssps/trustwave-testing-services/?utm_medium=email&utm_source=sendpress&utm_campaign

https://www.msspalert.com/wp-content/uploads/2018/05/atos-building.jpg Atos Acquires Identity Management
Dan Kobialka 
MSSP Alert 
Atos, a Top 200 MSSP for 2019, has finalized its acquisition of European digital identity infrastructure management provider IDnomic.
The news comes after Atos in July announced that it had entered into exclusive negotiations to acquire IDnomic.
More than 100 IDnomic digital identity specialists are joining Atos’s cybersecurity team as part of the acquisition, the companies said.
In addition, the IDnomic acquisition could help Atos extend its reach in the global identity and access management (IAM) and public key infrastructure (PKI) solutions markets.
Global IAM solutions market revenues are expected to increase at a compound annual growth rate (CAGR) of 13.1 percent between 2018 and 2025 and could be worth $24.1 billion by 2025, industry analyst Grand View Research stated.
Furthermore, the global PKI solutions market is projected to expand at a CAGR of 15.1 percent between 2019 and 2024 and could be worth $3.6 billion by 2024, industry analyst MarketsandMarkets indicated.
Link: https://www.msspalert.com/cybersecurity-companies/mssps/atos-buys-idnomic/?utm_medium=email&utm_source=sendpress&utm_campaign

https://www.channele2e.com/wp-content/uploads/2019/10/accenture-1.jpg Accenture Acquires Happen for Digital Transformation Services
Ty Trumbull 
CHANNEL e2e 
Accenture is pushing forward with its rampant acquisition plan.
This time, the global systems integrator purchased London, England-based innovation firm Happen for an undisclosed sum.
The deal bolsters Accenture’s front-end innovation and analytics capabilities to help customers generate new ideas, products, and services, the company asserts.
Happen, founded in 2007, works with companies primarily in the consumer goods, food & beverage, retail, and life sciences industries.
The firm’s key skills include consumer insights and product and service innovation.
Link: https://www.channele2e.com/investors/mergers-acquisitions/accenture-buys-happen/?utm_medium=email&utm_source=sendpress&utm_campaign

https://www.msspalert.com/wp-content/uploads/2019/10/trend-micro-2.jpg Trend Micro has acquired Cloud Conformity, a software platform that helps partners and customers to spot and mitigate cloud security misconfigurations across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).
Joe Panettieri 
MSSP Alert 
OpenText late on October 18 released a statement saying that it was not considering a potential acquisition of Micro Focus.
The statement surfaced after Bloomberg speculated a deal may be brewing.
Micro Focus shares rose nearly 7 percent today amid the takeover rumors on October 18.
The snuffed-out takeover rumors follow chatter in September 2019 that suggested private equity firms may want to acquire Micro Focus’s Arcsight and Fortify security software units, according to DealReporter sources.
At the time, interested parties apparently included Carlyle, Veritas and KKR.
All of Cloud Conformity’s employees  — including 50 developers and engineers — will join Trend Micro.
Cloud Conformity, founded in 2016, has 100-plus customers and offices in Sydney, Australia; Dallas, Texas; London, United Kingdom; Montreal, Canada and Singapore.
Financial terms of the deal and specific revenue figures for Cloud Conformity were not disclosed.
Link: https://www.msspalert.com/investments/trend-micro-acquires-cloud-conformity/?utm_medium=email&utm_source=sendpress&utm_campaign

https://www.prnewswire.com/content/dam/prnewswire/icons/favicon.png Radiflow and Asset Guardian Introduce Joint Solution to Enrich Industrial Asset Monitoring and Risk Assessment English T
Cision PR Newswire 
MAHWAH, New Jersey and LIVINGSTON, Scotland, Oct. 21, 2019 /PRNewswire/—Radiflow, a leading provider of cybersecurity solutions for industrial automation networks, and Asset Guardian, a dedicated provider of leading edge protection for process control and industrial software, today jointly announced that the two companies have launched a joint solution to expand industrial asset monitoring, change management and risk assessment capabilities for industrial enterprises.
In this new integrated solution, iSID’s asset inventory now incorporates the asset information stored in the Asset Guardian database, including the detailed asset information that is not available from traffic monitoring.
With this new detailed asset information from Asset Guardian, such as logic version, ownership, geo-location and more, the result is a far more granular risk score calculated by iSID for each asset.
Changes to assets, such as new firmware or PLC logic, are detected on the network in real-time by iSID and sent to Asset Guardian for verification, authorization and validation against the ‘golden image’ of the binary stored in the Asset Guardian database.
Link: https://www.prnewswire.com/news-releases/radiflow-and-asset-guardian-introduce-joint-solution-to-enrich-industrial-asset-monitoring-and-risk-assessment-300941791.html

https://venturebeat.com/wp-content/themes/vb-news/img/favicon.ico Upstream Security raises $30 million to protect connected cars from cyberattacks
Paul Sawers 
Venture Beat 
Upstream Security, a cloud-based cybersecurity platform for connected cars, has raised $30 million in a series B round of funding led by Alliance Ventures, an automotive alliance constituting Renault, Mitsubishi, and Nissan.
Volvo Group, Hyundai, CRV, Glilot Capital, Maniv Mobility, and Nationwide also participated in the round.
The connected car market was pegged at $63 billion in 2017, a figure that could rise to more than $200 billion by 2025.  
ounded in 2017, Upstream Security is adopting a “multi-layer” approach to protecting connected cars and the underlying network infrastructure.
Its C4 platform integrates with automotive data streams of vehicles and promises to detect incidents as they happen in real time, allocating a rating based on perceived impact and severity.
Link: https://venturebeat.com/2019/10/21/upstream-security-raises-30-million-to-protect-connected-cars-from-cyber-attacks/

https://venturebeat.com/wp-content/themes/vb-news/img/favicon.ico Upstream Security raises $30 million to protect connected cars from cyberattacks
Paul Sawers 
Venture Beat 
Upstream Security, a cloud-based cybersecurity platform for connected cars, has raised $30 million in a series B round of funding led by Alliance Ventures, an automotive alliance constituting Renault, Mitsubishi, and Nissan.
Volvo Group, Hyundai, CRV, Glilot Capital, Maniv Mobility, and Nationwide also participated in the round.
The connected car market was pegged at $63 billion in 2017, a figure that could rise to more than $200 billion by 2025.  
ounded in 2017, Upstream Security is adopting a “multi-layer” approach to protecting connected cars and the underlying network infrastructure.
Its C4 platform integrates with automotive data streams of vehicles and promises to detect incidents as they happen in real time, allocating a rating based on perceived impact and severity.
Link: https://venturebeat.com/2019/10/21/upstream-security-raises-30-million-to-protect-connected-cars-from-cyber-attacks/

https://www.msspalert.com/wp-content/uploads/2019/10/ubiq-security.png Ubiq Hires Steve Pataky, Pursues Data Security MSSP
Joe Panettieri 
MSSP Alert 
Ubiq Security has hired SonicWall, FireEye and Juniper veteran Steve Pataky as global chief channel officer and head of America sales.
The data security startup also unveiled a new partner program focused on MSSPs (managed security services providers), security solution partners and IoT (Internet of Things) solution providers.
Ubiq develops and promotes a software platform that “secures any type of data, on any device, anywhere,” the company asserts.
The software can be integrated into existing applications, IoT devices or installed on laptops and servers to secure data, the firm adds.
Ubiq Security has been busy on the talent front.
The company in September 2019 named Scott McCrady as chief revenue officer and Jon Kabrud as VP of sales and business development.
Link: https://www.msspalert.com/cybersecurity-talent/ubiq-hires-steve-pataky/

http://www.globenewswire.com/Attachment/LogoDisplay/636456?filename=636456.jpg&size=1 Rackspace Selects Armor to Deliver Best-in-Class Security for Hybrid Cloud Environments
Nasdaq Globe Newswire 
SAN ANTONIO, Oct. 22, 2019 (GLOBE NEWSWIRE)—Rackspace today announced that it has selected Armor, a top global provider of cloud security-as-a-service solutions, to deliver best-in-class security for hybrid cloud environments to customers worldwide.
Armor’s next-generation cloud security platform, Armor Anywhere, will be integrated into Rackspace’s comprehensive portfolio of security services for all major private and hyperscale public clouds, creating the most complete hybrid cloud security solution on the market.
The integration of Armor’s technology and capabilities into Rackspace’s security service offerings will be made available to customers in 2020.
For more information on Rackspace’s security services, visit http://www.rackspace.com/security.
Link: http://www.globenewswire.com/news-release/2019/10/22/1933295/0/en/Rackspace-Selects-Armor-to-Deliver-Best-in-Class-Security-for-Hybrid-Cloud-Environments.html

http://www.globenewswire.com/Content/Images/favicon.ico Forescout Joins Global Cyber Security Alliance for Operational Technology
Nasdaq Globe Newswire 
SAN JOSE, Calif., Oct. 22, 2019 (GLOBE NEWSWIRE)—Forescout Technologies, Inc. (NASDAQ: FSCT), the leader in device visibility and control, today announced that it has joined a new alliance to provide a technical and organizational framework for safe and secure operational technology (OT).
The Operational Technology Cyber Security Alliance (OTCSA) aims to bridge dangerous gaps in security for OT and critical infrastructures and industrial control systems (ICS) to support and improve the daily lives of citizens and workers in an evolving world.
Industry leaders ABB, Check Point Software, Cylance, Fortinet, Microsoft, Mocana, NCC Group, Qualys, SCADAFence, Splunk and Wärtsilä have partnered with Forescout to establish the OTCSA.
With 60 percent of organizations using ICS indicating that they experienced a breach in their systems in the past year, and 97 percent acknowledging security challenges because of the convergence of IT and OT1, the need for the OTCSA is critical.
Link: http://www.globenewswire.com/news-release/2019/10/22/1933081/0/en/Forescout-Joins-Global-Cyber-Security-Alliance-for-Operational-Technology.html

https://eenews.cdnartwhere.eu/sites/default/files/styles/facebook/public/sites/default/files/images/2019-10-21-jh-foundries.jpg?itok=3p0OpNQE Foundries.io raises $3.5 million to fix IoT and Edge security
Julien Happich 
EE News Europe 
The self-service solution enables businesses to minimize and manage their maintenance and support costs.
It provides secure boot firmware and customizable operating system software updates, as well as build and test infrastructure with the latest software and security updates included.
Link: https://www.eenewseurope.com/news/foundriesio-raises-35-million-fix-iot-and-edge-security

https://s.yimg.com/cv/apiv2/default/fp/20180826/icons/favicon_y19_32x32.ico Ian McLeod Joins Veracode as Chief Product Officer
Nasdaq Globe Newswire 
Yahoo - Finance 
BURLINGTON, Mass., Oct. 23, 2019 (GLOBE NEWSWIRE)—Veracode, a leading provider of application security testing (AST) solutions, today announced the appointment of Ian McLeod as Chief Product Officer.
McLeod will head product strategy and management and report to Chief Executive Officer, Sam King.
He will lead Veracode’s innovation strategy guiding the company to provide secure software solutions that support DevSecOps environments.
Previously, McLeod served as Chief Product Officer at Rogue Wave Software and held executive management roles at SmartBear Software, PHT Corporation, Segue Software, and Rational Software.
Link: https://finance.yahoo.com/news/ian-mcleod-joins-veracode-chief-130005240.html

https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/favicon/apple-touch-icon.png Cynet’s free vulnerability assessment offering helps organizations significantly increase their security
Threat Post 
In the effort to assist organizations in finding such vulnerabilities, Cynet has launched its Free Vulnerability Assessment offering, which gives organizations 14-days of free access to the Cynet 360 platform with the ability to utilize its built-in vulnerability assessment capabilities.
The offer allows any organization to connect to the platform and start scanning its endpoints, experiencing the power, speed and full visibility that come with the platform.  
Two main security and IT audiences are the focus of the Cynet Free Vulnerability Assessment:
• The patchers – in this case, Cynet accelerates and optimizes the organization’s existing workflow.
• The nonpatchers – here, Cynet introduces an easy way to increase the level of breach protection in the organizations, with no operational burden.
Link: https://threatpost.com/cynet-vulnerability-assessment/149382/

 

Posted on 10/27
NewsPermalink

Wednesday, August 21, 2019

Incident Response Newsalert - 2019-08-18

Table of Contents

  • Security warning for software developers: You are now prime targets for phishing attacks 
  • [Infographic] Nations and Hackers Unleash Destructive Malware! 
  • Why Modernizing Security is Like Visiting a Fast-Food Restaurant 
  • The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace? 
  • The Ins and Outs of SOC for MSSPs and MSPs 
  • Demisto & Uptycs: Orchestrating Incident Response Activities 
  • Secureworks Unveils 24/7 Threat Detection and Response Service 
  • IBM: Average Destructive Attacks Costs Over $200 Million 
  • Cylance report looks into questionable pentesting practices 
  • Nmap 7.80 released: A mature Npcap Windows packet capturing driver, 11 new NSE scripts 
  • NTT Security partners with Europol to bolster Threat Intelligence 
  • ConnectWise Identifies MSP Security Holes Through Risk Assessments 
  • Stronger as One: IronNet Expands the Power of Collective Defense to Organizations of All Sizes 

 

https://zdnet2.cbsistatic.com/hub/i/r/2019/02/22/d12e5909-d228-4e39-af16-84422fb11c6e/thumbnail/770x578/0dc6ee1748374f4fcf986de5bbbba180/istock-857874124.jpg Security warning for software developers: You are now prime targets for phishing attacks
Anny Palmer 
ZD Net 
Software developers are the people most targeted by hackers conducting cyberattacks against the technology industry, with the hackers taking advantage of the public profiles of individuals working in the high-turnover industry to help conduct their phishing campaigns.
The August 2019 Threat Intelligence Bulletin from cybersecurity company Glasswall details the industries most targeted by phishing, with the technology sector accounting for almost half of malicious phishing campaigns.
According to the Glasswall report, software developer is the role most targeted by hackers going after the technology sector.
A key reason for this is that devs do the groundwork on building software and will often have administrator privileges across various systems.
That’s something attackers can exploit to move laterally around networks and gain access to their end goal.
One way potential victims could make themselves less susceptible to attacks would be to display less information about themselves on their public-facing profiles – although given this is how many look for work, that might not be practical for everyone.
Link: https://www.zdnet.com/article/security-warning-for-software-developers-you-are-now-prime-targets-for-phishing-attacks/

https://blog.tmcnet.com/blog/rich-tehrani/wp-content/uploads/2019/08/apex-infographic-article-version-8-9-1-768x456.jpg [Infographic] Nations and Hackers Unleash Destructive Malware!
Rich Tehrani 
Tehrani Blog 
A new report from IBM X-Force Incident Response and Intelligence Services (IRIS) shows that these attacks have been on the rise, posing a growing threat to a wide variety of businesses that may not consider themselves an obvious target.
Key findings include:
• Massive destruction, massive costs: Destructive attacks are costing multinational companies $239 million on average.
As a point of comparison, this is 61 times more costly than the average cost of a data breach ($3.92 million).
• The long road to recovery: The debilitating nature of these attacks requires a lot of resources and time to respond and remediate, with companies on average requiring 512 hours from their incident response team.
It’s also common for organizations to use multiple companies to handle the response and remediation, which would increase hours even further.
• RIP laptops: A single destructive attack destroys 12,000 machines per company on average — creating quite a tab for new devices in order to get companies’ workforce back in action.
Link: https://blog.tmcnet.com/blog/rich-tehrani/security/infographic-nations-and-hackers-unleash-destructive-malware.html

https://3ovyg21t17l11k49tk1oma21-wpengine.netdna-ssl.com/wp-content/uploads/2016/01/favicon-logo-200x200.png Why Modernizing Security is Like Visiting a Fast-Food Restaurant
Jonathan Divincenzo 
Dev Ops.com 
Fast casual restaurants are taking over the food industry.
Today’s consumers want quality and speed, and the brick-and-mortar model offering immediate service paired with quality ingredients perfectly fits the bill.
It’s the new, modernized dining experience.
You can also argue that the same modernization taking the food industry by storm is happening in the security sector.
A modern infrastructure mix is made up of many parts (much like a layered chicken sandwich): cloud, containers, hardware, platforms—and sometimes serverless.
Flexibility and deployment options are essential to defending applications and APIs across multiple components and delivery stacks.
Typically, security teams end up in a balancing act of supporting new infrastructure plans while taking over existing legacy systems and applications.
The modern world is ever-evolving and the definition of “modern” changes as new technology is introduced.
Fast-food chains have evolved over the years and, in turn, moved the food industry forward with the introduction of fast, casual and reliable options.
The companies continue to evolve to meet the customers’ demands by introducing delivery services, unique rewards programs and leading mobile apps.
Link: https://devops.com/why-modernizing-security-is-like-visiting-a-fast-food-restaurant/

https://www.darkreading.com/default.asp The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby 
Dark Reading 
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
Case in point: IBM’s Z series mainframe sales are up 70% year-over-year.
And a recent Compuware survey showed that mainframe workloads are increasing.
Currently, 57% of enterprises with a mainframe run more than half of their critical applications on the mainframe, but that number is expected to rise to 64% by next year, according to Compushare.
Overlooking mainframe security is an industrywide issue today.
Recent research shows that even though 85% of companies say that mainframe security is a top priority, 67% admit that they only sometimes or rarely factor security into mainframe environment decisions.
Ultimately, the mainframe renaissance will equip businesses with the processing power, reliability, and scalability they need to thrive.
But for true peace of mind, especially where sensitive customer data is involved, businesses need to be aware of the importance of mainframe security and, just as importantly, prepared to execute on it.
Link: https://www.darkreading.com/vulnerabilities—-threats/the-mainframe-is-seeing-a-resurgence-is-security-keeping-pace/a/d-id/1335476

https://www.channelpartnersonline.com/files/2019/08/Out-and-In-doors-300x249.jpg The Ins and Outs of SOC for MSSPs and MSPs
Edward Gately 
Channel Partners 
To be successful as an MSSP or security-centric MSP, security operations center (SOC) is a must.
Channel Partners: What are some of the issues to consider when deciding whether to build your own SOC or outsource?

  • Cost – building a SOC could cost $1-3 million depending on the size and scope.  
  • Timing – some partners may find that it’s better to outsource the SOC to ensure your sales team is capable of selling the solution before you invest in building it yourself.  
  • Skills – finding qualified people to work as SOC analysts is very difficult, so make sure that you have a pipeline of these rare resources before you invest.
  • Scope – you need to decide early if you will staff for 24×7 or 9×5. Maybe you should partner for the after-hours work.

CP: What are some common mistakes to avoid when building your own SOC?
AR: Automation needs to be top of mind from the start.
A security information and event management (SIEM) solution alone with SOC analysis to sift through the data will not be effective unless you can automate some of the incident response to help you scale.
CP: What’s the best criteria for choosing a specialist to handle your SOC?
IT people think in a structured way with rules, policies and procedures – but hackers are very unstructured and creative.
To catch a hacker, you need to think like them, so hire a former programmer with problem-solving skills.
Link: https://www.channelpartnersonline.com/article/the-ins-and-outs-of-soc-for-mssps-and-msps/

https://securityboulevard.com/wp-content/uploads/2018/03/cropped-SB3x4-270x270.jpg Demisto & Uptycs: Orchestrating Incident Response Activities
Security Boulevard 
Uptycs leverages the open-source osquery agent in order to acquire real-time data about nearly any facet of your infrastructure (more about osquery here).
This data is streamed, aggregated, and stored in the Uptycs backend and then made accessible via our API, allowing the integration of Uptycs data with other services.
The Uptycs-Demisto integration (available here in the Demisto Integration catalog) allows customers of both solutions the use of Uptycs data within their Demisto instance.
Link: https://securityboulevard.com/2019/08/demisto-uptycs-orchestrating-incident-response-activities/

https://www.msspalert.com/wp-content/uploads/2019/03/secureworks-2019.jpg Secureworks Unveils 24/7 Threat Detection and Response Service
Dan Kobialka 
MSSP Alert 
Secureworks, a Top 100 MSSP, has added a 24/7 service to its Red Cloak Threat Detection and Response (TDR) offering.
Red Cloak TDR’s 24/7 service helps organizations scale their security expertise and combat cyber threats, according to Secureworks.
In doing so, the service enables organizations to accelerate threat detection, response and remediation.
The 24/7 service for Red Cloak TDR is now available.
Also, Secureworks is showcasing its updated version of Red Cloak TDR at this week’s Black Hat USA conference in Las Vegas, Nevada.
Red Cloak TDR is a managed detection and response (MDR) offering designed to help organizations identify cyber threats that typically go undetected by traditional security solutions, Secureworks noted.
It uses insights from incident response engagements to provide continuously updated threat intelligence and analytics that enables organizations to recognize malicious activity.
In addition, Red Cloak TDR analyzes data from IT environments and applies advanced analytics and threat intelligence, Secureworks said.
It then alerts end users if it identifies suspicious activity that requires attention.
Link: https://www.msspalert.com/cybersecurity-companies/mssps/secureworks-threat-detection/?utm_medium=email&utm_source=sendpress&utm_campaign

https://www.msspalert.com/wp-content/uploads/2018/10/ibm-x-force-command-center.jpg IBM: Average Destructive Attacks Costs Over $200 Million
Dan Kobialka 
MSSP Alert 
Destructive malware, malicious software with the capability to render affected systems inoperable, represents a growing problem for global organizations, according to IBM X-Force Incident Response and Intelligence Services (IRIS).
Large multinational companies appear to incur costs around $239 million per destructive malware incident — 61 times greater than the cost of a typical data breach, IBM IRIS noted.
Furthermore, the average destructive malware attack affects 12,316 computer workstations and servers and requires 512 hours to remediate.
Link: https://www.msspalert.com/cybersecurity-research/ibm-destructive-malware-costs/?utm_medium=email&utm_source=sendpress&utm_campaign

https://securitybrief.asia/brands/sb-as-icon-32.png Cylance report looks into questionable pentesting practices
Security Brief - Asia 
BlackBerry has announced that new research from the BlackBerry Cylance Threat Intelligence Team has uncovered a trove of highly sensitive data. 
In Thin Red Line: Penetration Testing Practices Examined, the BlackBerry Cylance Threat Intelligence Team sheds light on a range of questionable pentesting practices, by-products and outcomes.
The report raises critical questions about the industry’s adherence to expectations of privacy and confidentiality, as well as compliance with legal and regulatory requirements, like Europe’s General Data Protection Regulation (GDPR). 
Included in the report is a case study of an advanced persistent threat (APT) like group which the research team found to be operating openly as a Brazilian security firm that is linked to the exposure of sensitive air traffic control data.
The research also explores the tradecraft of more than two dozen well-known companies offering pentesting services, from boutiques to blue chips, and finds the widespread exposure of client data in semi-public repositories.
Link: https://securitybrief.asia/story/cylance-report-looks-into-questionable-pentesting-practices

https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Nmap 7.80 released: A mature Npcap Windows packet capturing driver, 11 new NSE scripts
Help Net Security 
It includes a mature Npcap raw packet capturing/sending driver, 11 new NSE scripts, a bunch of new libraries, bug fixes and performance improvements.
Nmap team has created the Npcap raw packet capturing/sending driver because the previously used Winpcap hasn’t been updated since 2013, doesn’t always work on Windows 10, and depends on long-deprecated Windows APIs.
Npcap uses modern APIs, is more performant, secure and featureful.
Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all changes from the last 15 Npcap releases.
Link: https://www.helpnetsecurity.com/2019/08/12/nmap-7-80/

https://static.responsesource.com/favicon.ico NTT Security partners with Europol to bolster Threat Intelligence
Response Source 
NTT Security, the specialised security company of NTT Group, has signed a Memorandum of Understanding (MoU) with Europol’s European Cybercrime Centre (EC3).
This latest move forms part of its committment to sharing its strategic threat intelligence with industry partners and law enforcement agencies to prevent cybercrime globally.
The new MoU defines a framework for NTT Security and Europol to exchange strategic threat intelligence as well as information relating to cybersecurity trends and industry best practice.
Trust building through public-private sector partnerships is a priorty for NTT Security as it looks to enhance it’s relationship with EC3 which now includes NTT Security’s Global Threat Intelligence and Incident Center (GTIC)
Europol is one of many partners with whom NTT Security collaborates.
Others include the National Cyber Forensics and Training Alliance (NCFTA); Council of Registered Ethical Security Testers (CREST); Cyber Threat Alliance (CTA) Forum of Incident Response Teams (FIRST) and others.
Link: https://pressreleases.responsesource.com/news/98221/ntt-security-partners-with-europol-to-bolster-threat-intelligence/

https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/icons/favicon/apple-touch-icon.png ConnectWise Identifies MSP Security Holes Through Risk Assessments
Maddie Bacon 
Channel Futures 
More than half of MSPs don’t do basic security awareness training, according to new data from ConnectWise.
57% of participating MSPs and SMBs don’t do security awareness training, 48% have not assessed or analyzed cybersecurity attack targets and tactics, and 48% don’t have a security incident response plan in place — all while more than 60% of SMBs experience cyberattacks or data breaches, according to the “2017 State of Cybersecurity in Small and Medium-Sized Businesses (SMB)” report from Ponemon Institute.
Link: https://www.channelfutures.com/security/connectwise-identifies-msp-security-holes-through-risk-assessments

https://ironnet.com/wp-content/uploads/IronNet-Featured-Image.jpg Stronger as One: IronNet Expands the Power of Collective Defense to Organizations of All Sizes
Iron Net 
New strategic initiative will improve cyber defense collaboration and security outcomes across organization and industry
IronNet Cybersecurity, the leading provider of collective defense and network behavioral analysis for companies and industries, today announces that IronDome, the industry’s first and only collective defense platform, is now available to companies of all sizes.
IronDome is a revolutionary way to defend against sophisticated and well-funded cyber adversaries by enabling organizations to join resources and envision impending potential threats to collectively defend against targeted attacks.
The platform applies advanced behavioral analytics, AI, and machine learning techniques to network traffic data and combines the tradecraft knowledge of the best offensive and defensive cyber operators in the world with world-class mathematicians and data scientists.
This IronDome expansion will be the first cross-sector sharing initiative at scale.
Additional initiatives will be launched to complement other public-private sharing entities and to provide a real-time anonymized view into domestic and international threats for cyber response.
Link: https://ironnet.com/new/stronger-as-one-ironnet-expands-the-power-of-collective-defense-to-organizations-of-all-sizes/

 


         

                       

                       

                                                       
               
                                                                     
                                  Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.

Our mailing address is: .(JavaScript must be enabled to view this email address)


If someone forwarded this email to you and you want to be added in,
please click this subscribe to this list

unsubscribe from this list   
update subscription preferences 

*|IF:REWARDS|* *|HTML:REWARDS|* *|END:IF|*                

         

                       

               

 

Posted on 08/21
NewsPermalink

Tuesday, July 30, 2019

IR Security News - 28-Jul-2019

Table of Contents

  • Average cost of a data breach rises to $3.92 million: IBM study
  • Immunity's penetration testing utility now includes an exploit for BlueKeep flaw
  • MSP State of the Market report: MSPs give blunt feedback on what they really value from their vendor partners
  • Penetration Test Data Shows Risk to Domain Admin Credentials
  • Fujitsu opens SOC in Canberra
  • How DNS firewalls can burn security teams
  • Verint Systems selected as official supplier of Web Intelligence solutions to the UK police forces
  • Optiv Security opens the Dallas Innovation and Fusion Center
  • Analytics new battleground for MSSPs in Asia
  • THREAT INTELLIGENCE MARKET PROJECTED TO REACH US$ 12.9 BILLION BY 2023
  • Endace and Micro Focus Partnership Delivers New Security Insights for Threat Hunting and Investigation
  • ‘SOC’ It to ‘Em: How to Overcome Security Operations Center Challenges
  • D3 Security Creates First Proactive Response Platform by Bringing Together SOAR and the MITRE ATT&CK Framework

 



https://images.livemint.com/img/2019/07/23/600x338/hackers-kWeB—621x414@LiveMint_1563873527876.jpg Average cost of a data breach rises to $3.92 million: IBM study
Nandita Mathur
Live Mint
The cost of a data breach has risen 12% over the past five years and now costs $3.92 million on an average, said study by IBM Security on Tuesday.
Assessing the financial impact of data breaches on organisations, the report claimed that the rising expenses were representative of multi-year financial impact of breaches, increased regulation, and the complex process of resolving criminal attacks.
The report also found that companies with less than 500 employees suffered losses of more than $2.5 million on average – a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue.
While an average of 67% of data breach costs were realized within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach.
The long tail costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals. 
The study also found that data breaches which originated from a malicious cyber attack were not only the most common cause of a breach, but also the most expensive.
Malicious data breaches cost companies, examined in the study, $4.45 million on average – over $1 million more than those originating from accidental causes such as system glitch and human error.
These breaches are a growing threat, as the percentage of malicious or criminal attacks as the root cause of data breaches in the report crept up from 42% to 51% over the past six years of the study (a 21% increase).
One particular area of concern is the mis-configuration of cloud servers, which contributed to the exposure of 990 million records in 2018, representing 43% of all lost records for the year, according to the IBM X-Force Threat Intelligence Index.
The report found that the average life cycle of a breach was 279 days with companies taking 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach.
However, companies in the study who were able to detect and contain a breach in less than 200 days spent $1.2 million less on the total cost of a breach.
A focus on incident response can help reduce the time it takes companies to respond, and the study found that these measures also had a direct correlation with overall costs. 
Companies that had both these measures in place had $1.23 million less total costs for a data breach on average than those that had neither measure in place ($3.51 million vs. $4.74 million).
Link: https://www.livemint.com/technology/tech-news/average-cost-of-a-data-breach-rises-to-3-92-million-ibm-study-1563872957873.html



http://www.computing.co.uk/w-images/1bc07809-2f2f-4bbe-b46a-3d5b70b36014/3/exploitcode-370x229.jpg Immunity's penetration testing utility now includes an exploit for BlueKeep flaw
Dev Kundaliya
Computing
The exploit for the BlueKeep flaw is now included in CANVAS v7.23, enabling users to achieve remote code execution on unprotected PCs during penetration tests - in other words, able to open a shell on infected hosts.

The BlueKeep flaw, aka CVE-2019-0708, was first uncovered by security researchers in May, with Microsoft rushing out a patch to cover it.
According to Microsoft, it is a "wormable" vulnerability that can self-propagate from one vulnerable system to another without requiring user interaction - similar to the way that WannaCry and NotPetya were spread.
Link: https://www.computing.co.uk/ctg/news/3079585/bluekeep-exploit-released?utm_source=Adestra&utm_medium=email&utm_content=&utm_campaign=CTG.Daily_RL.EU.A.U&im_edp=146339-8a9e173aa3aaf898%26campaignname%3



http://www.channelpartnerinsight.com/w-images/65092018-4dc3-4ce1-9def-b81400d28e4d/3/fill/StateofMarketReportMSP2019-370x229.jpg MSP State of the Market report: MSPs give blunt feedback on what they really value from their vendor partners
Josh Budd
Channel Partner Insight
US and European providers anonymously share their experiences with vendors in CPI's MSP State of the Market report

Some MSP repsondents slammed their vendor partners for taking a short-term approach to the managed services market.
Our research finds that more than two thirds of MSPs are still running an "operationally immature" model where they are not selling a standardised and fully managed package.
Link: https://www.channelpartnerinsight.com/channel-partner-insight/feature/3079483/msp-state-of-the-market-report-msps-give-blunt-feedback-on-what-they-really-value-from-their-vendor-partners?utm_medium=em



https://www.darkreading.com/default.asp Penetration Test Data Shows Risk to Domain Admin Credentials
Jai Vijayan
Dark Reading
A new analysis of data from 180 real-world penetration tests in enterprise organizations suggests that cybercriminals who manage to get a foothold on an internal network have an opportunity to then gain domain administrator access in more than three in four cases.
But attacks on Internet-facing assets actually result in some kind of internal access only about 20% of the time because of the security controls that many organizations have implemented at the network perimeter.
Attacks on Web applications are likely to result in site-wide compromise even more rarely (3%) of the time, the study by security vendor Rapid7 showed.
Most of the flaws on the internal LAN tend to be Microsoft-centered and have an impact on data integrity.
The biggest problems here have to do with SMB relaying: a failure to apply critical patches and credentials being stored in cleartext.
In 11% of the client sites, Rapid7 found organizations had not deployed patches even for very old vulnerabilities and for extremely critical flaws like EternalBlue, which was exploited in the WannaCry ransomware attacks of 2017.
Unlike prior years, penetration testers were able to use SMB relaying as a viable attack only about 15% of the time, suggesting organizations are much more aware of the need for SMB signing and are getting rid of SMB clients that don't support signing, Beardsley says.
Link: https://www.darkreading.com/vulnerabilities—-threats/penetration-test-data-shows-risk-to-domain-admin-credentials/d/d-id/1335324



https://d2bs8hqp6qvsw6.cloudfront.net/article/images/800x800/dimg/mike_foster_2.jpg Fujitsu opens SOC in Canberra
Eleanor Dickinson
ARN, from IDG
Named the Cyber Resilience Centre (CRC), the facility will provide a centralised management hub for Fujitsu’s new security-as-a-service (SECaaS) offerings.

Aimed primarily at Federal and State Government customers, the facility will oversee managed and professional security services across the Oceania region using an unnamed Australian Signals Directorate-certified Protected Cloud as a host.
Operating on a consumption cost mode, the centre will provide services including: threat analytics, vulnerability management, threat intelligence and threat response.
Link: https://www.arnnet.com.au/article/664253/fujitsu-launches-protected-level-security-services-hub-in-canberra/?fp=2&fpid=1



https://www.helpnetsecurity.com/wp-content/uploads/2016/09/burn.jpg How DNS firewalls can burn security teams
Andrew Wertkin
Help Net Security
It’s easy to see how DNS firewalls could have thwarted 33% of data breaches.
For most IT and security teams, DNS has been an afterthought.
Or, worse, not even that.
The research, conducted by the Global Cyber Alliance, was absolutely still worth doing.
On the surface, this research is good news.
It suggests there is a low-hanging fruit in the cybersecurity space.
But it also suggests that a DNS firewall is the logical next step to improved security.
It’s not — at least not on its own.
Turning DNS data gathering inwards, towards the edge, will allow you to examine the contextual data you need to shut down malicious activity long before it attempts to smuggle data out of the network.
Compromised devices can, and often do, act locally to perform reconnaissance or hoover up data before communicating out.
These internal queries, to private DNS, are not seen at all by most external facing DNS firewalls.
Further, by having device attribution of this data, I can spot patterns that are difficult or impossible to find among a firehose of data that doesn’t have originating device attribution.
Link: https://www.helpnetsecurity.com/2019/07/22/dns-firewalls/



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Verint Systems selected as official supplier of Web Intelligence solutions to the UK police forces
Help Net Security
Verint Systems, a global provider of data mining software for Cyber Intelligence, announced it has been selected by The UK Police ICT Company as an official supplier of Web Intelligence solutions to the UK police forces, under Project IRIS.
Project IRIS represents all police forces in England and Wales as well as associated forces and agencies across the UK, including Police Scotland and the Police Service of Northern Ireland.
The total value of the IRIS procurement framework is £50 million over several years.
Link: https://www.helpnetsecurity.com/2019/07/22/verint-systems-uk-police/



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Optiv Security opens the Dallas Innovation and Fusion Center
Help Net Security
Optiv Security, a security solutions integrator delivering end-to-end cybersecurity solutions across the globe, announced the opening of its new Dallas Innovation and Fusion Center, a state-of-the-art, more than 14,000-square-foot facility located in the HALL Park complex in Frisco, Texas.
The Center brings together a diverse team of cybersecurity experts – cyber digital and risk professionals, threat and innovation experts and others – working together with clients and industry partners to develop integrated, tailored and proactive cybersecurity solutions that address the speed of business change.
Link: https://www.helpnetsecurity.com/2019/07/22/optiv-security-dallas-innovation-and-fusion-center/



https://d2bs8hqp6qvsw6.cloudfront.net/article/images/800x800/dimg/dreamstime_s_78198715.jpg Analytics new battleground for MSSPs in Asia
Kenny Yeo
Channel Asia
This lack of talent and the constant push to meet regulatory compliance is driving the adoption of managed security services (MSS) solutions.
Traditional security monitoring is no longer sufficient because of limited log collection and rule-based analysis.
This shift in enterprise focus from device management to threat management is expected to drive the MSS market from US$1.97 billion in 2017 towards US$4.34 billion in 2022, at a compound annual growth rate (CAGR) of 17.1 per cent.
Furthermore, MSSPs are investing in technologies such as anti-distributed denial of service (DDoS), advanced malware analysis and advanced endpoint protection to deliver cloud-based security services.
Link: https://sg.channelasia.tech/article/664306/



http://rentfint.com/wp-content/uploads/2017/07/77.png THREAT INTELLIGENCE MARKET PROJECTED TO REACH US$ 12.9 BILLION BY 2023
Ramona Zimmerman
Rent Fin
The Global Research report titled Threat Intelligence Market delivering key insights and providing a competitive advantage to clients through a detailed report.
The report contains 200 pages which highly exhibit on current market analysis scenario, upcoming as well as future opportunities, revenue growth, pricing and profitability.
An exclusive data offered in this report is collected by research and industry experts team.
The Threat Intelligence Market size is estimated to grow from US$ 5.3 Billion in 2018 to US$ 12.9 Billion by 2023, at a Compound Annual Growth Rate (CAGR) of 19.7%.
The report spread across 200 Pages, Profiling 25 Companies and Supported with 90 Tables and 41 Figures is now available in this research.
The SMEs segment is expected to grow at the highest CAGR, owing to the rising deployment of threat intelligence solutions by SMEs to proactively protect their digital assets.
SMEs are small in terms of their size but cater to a large number of customers globally.
Robust and comprehensive security solutions are not implemented in SMEs, due to financial constraints in these organizations.
Weak cyber security and low budget make the organizations more susceptible to advanced cyber-attacks such as ransomware, botnets, zero-day attacks, and Advanced Persistent Threats (APTs).
APAC includes emerging economies such as India, China, Australia, Hong Kong, and Japan, which are rapidly deploying threat intelligence solutions.
APAC is expected to grow at the highest CAGR during the forecast period.
The APAC threat intelligence market is gaining traction as it provides proactive security measures against the evolving cyber-attacks.
Link: http://rentfint.com/2019/07/23/threat-intelligence-market-projected-to-reach-us-12-9-billion-by-2023/



http://virtual-strategy.com/wp-content/uploads/2016/07/cropped-VSM_Sqaure_Reverse_2016-270x270.png Endace and Micro Focus Partnership Delivers New Security Insights for Threat Hunting and Investigation
Realwire
Virtual Strategy
London, UK – July 24, 2019 – Endace, specialists in high speed network recording and analytics hosting, today announced a new partnership with Micro Focus®.
Alongside the partnership announcement, Endace and Micro Focus also announced new integration between ArcSight Enterprise Security Manager and the EndaceProbe™ Analytics Platform to deliver faster, more accurate response to cybersecurity threats.
This integration dramatically reduces the time required for security analysts to respond to cybersecurity threats, at scale.
Link: http://virtual-strategy.com/2019/07/24/endace-and-micro-focus-partnership-delivers-new-security-insights-for-threat-hunting-and-investigation/



https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/icons/favicon/apple-touch-icon.png ‘SOC’ It to ‘Em: How to Overcome Security Operations Center Challenges
Ericka Chickowski
Channel Futures
According to a new study from SANS Institute, today’s SOCs are treading water when it comes to making progress on maturing their practices and improving their technical capabilities.
Experts say that may not be such a bad thing considering how quickly the threats and the tech stacks they monitor are expanding and changing.

Staffing levels. 
According to SANS, the size scales by organizational size, with organizations with between 10,000 and 15,000 employees generally running a SOC with six to 10 employees; organizations from 15,001 employees up to 100,000 putting together SOC teams of approximately 11-25 analysts; and very large enterprises with over 100,000 employees standing up SOCs with 26-100 analysts. 
SOC budgets. 
When asked about where they’d like to see more investments, 39% said they’d want to make additional investments in new/modern technology, 35% said they’d like to secure additional funding for staffing needs, and 34% would invest in automation to save time. 
Outsourcing. 
Some 43% of organizations report that they outsource certain functions of their work.
The three most popular functions for outsourcing – both in prevalence and growth over the last year – were malware analysis expertise, threat analysis and threat intel services.
This is in line with SANS outsourcing findings, which broke up categories differently but found that monitoring and detection capabilities were outsourced to some degree by 76% of respondents. 
Top tech used. 
ccording to the SANS study, security information and event management (SIEM) platforms are far and away the front-running technology for security analysts to correlate and analyze all of the data feeds they must deal with on a daily basis.
That’s followed by threat intel platforms, log management systems, and security automation and orchestration tools (SOAR). 
SOC pain points.
Time wasted spinning wheels was one of the biggest pain points identified by those surveyed in the Exabeam study. 
Other common complaints were out-of-date systems or applications, false positives, and lack of visibility. 
SOC-NOC relationships. 
Getting SOC analysts to team with network operations center (NOC) analysts is still a tall task for most organizations. 
Proving SOC value with metrics. 
SANS analysts say that if SOC managers are going to get more budget to make the investments they need to move the needle on SOC maturity, they’ve got to get better at the metrics game. 
The No. 1-used metric to track and report the SOC’s performance is the number of incidents handled.
Meantime, only a very slim number of SOCs track monetary cost per incident or losses accrued versus losses prevented.
Link: https://www.channelfutures.com/mssp-insider/soc-it-to-em-how-to-overcome-security-operations-center-challenges



https://www.businesswire.com/news/home/20190724005141/en/favicon.ico D3 Security Creates First Proactive Response Platform by Bringing Together SOAR and the MITRE ATT&CK Framework
Business Wire
VANCOUVER, British Columbia—(BUSINESS WIRE)—D3 Security, an innovator in security orchestration, automation and response (SOAR) technology, has released ATTACKBOT, a unique solution that utilizes the MITRE ATT&CK framework to identify and address the entire kill chain of complex attacks.
ATTACKBOT is a significant enhancement to existing SOAR capabilities that allows organizations to predict attacker behavior and focus remediation efforts effectively for more conclusive incident response.
ATTACKBOT streamlines the identification of incidents by allowing security teams to monitor attack progress in real time, correlate incidents with known adversary behaviors, and take appropriate action with the assistance of decision-tree-based playbooks.
ATTACKBOT delivers proactive intervention against ongoing attacks by treating every event as a link in a large chain of adversarial intent instead of solely isolated incidents.
By enabling visualizations of what the attack is and how far it has progressed, organizations are able to proactively intervene before the kill chain is complete.
Link: https://www.businesswire.com/news/home/20190724005141/en/D3-Security-Creates-Proactive-Response-Platform-Bringing

Posted on 07/30
NewsPermalink

OEM IT Security News - 28-Jul-2019

Table of Contents

  • 5 best practices to choose the right email security software
  • Proofpoint Drives People-centric Innovation with Two Industry-Firsts: Enhanced URL Isolation Based on User Risk Profiles and New Training Customization
  • Frost & Sullivan Names Luminati the 2019 Global Market Leader in the Enterprise IP Proxy Networks Market
  • WatchGuard Speeds Zero Day Malware Breach Detection from Months to Minutes
  • Bitdefender upgrades to deal with malware, privacy and child safety
  • SonicWall CEO on McAfee IPO rumours and Symantec's possible sale
  • Long-time LogRhythm CEO Grolnick out in favour of new blood
  • Check Point Introduces Record Breaking Security Gateways
  • Mimecast Is Likely To Break Out On The Upside
  • Kaspersky launches its 2020 range with traffic encryption and scanning speed improvements
  • Barracuda Increases Requirements and Benefits for Top-Tier Partners
  • NSS Labs test exposes weaknesses in NGFW products
  • CyberArk enhances its portfolio of SaaS offerings for privileged access security
  • Cisco in talks to acquire security startup Signal Sciences
  • Avnet appoints Max Chan as CIO
  • ESET unveils new version of File Security for Linux
  • ThetaRay 4.0 With IntuitiveAI Gives Banks a Powerful New Weapon Against Financial Cybercrime
  • Global Cyber Security Market Analysis 2019-2026: Market is Expected to Reach $345.42 Billion
  • Bitdefender Browser Isolation defeats attacks by monitoring memory for attack techniques
  • Greenbone Security Feed detects and protects against more than 70,000 vulnerabilities

 


https://searchsecurity.techtarget.com/apple-touch-icon-144x144-precomposed.png 5 best practices to choose the right email security software
Karen Scarfone
Tech Target - Security
Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise.
How advanced are basic security functions?
organization should look for more advanced antivirus, antispam and antiphishing technologies. 
What other security features do email security gateways offer?
For many organizations, especially larger enterprises, these additional functions are irrelevant, because the organization already has enterprise DLP and email encryption capabilities.
But for organizations without these capabilities, adding DLP and email encryption options to an email security gateway—often for an additional fee—can be a cost-effective and streamlined way to add these capabilities to the enterprise.
How usable and customizable are the management features?
Although organizations may not want to spend significant time customizing their email security gateways, doing so can improve detection capabilities, as well as enhance the management process itself by customizing administrator dashboards, gateway reports and other aspects of the gateway.
What are the typical false positive and negative rates?
Since each email security gateway uses several detection techniques in parallel with each other, it's not generally helpful to report overall false positive and negative rates for the entire gateway.
Instead, vendors provide typical rates for each threat type—spam detection, malware detection and phishing detection, among others.
Are email messages or attachments processed or stored in an external system?
Transferring email to an external server for processing or storage may be an unacceptable risk for some organizations, particularly if gateways are analyzing internal email messages.
This could cause the email security gateway vendor to access sensitive data and inadvertently or intentionally expose it to breach.
Similarly, if the vendor's server is compromised, the sensitive data could be compromised as well.
Link: https://searchsecurity.techtarget.com/feature/Five-criteria-for-selecting-an-email-security-gateway-product



https://software.einnews.com/pr_news/491352371/proofpoint-drives-people-centric-innovation-with-two-industry-firsts-enhanced-url-isolation-based-on-user-risk-profiles-and-new-training Proofpoint Drives People-centric Innovation with Two Industry-Firsts: Enhanced URL Isolation Based on User Risk Profiles and New Training Customization
Nasdaq Globe Newswire
EIN News
/EIN News/—SUNNYVALE, Calif., July 22, 2019 (GLOBE NEWSWIRE)—Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced two people-centric innovations that enhance how organizations protect their most attacked people from malicious URLs, while increasing the effectiveness of security awareness training content.
In an industry-first, Proofpoint’s newly announced adaptive security controls can dynamically isolate URL clicks in corporate email and cloud collaboration URLs based on the risk profile of the recipient, as well as the riskiness of the URL itself.
These security controls are integrated with Proofpoint’s award-winning Targeted Attack Protection (TAP) intelligence.
These people-centric innovations are featured in both Proofpoint Email Isolation, which isolates both links in corporate email and personal webmail, and Proofpoint Browser Isolation, which isolates risky browsing behavior on corporate devices for all websites.
Both products leverage Proofpoint Isolation technology, which fetches content and executes it within Proofpoint’s cloud, while allowing the user to view a safely mirrored image of the site, assuming zero trust of all content.
Each solution also enables isolated use of cloud collaboration tools such as Dropbox and Microsoft SharePoint to help dramatically lower an organization’s attack surface.
Both Proofpoint Browser Isolation and Email Isolation integrate critical Proofpoint Targeted Attack Protection intelligence to help security teams detect, mitigate, and block advanced threats that target users through email.
In addition to blocking attacks that leverage malicious attachments and URLs, TAP also detects threats and risks in cloud applications.
The Proofpoint Attack Index within TAP provides organizations with visibility into their most targeted users based on four factors: threat actor sophistication, spread and focus of attack targeting, type of attack, and overall attack volume.
Link: https://software.einnews.com/pr_news/491352371/proofpoint-drives-people-centric-innovation-with-two-industry-firsts-enhanced-url-isolation-based-on-user-risk-profiles-and-new-training?n=2&code=oFvCCJC



https://www.oaoa.com/news/business/favicon.ico Frost & Sullivan Names Luminati the 2019 Global Market Leader in the Enterprise IP Proxy Networks Market
OA Online
Luminati, the Israeli company that allows businesses to experience the web through the eyes of individual consumers throughout the world, today announced it has received a Market Leadership Award in the first independent analysis of the sector.
Luminati’s enterprise IP proxy network (IPPN) services for global retailers, brand owners and advertising networks feature strongly in the report by analyst firm Frost & Sullivan.
The report outlines a relatively new, but rapidly growing market and recognizes Luminati’s leading position in the provision of solutions that are increasingly important for businesses to remain competitive and compliant in the digital landscape. [S1]

“ The market for enterprise IP proxy network solutions is in its early growth stages, basically being invented by Luminati only a few years ago.
With the more specialized targeting of customers by demographics and location, companies are finding it more difficult than ever to do competitive analysis and verify advertising, security, and website performance.
Companies not familiar with these website practices or Internet Protocol proxy network (IPPN) solutions are at risk of gathering incorrect data and left behind technology-wise,” noted Robert Cavin, Industry Analyst, Digital Media, Frost & Sullivan.
Frost & Sullivan’s report names Luminati the 2019 global market leader in the Enterprise IP Proxy Network market, and acknowledges how the company has revolutionized the technology through its residential peer-to-peer network.
What’s more, the analysis identifies Luminati’s technical leadership and strict adherence to compliance procedures as factors that will likely cement the company’s leadership position over the coming years.
The top five use cases for enterprise IPPN by revenue (2018) are:
▪ Price comparison
▪ Ad verification
▪ Fraud protection
▪ Data collection
▪ Brand protection
Link: https://www.oaoa.com/news/business/article_8cbd1f76-f158-503e-869d-c81573fa29f2.html



https://software.einnews.com/pr_news/491429092/watchguard-speeds-zero-day-malware-breach-detection-from-months-to-minutes WatchGuard Speeds Zero Day Malware Breach Detection from Months to Minutes
Nasdaq Globe Newswire
EIN News
WatchGuard® Technologies, a global leader in network security and intelligence, secure Wi-Fi and multi-factor authentication, today announced a series of major updates to its threat correlation and response platform, ThreatSync, with latest release of Threat Detection and Response (TDR).
These enhancements include accelerated breach detection, network process correlation and AI-powered threat analysis, enabling managed service providers (MSPs) and the organizations they support to reduce breach detection and containment timeframes from months to minutes, automate the remediation of zero day malware and better defend against targeted, evasive threats both inside and outside the network perimeter.
According to the Ponemon Institute, the mean time to identification (MTTI) for a security breach is 197 days, while the mean time to containment (MTTC) is another 69 days after initial detection.
In Q1 2019 alone, zero day malware capable of escaping traditional antivirus (AV) solutions accounted for a massive 36% of threats, according to WatchGuard’s latest Internet Security Report.
With each passing day a security threat goes unnoticed, its potential to inflict both financial and reputational harm on an organization increases drastically.
Key ThreatSync features now available via TDR include: 
Host Containment and Automated Response
Accelerated Breach Detection
Network Process Correlation  
Artificial Intelligence Analysis
Link: https://software.einnews.com/pr_news/491429092/watchguard-speeds-zero-day-malware-breach-detection-from-months-to-minutes?n=2&code=1hzWYhpPFpH-t3yN&utm_source=NewsletterNews&utm_medium=email&utm_campa



https://software.einnews.com/pr_news/491429092/watchguard-speeds-zero-day-malware-breach-detection-from-months-to-minutes Bitdefender upgrades to deal with malware, privacy and child safety
Sam Varghese
IT Wire
In a statement, the company said the Bitdefender 2020 series of products introduced browser anti-tracking for both Windows and macOS.
This would list all trackers behind any website visited and would allow an user to switch off the trackers and control the information that companies and third parties could compile obtain.
A second new feature, Microphone Monitor, reinforced Bitdefender’s existing Web cam protection, blocking unauthorised access to the user’s microphone.

Also due for launch is the first real-time protection for iOS, to block phishing scams.
No matter the browser, this feature will block transmission of any personal information such as credit card details or social security numbers.
Link: https://www.itwire.com/security/bitdefender-upgrades-to-deal-with-malware,-privacy-and-child-safety.html



http://www.channelweb.co.uk/w-images/208d0ecb-b324-482c-89ce-4dea309fa121/1/billconnersonicwallceo-370x229.jpeg SonicWall CEO on McAfee IPO rumours and Symantec's possible sale
Nima Green
CRN
Conner was speaking as rumours of a Broadcom's possible takeover of Symantec continue to swirl, while McAfee is reportedly eyeing up an IPO.

CrowdStrike, meanwhile, recently exceeded analyst expectations when its valuation soared after going public.
"I think security is hot," Conner said. "There's a lot of money at play.
And look at the data: the threat landscape is getting very, very real.
On McAfee, he added: "McAfee is the latest example of change in the market: they were private, they went public, they got bought up strategically, they went private, and now they're going to IPO.
"So, IPOs now are the whole way to monetise yourself if you've got a stable business.
"The question is whether it will consummate as a true IPO, or whether they'll get bought at the last minute by private equity.
That's a financial play that's playing out, because to maximise the value they get, a lot of PEs don't want to buy right now because security is becoming a premium in the market.
Since Dell divested SonicWall by selling up to PE firms Francisco Partners and Elliott Management in 2016, Conner says it has built its partner base from zero to 18,700.
He said that as the vendor is increasingly turning its eye to the public sector and enterprise customers, some of its partners are specialising to match that focus.
Link: https://www.channelweb.co.uk/crn-uk/news/3079499/sonicwall-ceo-on-mcafee-ipo-rumours-and-symantecs-possible-sale



http://www.channelweb.co.uk/w-images/4fbcb010-20b8-4850-a86b-9a76921be0b7/3/MarkLoganCEOLogRhythm-370x229.jpg Long-time LogRhythm CEO Grolnick out in favour of new blood
Marian Mchugh
CRN
LogRhythm has appointed Mark Logan as its new CEO, replacing  Andy Grolnick.
In its announcement of the news, the security information and event management (SIEM) vendor made no mention of Grolnick or why he was leaving the 16-year-old company he has headed since 2005.

Logan (pictured) comes to LogRhythm from his role as president of data management solutions at vendor Attunity.
He has also served as CEO of WealthEngine, a data-driven consumer analytics business; and Rivermine, a business analytics company.
His appointment seems to be effective immediately as he is billed as CEO on the company's website, though Grolnick's own LinkedIn account still has him listed as chief exec.
The recent shuffle has seen Sue Buck appointed senior vice president of engineering and Barry Capoot installed as chief financial officer.
Link: https://www.channelweb.co.uk/crn-uk/news/3079562/long-time-logrhythm-ceo-grolnick-out-in-favour-of-new-blood?utm_medium=email&utm_content=&utm_campaign=CRN.SP_01.Daily_RL.EU.A.U&utm_source=CRN.DCM.Edi



https://ml.globenewswire.com/media/d4eb075d-2279-499f-82b3-b489233c7a0c/small/opk-check-point-logo-horizontal-jpg.jpg Check Point Introduces Record Breaking Security Gateways
Nasdaq Globe Newswire
EIN News
/EIN News/—SAN CARLOS, Calif., July 24, 2019 (GLOBE NEWSWIRE)—Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, today announced two new high-end appliances optimized for data center and Telco environments. 
Check Point announces three new security gateway appliance models: 16000 Base, 16000 Plus and the record breaking 26000 Turbo are extensions of Check Point’s new gateway appliance series 16000 and 26000 which were introduced in June, presenting a complete line of high-end appliances with up to 64 networking interface, 16 100 GbE (Giga-bit-Ethernet) or 40 GbE.
Powered by the Check Point Infinity architecture, the 16000 and 26000 Security Gateways incorporate Check Point’s ThreatCloud and award-winning SandBlast™ Zero-Day Protection.
These modular gateways come in base, plus and turbo models, delivering up to 30 Gbps of Gen V Threat Prevention security throughput.
Link: https://software.einnews.com/pr_news/491573805/check-point-introduces-record-breaking-security-gateways?n=2&code=oFvCCJC2r-jYysMo&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Targeted+Threa



https://static1.seekingalpha.com/assets/favicon-192x192-59bfd51c9fe6af025b2f9f96c807e46f8e2f06c5ae787b15bf1423e6c676d4db.png Mimecast Is Likely To Break Out On The Upside
Seeking Alpha
Summary
The company's platform is increasingly sophisticated and sticky, opening new revenue streams, so we expect growth to continue to be brisk.
The figures are plagued by currency headwinds but underlying growth is good and operational leverage is kicking in.
The company generates considerable cash flows and the shares are not exorbitantly valued.
Link: https://seekingalpha.com/article/4276921-mimecast-likely-break-upside



https://betanews.com/wp-content/uploads/2019/07/kaspersky-free-cloud-768x572.png Kaspersky launches its 2020 range with traffic encryption and scanning speed improvements
Chris Wiles
Beta News
Kaspersky has officially launched its 2020 edition, but only in certain territories.
Localized builds such as the English GB or German edition will follow in August (but there’s nothing stopping you installing the worldwide edition available in 'US English').
What’s new in 2020.
Expect to find 'enhanced security' (which we’d expect to find by default, to be fair) which now includes protection against the latest threats, including EternalBlue.
RATs support is now included.
This is protection against remote access tools which are used by support companies but often used by fraudsters to obtain access to your computer.
With the 2020 edition, RATs are now blocked by default and you can only choose whether to grant access by switching off the RATs module.
This could become rather confusing for a novice user who requires genuine remote access support.
If you’re a Mac user, Kaspersky for Mac 2020 now includes a dark theme (but we’re confused why the Windows version doesn’t include a dark mode), while Safe Money will check external drives once they are connected to your Mac.
Lastly, Kaspersky states the entire 2020 range sees significant performance enhancements, where users can expect to see a speed increase of 15 percent across platforms.
Mac application scanning has improved by 50 percent.
Link: https://betanews.com/2019/07/26/kaspersky-2020/



https://www.channelpronetwork.com/favicon.ico Barracuda Increases Requirements and Benefits for Top-Tier Partners
Rich Freeman
Channel Pro Network
Barracuda Networks has revamped its partner program to deliver more benefits to top-tier partners while simultaneously raising the requirements to qualify for those rewards.
The changes, which have been rolled out to Barracuda’s channel in recent days, come in response to rapid cloud computing adoption among businesses of all sizes.
Securing cloud-based systems calls for capabilities that many traditional resellers lack at present, according to Ezra Hookano, Barracuda’s vice president of channels.
Under the new tiering scheme, partners will have to clear a higher sales revenue bar to qualify for top-level status.
They will also have to earn a competency in email security, public cloud security, or data and network application security.
Partners who meet those heightened prerequisites will receive extra benefits in return.
Most top-tier partners will see margins rise 10 to 30%, predicts Hookano, who expects roughly 200 Barracuda partners to retain top-level status in the program, versus approximately 1,200 before.
The new rules and requirements do not apply to managed service providers who partner with Barracuda through its Barracuda MSP division. “Our current MSP program is working fine,” Hookano says. “MSPs are already providing the correct service levels, so that program will not change.”
Link: https://www.channelpronetwork.com/news/barracuda-increases-requirements-and-benefits-top-tier-partners



https://www.helpnetsecurity.com/wp-content/uploads/2019/07/ngfw2.jpg NSS Labs test exposes weaknesses in NGFW products
Help Net Security
NSS Labs announced the results of its 2019 NGFW Group Test.
Twelve of the industry’s NGFW products were tested to compare NGFW product capabilities across multiple use cases.
Products were assessed for security effectiveness, total cost of ownership (TCO), and performance.
Test results showed that block rates for simple clear-text attacks remain strong (over 96%) for nine out of twelve products.
However, while known/published exploits were frequently blocked, test engineers were able to bypass protection in all devices with minor modifications to known and blocked exploits.
Key takeaways
• Enterprises expect when they purchase products that they will remain viable over multiple years.
• While it is tempting to draw conclusions from one test, NSS Labs recommends enterprises favor vendors that consistently engage and improve over time.
• Scripting evasions are challenging for NGFWs since they require real-time code analysis in order to determine whether a function is legitimate or obfuscating an attack.
• Vendor claims to protect vulnerabilities (regardless of the exploit specifics) are largely dependent on the nature of the vulnerability and whether it lends itself to such protection.
Test results found all products had room for improvement when confronted with unknown variants of known exploits.
• Research indicates that over 70% of Internet traffic is encrypted using TLS/SSL.
NSS Labs recommends measuring the performance of devices both with and without TLS/SSL enabled.
Failure to do so could result in unexpected performance bottlenecks.
Link: https://www.helpnetsecurity.com/2019/07/19/nss-labs-2019-ngfw-group-test/



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico CyberArk enhances its portfolio of SaaS offerings for privileged access security
Help Net Security
CyberArk announced groundbreaking new services and enhancements to the industry’s most complete portfolio of Software-as-a-Service (SaaS) offerings for privileged access security.
CyberArk Alero is a dynamic solution for mitigating risks associated with remote vendors accessing critical systems through CyberArk.
CyberArk Alero also improves operational efficiencies and productivity by making it simple and easy for organizations to provision and manage remote vendor access. 
This new SaaS-based offering provides Zero Trust access for remote vendors connecting to the CyberArk Privileged Access Security Solution for complete visibility and control of privileged activities.
Just-in-time elevation and access with CyberArk Endpoint Privilege Manager – CyberArk Endpoint Privilege Manager is an industry leading SaaS-based solution that reduces the risk of unmanaged administrative access on Windows and Mac endpoints.
With Endpoint Privilege Manager’s new just-in-time capabilities, organizations can mitigate risk and reduce operational friction by allowing admin-level access to Windows and Mac endpoints on-demand for a specific period of time with a full audit log and the ability to revoke access as necessary.
Link: https://www.helpnetsecurity.com/2019/07/19/cyberark-saas-portfolio/



https://i.nextmedia.com.au/News/20190722110749_crn-690-Cisco-HQ.jpg Cisco in talks to acquire security startup Signal Sciences
Gina Narcisi
CRN
Five-year-old Signal Sciences is a web application security company that develops software to protect applications running in private data centres and in the cloud.
The startup has raised a total of US$61.7 million in funding over four rounds, according to Crunchbase.
In February, the company raised US$35 million in funding led by growth equity firm Lead Edge Capital with participation from previous investors including CRV, Index Ventures, Harrison Metal, and OATV.
Link: https://www.crn.com.au/news/cisco-in-talks-to-acquire-security-startup-signal-sciences-528525



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Avnet appoints Max Chan as CIO
Help Net Security
Avnet, a leading global technology solutions provider, announced the promotion of Max Chan to Chief Information Officer (CIO), reporting to MaryAnn Miller, Chief Administrative Officer.
Chan has been serving as the head of global information solutions (GIS) within Avnet since November 2018.
Link: https://www.helpnetsecurity.com/2019/07/22/avnet-cio/



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico ESET unveils new version of File Security for Linux
Help Net Security
ESET File Security for Linux is powered by the latest ESET LiveGrid technology and eliminates all types of threats, including viruses, rootkits, worms and spyware.
Version 7.0 offers a host of advanced features, including real-time file system protection, tighter security and a real-time web graphical user interface (GUI).
Additionally, ESET File Security is fully compatible with the ESET Security Management Center and allows you to manage the software through a web interface, giving you the option to schedule on-demand scans, actions and security tasks.
Link: https://www.helpnetsecurity.com/2019/07/23/eset-file-security/



https://finance.yahoo.com/favicon.ico ThetaRay 4.0 With IntuitiveAI Gives Banks a Powerful New Weapon Against Financial Cybercrime
Cision PR Newswire
Yahoo - Finance
NEW YORK, July 23, 2019 /PRNewswire/—ThetaRay, a leading provider of AI-based Big Data analytics, today announced Version 4.0 of the company's namesake advanced analytics platform.
The update includes major capability upgrades to help global banks detect and prevent financial cybercrime.
ThetaRay's IntuitiveAI solutions replicate the powerful decision-making capabilities of human intuition to detect "unknown unknowns" that cannot be identified by first-generation AI or legacy products.
Version 4.0 provides a new hybrid learning approach.
The hybrid supervised/unsupervised learning capability integrates the two learning styles and applies the most effective one based on use case.
This approach finds significantly more potential threats through a single process and delivers a holistic view of a bank's threat landscape.
The new release also provides an additional method for anomaly clustering, which is a critical enabler to accurately detect more true positives while dramatically decreasing the number of false positive alerts.
In version 4.0, customers can now cluster identified anomalies by pattern, in addition to a density-clustering approach.
This clustering method ensures that AML and fraud teams have the right approach to analyze anomalous events with the method most applicable to a particular use case.
The addition of pattern-based clustering also enhances the built-in transparency and explainability of ThetaRay's "white box" AI applications.
Link: https://finance.yahoo.com/news/thetaray-4-0-intuitiveai-gives-000000610.html



https://www.globenewswire.com/Content/Images/favicon.ico Global Cyber Security Market Analysis 2019-2026: Market is Expected to Reach $345.42 Billion
Nasdaq Globe Newswire
Dublin, July 24, 2019 (GLOBE NEWSWIRE)—The "Global Cyber Security Market Analysis 2019" report has been added to ResearchAndMarkets.com's offering.
The Global Cyber Security market is expected to reach $345.42 billion by 2026 growing at a CAGR of 12.3% during 2018 to 2026
Factors such as rise in malware and phishing threats, and growth in adoption of IoT and BYOD trend among organizations, are driving the cyber security industry growth.
However, the Limited security budget among SMEs is restraining the market.
Link: https://www.globenewswire.com/news-release/2019/07/24/1887360/0/en/Global-Cyber-Security-Market-Analysis-2019-2026-Market-is-Expected-to-Reach-345-42-Billion.html



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Bitdefender Browser Isolation defeats attacks by monitoring memory for attack techniques
Help Net Security
The security employed by Bitdefender Browser Isolation leverages unique capabilities of Citrix Hypervisor.
Only Bitdefender takes advantage of this security approach, known as Bitdefender Hypervisor Introspection, to monitor the raw memory of running Citrix Virtual Apps servers, including web browsers hosted on the servers.
The security requires no footprint in protected Virtual Apps servers to identify attack techniques used to exploit both known and unknown vulnerabilities in web browsers and their associated plugins.
Link: https://www.helpnetsecurity.com/2019/07/24/bitdefender-browser-isolation/



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Greenbone Security Feed detects and protects against more than 70,000 vulnerabilities
Help Net Security
Greenbone Networks, a leading provider of vulnerability management, announced that it now detects and protects against more than 70,000 vulnerabilities through its Greenbone Security Feed.
The daily feed now contains 70,343 vulnerabilities, up from 50,000 in 2016, and organisations can cross-reference this information against their own IT networks to check for vulnerabilities.
The Greenbone Security Feed includes details of all the latest vulnerabilities identified by security experts from around the globe and Greenbone develops targeted Network Vulnerability Tests (NVT) so customers can identify and plug any gaps in their defences.
Link: https://www.helpnetsecurity.com/2019/07/24/greenbone-security-feed/

Posted on 07/30
NewsPermalink

Thursday, December 27, 2018

Security Industry News - 27-Dec-2018

Table of Contents

  • NetSecOPEN announces cybersecurity founding members and appoints board of directors
  • Password-less security arrives on macOS with HYPR
  • Palo Alto Networks expands partnership with Google Cloud
  • Avant Signs Alert Logic for Threat Management Services
  • Channelnomics Recognizes FireEye for Innovation in Machine Learning
  • Top Seven IT Security Trends For 2019
  • RSA Conference Puts Politics, Data Protection In The Spotlight
  • Global Endpoint Security Market Report 2018 Covers Trends, Challenges, Vendors, Growth and Technology Leadership Forecast by 2023
  • Global Threat of Cyber Attacks Is Spurring the Fraud Detection and Prevention Market Growth
  • IntSights Cyber Intelligence Appoints CyberArk's Ron Zoran to Its Board of Directors
  • 3 Security Business Benefits From a 2018 Gartner Magic Quadrant SIEM Leader
  • Webroot Strengthens Leadership in Security and Data Protection with ISO 27001 Certification
  • Pulse Secure and BNT Pro sign Technical Alliance Partnership to deliver identity control
  • Our 2018 Update for “Endpoint Detection and Response Architecture and Operations Practices” Publishes
  • Fortinet FortiMail Receives Top AAA Rating in SE Labs Email Security Test
  • Venafi Launches $12.5M Machine Identity Protection Development Fund

 


https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico
NetSecOPEN announces cybersecurity founding members and appoints board of directors




Help Net Security


NetSecOPEN revealed that 11 security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members.
The organization also appointed its board of directors, who will guide NetSecOPEN toward its goal: making open network security testing standards a reality.
The NetSecOPEN standard is designed to provide metrics that can be used to compare solutions and to understand the impact on network performance of different solutions under the same conditions.
The goal is to examine the performance ramifications of a solution with all of that solution’s security features enabled, conveying the true costs of the solution.
The 11 founding member organizations are: Check Point Software Technologies, Cisco, Fortinet, Palo Alto Networks, SonicWall, Sophos, and WatchGuard; test solution and services vendors Spirent and Ixia/Keysight; and testing labs European Advanced Networking Test Center (EANTC) and the University of New Hampshire InterOperability Lab (UNH-IOL).

Link: https://www.helpnetsecurity.com/2018/12/12/netsecopen-standard/



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Password-less security arrives on macOS with HYPR
Help Net Security
HYPR released its Employee Access solution for macOS.
The addition of macOS marks a milestone in expanding enterprise-wide coverage of HYPR’s Decentralized Authentication Platform, enabling businesses to secure password-less access to corporate resources, eliminate credential reuse and stop phishing attacks while improving workforce productivity on a global scale.
With existing support for Windows 7, 8 and 10, the launch of MacOS rounds off the HYPR Employee Access offering and accelerates HYPR’s continued transformation of enterprise security.
Link: https://www.helpnetsecurity.com/2018/12/12/hypr-employee-access-solution/



https://www.networksasia.net/sites/default/themes/networksasia/bootstrap_networksasia/images/network_favicon.ico Palo Alto Networks expands partnership with Google Cloud
Eleanor Dickinson
Networks Asia
Google and Palo Alto Networks have expanded their cyber security partnership in order to scale the latter’s cloud services.
As part of the new deal, Palo Alto Networks will use the Google Cloud Platform (GCP) to run to run some cloud-delivered services.
In addition, the company will expand its Global Protect cloud service to run on GCP, which is targeted at mobile and branch office end-users.
This follows Palo Alto Networks’ recent acquisition of RedLock in a deal valued at US$173 million.
Link: https://www.networksasia.net/article/palo-alto-networks-expands-partnership-google-cloud.1544584245



https://www.channelpartnersonline.com/files/2018/10/shutterstock_671203651-300x225.jpg Avant Signs Alert Logic for Threat Management Services
James Anderson
Channel Partners
Avant announced Tuesday that its subagents can now sell Alert Logic’s products and services, which include a security platform, threat intelligence and security-operations-center experts.
Link: https://www.channelpartnersonline.com/2018/12/11/avant-signs-alert-logic-for-threat-management-services/



https://mms.businesswire.com/media/20181212005067/en/581832/23/FireEye_logo_RGB.jpg Channelnomics Recognizes FireEye for Innovation in Machine Learning
Business Wire
MILPITAS, Calif.—(BUSINESS WIRE)—FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, has been named a Channelnomics Innovation Award winner for FireEye® Endpoint Security with MalwareGuard™.
Link: https://www.businesswire.com/news/home/20181212005067/en/Channelnomics-Recognizes-FireEye-Innovation-Machine-Learning



https://cdn.facilityexecutive.com/wp-content/uploads/2016/09/apple-icon-152x152-2.png Top Seven IT Security Trends For 2019
Facility Executive
A team of security analysts from Netwrix reveal the top IT security trends that will influence businesses in 2019.
Compliance will get broader and stricter. 
Security will become more data-centric. 
Cloud adoption will accelerate. 
AI and advanced analytics will be more sought after. 
Blockchain will be used for IT security. 
IoT devices will continue to be at risk. 
Personal data breaches will have more ramifications.
Link: https://facilityexecutive.com/2018/12/top-seven-it-security-trends-2019/



https://www.silicon.co.uk/wp-content/uploads/2017/01/cropped-silicon-UK-Facebook-Profile-180x180-192x192.jpg RSA Conference Puts Politics, Data Protection In The Spotlight
Silicon [UK]
Politics and data security, two of the hot-button issues of this year, are set to feature in the keynote lineup of RSA Conference 2019 next March.
Speakers from a variety of high-powered tech and security companies are set to appear, but also figures such as Megan Smith, who served as the US’ chief technology officer from 2014 to 2017, and Donna Brazile, a veteran political strategist and former presidential advisor.
Meanwhile, the head of global privacy for LinkedIn, Kalinda Raina, and Uber chief privacy officer Ruby Zefo, are set to headline a panel discussion on the ways the tech industry is adapting to new privacy imperatives brought in by stricter data protection laws.
The conference is also set to include a panel on cryptography and another featuring experts from the SANS Institute.
Link: https://www.silicon.co.uk/workspace/rsa-conference-puts-politics-data-protection-in-the-spotlight-239667?inf_by=5a1213f9671db8f27c8b4a0f



Global Endpoint Security Market Report 2018 Covers Trends, Challenges, Vendors, Growth and Technology Leadership Forecast by 2023
Security Market Research
Industry Professionals forecast Endpoint Security market is predicted to grow at 9.88% CAGR during the period 2018-2023.
Key Developments in the Endpoint Security Market:
October 2017 – McAfee announced the integration of advanced analytics to increase the efficiency of security operation center and protect endpoints and cloud. 
December 2017 – VMware partnered with Carbon Black, to offer a new joint data center security solution that combines VMware AppDefense and CB Defense, to offer a unique solution for stopping threats concentrated on applications inside a data center. 
Key Manufacturers: Cardon Black Technology Inc., Cisco Systems,Cylance Inc.,McAfee Inc.,CrowdStrike Inc.,Trend Micro Inc.,Symantec Corporation,Palo Alto Networks Inc. ,RSA Security LLC,FireEye Inc. ,SentinelOne Inc. ,Sophos Group Plc ,IBM Corporation ,Kaspersky Lab Inc. ,Panda Security S.L,Eset LLC,Fortinet Inc. ,Bitdefender LLC,Avast Software Inc., And many more…
Link: https://securitymarketresearch.com/39632/global-endpoint-security-market-report-2018-covers-trends-challenges-vendors-growth-and-technology-leadership-forecast-by-2023/



https://www.prnewswire.com/content/dam/prnewswire/icons/favicon.png Global Threat of Cyber Attacks Is Spurring the Fraud Detection and Prevention Market Growth
Financialbuzz.Com
Cision PR Newswire
According to data compiled by Marketsand Markets research, the global fraud detection and prevention (FDP) market is projected to grow from USD 19.5 Billion in 2018 to USD 63.5 Billion 2023.
Additionally, the market is projected to register a CAGR of 26.6%.
The FDP market will be accelerated by the growth of electronic transactions and companies' increasingly losing revenue due to cyber-attacks.
Glance Technologies Inc. (OTC: GLNNF), Cisco Systems, Inc. (NASDAQ: CSCO), Oracle Corporation (NYSE: ORCL), Proofpoint, Inc. (NASDAQ: PFPT), Juniper Networks, Inc. (NYSE: JNPR) 
The retail segment is expected to witness the highest CAGR during the forecast period due to the large amount of fraudulent incidents.
Link: https://www.prnewswire.com/news-releases/global-threat-of-cyber-attacks-is-spurring-the-fraud-detection-and-prevention-market-growth-815814026.html



https://www.prnewswire.com/content/dam/prnewswire/icons/favicon.png IntSights Cyber Intelligence Appoints CyberArk's Ron Zoran to Its Board of Directors
Cision PR Newswire
IntSights Cyber Intelligence, the leading provider of surface, deep and dark web cyber threat intelligence and digital risk protection solutions, announced today the addition of Ron Zoran, chief revenue officer of CyberArk to the company's Board.
Link: https://www.prnewswire.com/news-releases/intsights-cyber-intelligence-appoints-cyberark-s-ron-zoran-to-its-board-of-directors-817164461.html



https://securityintelligence.com/wp-content/uploads/2018/12/3-security-business-benefits-from-an-innovative-siem-leader-1024x538.jpg 3 Security Business Benefits From a 2018 Gartner Magic Quadrant SIEM Leader
John Burnham
Security Intelligence, IBM
Last week Gartner published its 2018 Magic Quadrant for Security Information and Event Management (SIEM).
As in past years, the report supports the steady evolution of SIEM technology and the growing demand from customers for simple SIEM functionality with an architecture built to scale that meets both current and future use cases.
What Separates a SIEM Leader From the Rest of the Market? 
The first element, early detection via analytics — more clearly stated as efficacy in threat detection and response — remains the centerpiece of any effective SIEM solution. 
The second element of Gartner’s definition of a leader, rapid adaptation to customer environments, is becoming a core factor in how much return on investment (ROI) customers realize and how quickly they realize it.
Ad hoc content, add-on applications and flexibility in upgrading the platform are all required to mature a SIEM system in an affordable way once it’s installed. 
Also included in this element is the ability to scale the platform in terms of both network coverage and security capabilities. 
The third element of a leading SIEM is strong market presence and easy access to services.
Link: https://securityintelligence.com/3-security-business-benefits-from-a-2018-gartner-magic-quadrant-siem-leader/



http://support.sys-con.com/404/ Webroot Strengthens Leadership in Security and Data Protection with ISO 27001 Certification
PR Newswire
Sys.Con Media
BROOMFIELD, Colo., Dec. 13, 2018 /PRNewswire/—Webroot, the Smarter Cybersecurity® company, announced it received ISO 27001 certification, one of the highest internationally recognized standards for information security management systems.
This achievement highlights Webroot's ongoing commitment to providing the highest standard in security protection.
Link: http://www.sys-con.com/node/4357981



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Pulse Secure and BNT Pro sign Technical Alliance Partnership to deliver identity control
Help Net Security
Pulse Secure revealed a Technical Alliance Partnership with BNT Pro to jointly sell and support a solution that offers SecTrail, an Identity Control and Management Platform developed by BNT Pro, as part of an integrated solution with Pulse Secure Connect Secure VPN appliances.
The agreement will ensure that joint customers benefit from compatibility, enhanced features and simplified support and upgrades.
Link: https://www.helpnetsecurity.com/2018/12/14/pulse-secure-bnt-pro-technical-alliance-partnership/



https://securityboulevard.com/wp-content/uploads/2018/03/cropped-SB3x4-270x270.jpg Our 2018 Update for “Endpoint Detection and Response Architecture and Operations Practices” Publishes
Anton Chuvakin
Security Boulevard
Our main EDR document (“Endpoint Detection and Response Architecture and Operations Practices”) was just updated by Jon Amato, and it looks much better now.
The abstract states “’Increasing complexity and frequency of attacks elevate the need for detection of attacks and incident response, all at enterprise scale.
Technical professionals can use endpoint detection and response tools to speedily investigate security incidents and detect malicious activities and behaviors.”
A few of my favorite quotes are:
▪ “Extracting the full value of EDR tools demands mature security operations and IR processes.
Organizations not prepared to handle the large volume of alerts produced by EDR tools may wish to consider a managed EDR service.” [reminder: a managed EDR is a type of MDR, while not every MDR uses EDR]
▪ “EDR tools are also not malware-centric; they reflect a broader focus on all threats affecting endpoints, rather than the more narrow coverage of malware detection and prevention, as is the case for traditional anti-malware tools.” [this is obvious to many, but a useful reminder to some]
▪ “This combination of EDR and advanced anti-malware [from one vendor] is so pervasive that many Gartner clients conflate the two tools, treating EDR as synonymous with advanced machine learning-type anti-malware.
This is incorrect.
EDR and EPP (including advanced anti-malware) are still two separate pieces of technology that happen to be found very commonly in the same product and platform.”
▪ “Most EDR business cases seen by Gartner for Technical Professionals were focused on: Saving on IR costs | Detecting threats faster and better | Enabling wider and deeper endpoint visibility”
▪ “EDR users need not assume that all data coming from the compromised endpoints is wrong, only that it needs to be verified through other means (such as network monitoring) and cross-referenced by different types of information (such as verification of the list of running processes by means of direct memory read)”
Link: https://securityboulevard.com/2018/12/our-2018-update-for-endpoint-detection-and-response-architecture-and-operations-practices-publishes/



http://globenewswire.com/Attachment/LogoDisplay/424790?filename=424790.jpg&size=1 Fortinet FortiMail Receives Top AAA Rating in SE Labs Email Security Test
Nasdaq Globe Newswire
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced that its FortiMail Secure Email Gateway solution earned SE Labs’ top AAA rating in the 2018 Email Security Services (ESS) group test, while maintaining a perfect score in legitimate accuracy.
Email continues to be the primary attack vector for cybercriminals, with 92.4 percent of all malware and over 90 percent of all reported security incidents starting with phishing emails, with malicious attachments or links being sent to and opened by company employees.
Such attacks may lead to sensitive information and data getting into the hands of cybercriminals as well as costing organizations large sums of money.
Link: https://globenewswire.com/news-release/2018/12/13/1666687/0/en/Fortinet-FortiMail-Receives-Top-AAA-Rating-in-SE-Labs-Email-Security-Test.html



https://www.businesswire.com/news/home/20181213005089/en/favicon.ico Venafi Launches $12.5M Machine Identity Protection Development Fund
Business Wire
SALT LAKE CITY—(BUSINESS WIRE)—Venafi®, the inventor and leading provider of machine identity protection, today announced the launch of the Machine Identity Protection Development Fund at Machine Identity Protection Live.
The first $12.5 million tranche of the fund provides developers with direct sponsorship from Venafi to help accelerate the delivery of comprehensive protection for all machine identities.
Venafi will use the Machine Identity Protection Development Fund to sponsor a range of developers, including consultants, systems integrators, fast-moving startups, open-source developers and other cybersecurity vendors.
Funded developers will create integrations that ensure every new machine identity is automatically updated in the Venafi Platform.
Venafi also named the first three developers to receive sponsorships:
Jetstack
OpenCredo
Cygnacom
Link: https://www.businesswire.com/news/home/20181213005089/en/Venafi-Launches-12.5M-Machine-Identity-Protection-Development

Posted on 12/27
NewsPermalink

Sunday, April 22, 2018

OEM Security News - 22-Apr-2018

Table of Contents

  • Teramind Prevents Insider Threats Combining New Data Loss Prevention Features with User Behavior Analytics & Forensic Insights
  • Symantec Analytics Enables Customers to Uncover the Most Dangerous Cyber Attacks
  • 1Cisco Fights Malware, Email Intrusions with New Services
  • Cybersecurity Companies Demo Support for STIX and TAXII Standards for Automated Threat Intelligence Sharing at RSA 2018
  • Could FireEye Be a Millionaire Maker Stock?
  • Intel is offloading virus scanning to its GPUs to improve performance and battery life
  • Microsoft unveils new security tools for Internet of Things, edge devices
  • CrowdStrike Falcon X takes aim at incident response
  • Latest Release of Unisys Stealth® Security Software Extends Microsegmentation Protection for Data Centers, Clouds and Mobile Devices to Include Medical and Internet of Things Devices
  • Gemalto to protect 5G networks from cyber-attacks with Intel Software Guard Extensions
  • Mimecast Offers Cyber Resilience for Email with New Detection, Remediation and Threat Intelligence Capabilities
  • Fortinet Receives Recommended Rating in NSS Labs Latest Advanced Endpoint Protection Test Report
  • The cloud has caused 'pretty negative byproducts' - Cisco
  • 'Local option' ESET on hunt for 700 partners
  • Centrify Offers Free Security Software, Services to Election Boards
  • ZeroFOX Names Industry Thought Leader Dr. Sam Small as Chief Security Officer
  • Microsoft brings its antivirus protection to Google’s Chrome browser
  • CounterSnipe Systems releases its most powerful Version of IDS/IPS Software
  • Cisco nudges partners towards intellectual property with $100,000 prize
  • 8 Security Products That Made News at RSA Conference 2018
  • Keeper Security forms vulnerability disclosure program with Bugcrowd
  • Cybersecurity Market Advancement In Technology 2018 to 2025
  • ForeScout Stock: Chart Pointing to a Big Breakout 1
  • Microsoft Floods RSA Conference with Security Announcements
  • Cofense moves to a 100% channel sales model
  • Securonix Unveils Strategic Alliance to Combat Cyberattacks in the Cloud
  • In preparation for the GDPR, CoSoSys launches Endpoint Protector 5.1
  • Infrastructure-agnostic web app protection with virtual patching option
  • Intel announced the new Threat Detection Technology and Security Essentials
  • Grant Thornton and Anomali Partner for Threat Intelligence Solutions
  • Anomali partners with Visa to offer global payment breach intelligence
  • BluVector and SS8 Deliver the First Product Suite for Advanced Threat Detection and Network Visibility Across the Entire Kill Chain
  • Citrix Analytics Service Proactively Addresses Security Threats
  • Saviynt Announces $40 Million Series A Funding Round with Carrick Capital Partners
  • Cyber Security Specialist emt Distribution Takes on ThreatConnect Threat Intelligence Platform in Australia and New Zealand
  • BigID is this year’s most innovative startup at RSA Conference
  • RedLock Enhances Visibility, Compliance Assurance, and Threat Detection Capabilities With Microsoft Azure



https://www.sfgate.com/favicon.ico Teramind Prevents Insider Threats Combining New Data Loss Prevention Features with User Behavior Analytics & Forensic Insights
Teramind Inc. (RSA booth #5110), a provider of insider threat solutions, today announced a new approach to data loss prevention that will continue to help organizations from healthcare to banking, legal, energy and customer service teams and more address their internal cyber security and data breach vulnerabilities.
Teramind brings organizations the latest in preventional security software after another year of global data breaches.
The new software features a comprehensive platform that combines technology supporting traditional data loss prevention (DLP) software capabilities coupled with behavioral data analytics.
This unique approach brings forth the next generation of forensic insight to keep companies’ data safe. 
Teramind provides a user-centric security approach to monitor employee behavior, with software that streamlines employee data collection in order to identify suspicious activity, detect possible threats, monitor employee efficiency, and ensure industry compliance.
Teramind’s new file anti-exfiltration analysis combined with the software’s traditional DLP software capabilities and behavioral data analytics brings forth a stronger layer of protection against data breaches.
File anti-exfiltration analysis targets and tags sensitive file repositories as well as sensitive content.
Link: https://www.sfgate.com/business/press-releases/article/Teramind-Prevents-Insider-Threats-Combining-New-12836775.php



https://www.albawaba.com/favicon.ico Symantec Analytics Enables Customers to Uncover the Most Dangerous Cyber Attacks
Symantec (Nasdaq: SYMC), the world's leading cyber security company, announced today that the powerful threat detection technology used by its own world-class research teams to uncover some of the most notable cyber-attacks in history are now available to its Advanced Threat Protection (ATP) customers.
The Symantec Targeted Attack Analytics (TAA) technology enables ATP customers to leverage advanced machine learning to automate the discovery of targeted attacks – the most dangerous intrusions in corporate networks.

TAA is the result of an internal joint-effort between Symantec’s Attack Investigation Team, responsible for uncovering Stuxnet, Regin, Lazarus as well as links to SWIFT and WannaCry attacks among others, and a team of Symantec’s top security data scientists on the leading edge of machine learning research.
Unlike traditional solutions, TAA takes the process, knowledge and capabilities of the world’s leading security experts and turns it into artificial intelligence, providing companies with elite “virtual analysts,” to allow security experts to devote their limited time and resources to the most critical attacks, instead of spending time sifting through false positives.
The TAA technology implements machine learning to analyze a broad range of data, including system and network telemetry from Symantec’s global customer base which forms one of the largest threat data lakes in the world.
Symantec’s cloud-based approach to this technology also enables the frequent re-training and updating of analytics to adapt to new attack methods without the need for product updates.
This new approach provides ATP customers with automated targeted threat detection, identifying sophisticated attacks where other solutions may fail.
TAA is now available as part of Symantec’s Integrated Cyber Defense Platform for Symantec Advanced Threat Protection (ATP) customers.
Link: https://www.albawaba.com/business/pr/symantec-targeted-attack-analytics-enables-customers-uncover-most-sophisticated-and-dang



https://www.channelpartnersonline.com/favicon.ico 1Cisco Fights Malware, Email Intrusions with New Services
Lynn Haber
Cisco on Monday announced upgrades to its Advanced Malware Protection (AMP) for Endpoints, new investments in email security, and an expanded security partnership with ConnectWise.
The enhancements to AMP for Endpoints security, called Cisco Visibility, are designed to stop malware, eliminate blind spots and discover unknown threats.
The new Cisco Visibility shows the extent of a compromise that spans the endpoint, the network and the cloud.
Cisco also made new investments in two email security services: Cisco Domain Protection and Cisco Advanced Phishing Protection.
Cisco Domain Protection automates the manual process of analyzing, updating and taking action against senders misusing their domain to send malicious email.
Cisco Advanced Phishing Protection adds machine-learning capabilities to Cisco Email Security to evaluate the risk associated with inbound email by assessing its threat posture.
The Cisco cloud-based service, which provides multi-tenant management, monitoring and billing, is in pilot but expected to be generally available soon.
Building on its initial ConnectWise partnership, the networking giant announced new enhancements to ConnectWise Unite with Cisco, including several new Cisco security integrations and the ConnectWise Advanced Security Dashboard for MSPs.
The new Cisco security integrations with ConnectWise include Advanced Malware Protection for Endpoints, Adaptive Security Appliance and Next Generation Firewall.
The ConnectWise Advanced Security Dashboard for MSPs integrates with the ConnectWise Manage business management solution.
It features global policy management, security event correlation, and security reporting — or what Cisco calls the building blocks to monitor advanced managed security services around Cisco’s portfolio of Meraki MX firewalls, Umbrella, Stealthwatch Cloud, Adaptive Security Appliances, Next Generation Firewall and AMP for Endpoints.
It’s being introduced as a pilot with select partners in May.
Link: https://www.channelpartnersonline.com/2018/04/16/cisco-fights-malware-email-intrusions-with-new-services/



https://software.einnews.com/favicon.ico Cybersecurity Companies Demo Support for STIX and TAXII Standards for Automated Threat Intelligence Sharing at RSA 2018
Products from Anomali, EclecticIQ, Fujitsu, Hitachi, IBM Security, New Context, NC4, ThreatQuotient, and TruSTAR are demonstrating how STIX and TAXII are being used to prevent and defend against cyberattack by enabling threat intelligence to be analyzed and shared among trusted partners and communities.
In addition to seeing the demos, RSA attendees are learning more about how the major new version of STIX and TAXII making it much easier to automate cyber threat intelligence sharing.
Link: https://software.einnews.com/pr_news/441548758/cybersecurity-companies-demo-support-for-stix-and-taxii-standards-for-automated-threat-intelligence-sharing-at-rsa-2018?n=2&code=UK5CzDEXUdFuR8be



https://www.fool.com/favicon.ico Could FireEye Be a Millionaire Maker Stock?
Nicholas Rossolillo
Shares of cybersecurity company FireEye (NASDAQ:FEYE) have struggled since going public back in 2013.
The stock has been cut in half from its debut price in spite of the fact that its revenue has doubled several times during that same period.
It looks like a great growth story waiting to happen, but there are a few factors cautious investors should weigh first.
The cybersecurity industry is growing, but FireEye's product is viewed as more of an add-on to a company's existing threat-detection system rather than a comprehensive plan.
As a result, some of its larger peers like Palo Alto Networks (NYSE:PANW), Juniper Networks (NYSE:JNPR), and tech giant Cisco (NASDAQ:CSCO) have fared much better the last few years.
In response to its slowdown, FireEye has begun offering additional services and features to create a more well-rounded menu for its customers.
The good news is that revenue growth accelerated to 10% year over year in the last reported quarter.
Management thinks that 2018 sales will be $815 million to $825 million, at least a 10% annual increase.
That pales in comparison to growth a few years back, but it's nevertheless an improvement over the last 12 months, if those numbers transpire as forecast.
Expenses on R&D and marketing are being trimmed, too, bringing profitability a little closer.
Losses in 2017 were $1.71 per share compared with $2.94 the year prior.
Management again struck an upbeat tone for 2018 as it expects losses to continue decreasing. 
Though cybersecurity is in high demand and likely to stay that way for some time, FireEye's current growth trajectory is underwhelming and lagging behind the competition.
Link: https://www.fool.com/investing/2018/04/16/could-fireeye-be-a-millionaire-maker-stock.aspx?source=iedfolrf0000001



Intel is offloading virus scanning to its GPUs to improve performance and battery life
Tom Warren
Intel is planning to allow virus scanners to use its integrated graphics chipsets to scan for malicious attacks.
The change could see performance and battery life improve on some systems. “With Accelerated Memory Scanning, the scanning is handled by Intel’s integrated graphics processor, enabling more scanning, while reducing the impact on performance and power consumption,” explains Rick Echevarria, Intel’s platform security division VP. “Early benchmarking on Intel test systems show CPU utilization dropped from 20 percent to as little as 2 percent.”
Intel’s Threat Detection Technology will be available on 6th, 7th, and 8th generation Intel processors, allowing a variety of machines to take advantage of moving some virus scanning activity to the GPU instead of the CPU.
Virus scanners currently use the CPU to detect against memory-based attacks, but a machine takes a performance hit as a result.
Intel hopes by moving this way from the CPU that performance and power consumption will improve, as typical machines do not fully utilize onboard graphics cards most of the time.
“” 
Intel is partnering with Microsoft to support this initially, with the change coming to Windows Defender Advanced Threat Protection (ATP) this month.
Intel is also working with other antivirus vendors so others can take advantage of this silicon-level change.
Link: https://www.theverge.com/2018/4/16/17244996/intel-virus-scanning-integrated-gpus-memory



Microsoft unveils new security tools for Internet of Things, edge devices
The company introduced “Azure Sphere”, the industry’s first holistic platform to create secured, connected microcontroller unit (MCU) devices on the “intelligent edge”.
The company also unveiled several new intelligent security features for its Microsoft 365 commercial Cloud offering — designed to help IT and security professionals simplify how they manage security across their enterprises.
Link: https://www.financialexpress.com/industry/technology/microsoft-unveils-new-security-tools-for-internet-of-things-edge-devices/1135678/



CrowdStrike Falcon X takes aim at incident response
Rob Wright
At RSA Conference 2018 on Monday, the cybersecurity vendor launched CrowdStrike Falcon X, a new offering that automates threat analysis in order to quicken enterprise responses to cyberattacks.
CrowdStrike—which is appearing in several sessions at RSA Conference on new exploits, adversaries and response techniques this week—has become one of the more visible cybersecurity vendors in the industry following its investigative work on the Democratic National Committee's 2016 data breach.
Now, the company is broadening its reach with new initiatives around incident response.
With Falcon X, Alperovitch said the process takes about three minutes.
When malware is detected on an endpoint, CrowdStrike Falcon X automatically "detonates" the sample and then runs it through CrowdStrike's malware search engine to compare it against other samples. 
In addition to CrowdStrike Falcon X, the company also introduced a new product geared toward small and medium-sized businesses.
Dubbed CrowdStrike Falcon Endpoint Protection Complete, the product includes the endpoint security module of the Falcon platform, as well as dedicated security professionals to assist customers with incident response.
Link: https://searchsecurity.techtarget.com/news/252439123/CrowdStrike-Falcon-X-takes-aim-at-incident-response



https://www.pharmiweb.com/favicon.ico Latest Release of Unisys Stealth® Security Software Extends Microsegmentation Protection for Data Centers, Clouds and Mobile Devices to Include Medical and Internet of Things Devices
BLUE BELL, Pa., April 17, 2018 /PRNewswire/— Unisys Corporation (NYSE: UIS) today announced a new version of its award-winning Unisys Stealth® security software suite, including upgrades to extend protection to purpose-built Internet of Things (IoT) devices and other connected equipment such as medical monitoring machines, baggage scanners, industrial control systems and surveillance cameras.
The new release of Stealth™ microsegmentation software now protects IoT devices, isolating them from untrusted network segments within a Stealth-protected network to help prevent intrusion and remote tampering on the devices while protecting the corporate network from potential compromises initiated from unsecured devices.
By joining a Stealth-defined secure Community of Interest, high-value devices are shielded from unauthorized access, reducing the attack surface.
This new capability can be delivered as a virtual or physical gateway to protect devices where Stealth cannot be installed and with no hardware or software changes required to the purpose-built devices.
Link: https://www.pharmiweb.com/pressreleases/pressrel.asp?ROW_ID=273792



Gemalto to protect 5G networks from cyber-attacks with Intel Software Guard Extensions
Gemalto launched a platform that stops cyber-attacks from affecting cloud-based virtualised networks being planned and deployed with Intel technology.
This new initiative combines the Intel Software Guard Extensions (Intel SGX) trusted 'enclave', deployed in the company's cloud server CPUs, with Gemalto's advanced SafeNet Data Protection On Demand security software services to create a processor-level security platform for virtualised networks.
Link: https://www.telecompaper.com/news/gemalto-to-protect-5g-networks-from-cyber-attacks-with-intel-software-guard-extensions—1240500



https://software.einnews.com/favicon.ico Mimecast Offers Cyber Resilience for Email with New Detection, Remediation and Threat Intelligence Capabilities
Nasdaq Global Newswire
SAN FRANCISCO, April 17, 2018 (GLOBE NEWSWIRE)—Mimecast Limited (NASDAQ:MIME), a leading email and data security company, today announced enhancements to its Targeted Threat Protection services - Impersonation Protect, URL Protect, and Internal Email Protect – engineered to combat and remediate the evolving threat landscape.
New features include supply chain impersonation protection, similar domain detection, the integration of new automated intelligence feeds, as well as the introduction of automated threat remediation capabilities.
New research from Mimecast and Vanson Bourne revealed that organizations are not only facing a variety of different threats, but the volume and frequency of these attacks continue their upward trajectory.
In fact, 53 percent expect a negative business impact from these email-borne threats in 2018.
Impersonation attacks commonly use social engineering, and are designed to trick users such as finance managers, executive assistants, and HR representatives into making wire transfers or providing information which can be monetized by cybercriminals. 
Lookalike domains are also increasingly becoming a problem, as recently publicized in top media outlets, like KrebsonSecurity. 
New real-time data feeds have also been added to Impersonation Protect engineered to better identify newly observed and registered domains to further enhance Mimecast’s ability to detect security threats.
Additionally, using Mimecast’s global threat intelligence network, Internal Email Protect can help customers more quickly remediate security threats that originate from any email account inside or outside the organization. 
Available in June 2018
Link: https://software.einnews.com/pr_news/442535502/mimecast-offers-cyber-resilience-for-email-with-new-detection-remediation-and-threat-intelligence-capabilities?n=2&code=oFvCCJC2r-jYysMo



https://software.einnews.com/favicon.ico Fortinet Receives Recommended Rating in NSS Labs Latest Advanced Endpoint Protection Test Report
Nasdaq Global Newswire
FortiClient has received NSS Labs' coveted 'Recommended' rating since this test’s inception in 2017, this year with an overall security effectiveness rating of 97.3%. 
• Several Fortinet Fabric-Ready technology alliance partners are also among the “Recommended” vendors in this report, including Carbon Black and SentinelOne.
These solutions are among those certified compatible with FortiClient Fabric Agent to provide integration and intelligence sharing with the Security Fabric.
The broad Fortinet Fabric-Ready Partner Program ecosystem of complementary technologies enables customers to maximize their existing technology investments and get even more value from their security deployments.
AEP Test Report Highlights for FortiClient
• 100% block rate on exploits
• 100% block rate on document and script-based malware
• 100% block rate for web, 99.4% for email, and 100% for offline threats
• 97.2% detection rate for evasions
• 97.3% overall security effectiveness rating
• Zero false positives
Link: https://software.einnews.com/pr_news/442541712/fortinet-receives-recommended-rating-in-nss-labs-latest-advanced-endpoint-protection-test-report?n=2&code=oFvCCJC2r-jYysMo



The cloud has caused 'pretty negative byproducts' - Cisco
Tom Wright
Cisco has called on partners to help customers address the "negative byproducts" of moving to the cloud by adopting its multi-cloud approach.
Speaking at Cisco's Partner Connection Week in the Bahamas, Cisco VP of growth initiative Ruba Borno said that customers have been caught off guard by the challenges of moving to the cloud.

Borno told partners that currently four in five Cisco customers use more than one cloud, but need more assistance when it comes to managing these infrastructures.
But Cisco says that the cloud - and new technologies such as artificial intelligence and machine learning - require partners to position themselves differently in the market.
Wendy Bahr, senior vice president of Cisco's Global Partner Organisation, said partners should specifically be adapting to target three key areas.
"I would suggest the three biggest opportunities we have are core networking, security and multi-cloud.
When you couple in the life-cycle value and that services revenue, these are the three big tickets."
Link: https://www.channelweb.co.uk/crn-uk/news/3030393/the-cloud-isnt-as-simple-as-we-thought-it-would-be-cisco



'Local option' ESET on hunt for 700 partners
Marian Mchugh
End-point security vendor ESET says it can provide UK resellers with a "local" alternative to its competitors as it hunts for 700 new partners.
The Slovakia-based outfit has launched a partner recruitment push in this country after moving to a two-tier channel model last year.

Last year, ESET took on its first two UK distributors in the shape of Exertis and Distology.
The recruitment push and distributor appointments are part of ESET's plan to enter the competitive enterprise market, and to do that the company wants to recruit a wider range of resellers.
Link: https://www.channelweb.co.uk/crn-uk/news/3030435/local-option-eset-on-hunt-for-700-partners?utm_medium=email&utm_content=&utm_campaign=CRN.Daily_RL.EU.A.U&utm_source=CRN.DCM.Editors_Updates&utm_term=&



Centrify Offers Free Security Software, Services to Election Boards
Chris Preimesberger
Centrify, a proponent of a relatively new approach to enterprise security called Zero Trust, on April 16 at the RSA Security Conference revealed the industry’s first IT campaign to Secure the Vote for the 2018 elections.
The initiative involves the free distribution of Centrify software to election boards that includes multi-factor authentication and validation of device access for voters in their jurisdictions.


Centrify’s package is called Identity-as-a-Service and Privileged Access Management leadership Effective April 16, the company is providing its access solutions to eligible election boards at no cost for the first eight months of a 12-month (or more) SaaS subscription, representing a 66 percent discount on MSRP.
Centrify is also offering a 10 percent discount to new election board customers to take advantage of its Jump Start professional services program to ensure a smooth deployment of Centrify Zero Trust Security.
Link: http://www.eweek.com/security/centrify-offers-free-security-software-services-to-election-boards



http://www.oaoa.com/favicon.ico ZeroFOX Names Industry Thought Leader Dr. Sam Small as Chief Security Officer
BALTIMORE—(BUSINESS WIRE)—Apr 18, 2018—ZeroFOX, the social media security category leader, today announced the hiring of Dr.
Sam Small as Chief Security Officer (CSO).
In his new role, Dr.
Small will work with ZeroFOX’s rapidly-growing enterprise customer portfolio to develop, execute and maintain strategies that address the security threats intertwined with social media platforms.
This strategic hire comes on the heels of several other important company milestones, including major organizational wins such as The National Hockey League Players' Association (NHLPA).
Additionally, ZeroFOX recently hired Todd Laughman as Head of U.S.
Sales and Brian Cyr as the company’s first General Counsel earlier this year.
As one of the country’s foremost experts on intellectual property (IP), Dr.
Small will continue to invest, build upon and protect ZeroFOX’s proprietary platform and continued growth.
At ZeroFOX, Dr.
Small will drive ZeroFOX’s security vision both internally and externally for customers.
Dr.
Small will work directly with customers at the CXO level to deliver the company's services and technology as well as infusing the ZeroFOX Platform with his expertise.
Finally, Dr.
Small will help oversee all ZeroFOX’s IP and internal security operations.
Link: http://www.oaoa.com/news/us_news/article_a7995813-d26a-5b7c-b37e-f8046480190b.html



Microsoft brings its antivirus protection to Google’s Chrome browser
Tom Warren
Microsoft is releasing its Windows Defender antivirus scanner for Google Chrome this week.
The software giant has released a Chrome extension, that includes a list of malicious URLs that will be blocked in Chrome.
The extension is designed to stop malware being loaded onto PCs from malicious sites, and to prevent phishing emails from being successful.
Link: https://www.theverge.com/2018/4/18/17250906/microsoft-windows-defender-google-chrome-extension



https://www.prlog.org/favicon.ico CounterSnipe Systems releases its most powerful Version of IDS/IPS Software
CounterSnipe V11 includes a cleverly designed firewall which offers total flexibility for driving the Intrusion Prevention functionality.
The ability to easily manage and direct required data streams towards the IDS engine stands CounterSnipe way ahead of any other IPS product on the market.
Today CounterSnipe stands in a league of its own by offering such powerful software that will run in private cloud, on a physical server, in virtual environment, as a stand-alone system or as a cluster of IDS sensors.
CounterSnipe therefore makes a perfect choice for a small, medium or a multi national large enterprise.
Link: https://www.prlog.org/12703610-countersnipe-systems-releases-its-most-powerful-version-of-idsips-software.html



Cisco nudges partners towards intellectual property with $100,000 prize
Tom Wright
The vendor launched an innovation challenge at its Partner Connection Week in the Bahamas, with the partner deemed to have developed the best application on top of Cisco's platform being awarded $100,000.

Price said that bespoke software will help partners differentiate themselves beyond pricing, explaining that the traditional way of beating a competitor - undercutting another firm on a deal - doesn't provide any real benefit to any of the parties involved.
Neil Pemberton, director at Cisco partner ITGL, said that developing IP is a way for resellers to install value into their own business, rather than just relying on the products that a vendor produces.
By making its software open to developers, Pemberton said that Cisco has made it easier for partners to develop applications - something that the channel would not typically have considered in the past.
Link: https://www.channelweb.co.uk/crn-uk/news/3030589/cisco-nudges-partners-towards-intellectual-property?utm_medium=email&utm_content=&utm_campaign=CRN.SP_01.Daily_RL.EU.A.U&utm_source=CRN.DCM.Editors_Upd



8 Security Products That Made News at RSA Conference 2018
Sean Michael Kerner
At the RSA Conference, Barracuda announced PhishLine Levelized Programs, an effort to measure user resistance to phishing attacks.
Fidelis rolled out an update of its Elevate platform, adding new cyber-deception capabilities and improved detection and analysis features.
Trend Micro announced at the RSA Conference its new Writing Style DNA capability, which uses machine learning techniques to help reduce email fraud and business email compromise (BEC) attacks.
VMware announced that it is extending its AppDefense application security technology to now also include containers.
Forcepoint unveiled its new Dynamic Data Protection effort at the RSA Conference, providing what it calls a risk- based approach to automatically provide the appropriate level of enforcement.
Tripwire announced new capabilities for its Cloud Management Assessor offering at the RSA Conference.
GuardiCore unveiled new capabilities for its Centra Security Platform to help secure container deployments.
IBM announced at the conference improvements to its Resilient Incident Response Platform, including new intelligent orchestration capabilities.
2.6 Billion Data Records Compromised in 2017, Gemalto Reports
Link: http://www.eweek.com/security/8-security-products-that-made-news-at-rsa-conference-2018



Keeper Security forms vulnerability disclosure program with Bugcrowd
Rob Wright
Following its controversial lawsuit against an Ars Technica security reporter, Keeper Security has teamed with Bugcrowd on a formal vulnerability disclosure program.
Now Keeper is attempting to repair its image in the infosec community and fix the perception that it's waging a war against security researchers and reporters.
A source close to the situation said Keeper Security teamed with Bugcrowd on a formal vulnerability disclosure program in an effort to improve relationships with the security research community following the lawsuit.
The program, which has not been formally announced yet, was confirmed by Keeper Security in a Tweet Thursday evening.
It's unclear how much Keeper's Bugcrowd program will alleviate concerns in the infosec community.
Matthew Green, cryptography expert and professor at Johns Hopkins University's Information Security Institute, said the company's actions last year have turned researchers away from the vendor.
Link: https://searchsecurity.techtarget.com/news/252439690/Keeper-Security-forms-vulnerability-disclosure-program-with-Bugcrowd



https://theanalystfinancial.com/favicon.ico Cybersecurity Market Advancement In Technology 2018 to 2025
The Global Cybersecurity Market was valued at USD 122.53 billion in 2016 and is projected to reach USD 325.10 billion by 2025, growing at a CAGR of 11.45% from 2018 to 2025.
Global Cybersecurity Market by Top Manufacturers (2018-2025) : IBM Corporation, Sophos , Trend Micro , Cisco Systems , HPE, Fortinet , Check Point Software Technologies Ltd. , Juniper Networks, Inc., Symantec Corporation , Palo Alto Networks , McAfee LLC , Fireeye.
Link: https://theanalystfinancial.com/251440/cybersecurity-market-advancement-in-technology-2018-to-2025/



https://www.profitconfidential.com/favicon.ico ForeScout Stock: Chart Pointing to a Big Breakout 1
George Leong, B.Comm.
FSCT stock debuted at $22.00 in its initial public offering (IPO) in October 2017 and traded as high as $37.79 on March 12, 2018.
While the easy money may have been made, ForeScout stock could still provide some above-average returns for patient investors.
The fact that ForeScout is steadily increasing revenues, cutting its losses, and improving the FCF picture bodes well for the FSCT stock price going forward.
While a breakout for FSCT stock will drive the price toward $40.00, the actual upside target will depend on how well ForeScout performs over the next few years.
If FSCT delivers strong numbers and the stock market holds, a move to above $50.00 would be likely.
Link: https://www.profitconfidential.com/stock/forescout-stock/fsct-stock-chart-pointing-breakout/



Microsoft Floods RSA Conference with Security Announcements
Kurt Mackie
The announcements spanned Microsoft's Security Graph, Advanced Threat Protection (ATP), Information Protection and Conditional Access products, and beyond.
Here's a rundown of the news.
Developers working with Microsoft's security products got a preview of a new "Security API" for accessing the Intelligent Security Graph.
The Intelligent Security Graph is a search service that typically underlies Microsoft's various security solutions.
The Microsoft Secure Score solution reached "general availability" (GA) this week, meaning that it's deemed ready for use in production environments.
This product, which graphically scores an organization's security position, expands on the Office 365 Secure Score product that reached GA status last year.
Attack Simulator, which is part in the Office 365 Threat Intelligence service, reached GA status this week after getting previewed in February.
It's available to "all Office 365 E5 or Office Threat Intelligence customers," according to a Tuesday Microsoft announcement.
Windows Defender ATP rolled out a couple of years ago and was initially billed as a post-breach security analysis tool, using integrated Hexadite technology.
Later, Microsoft indicated that the service would get autoremediation capabilities.
This week, Microsoft explained in an announcement that Windows Defender ATP now has added automation capabilities that let the service expand investigations and fix security issues across an organization:
New passwordless sign-in support, using FIDO2, will be coming to the spring Windows 10 release, Microsoft also announced this week.
Microsoft had much more RSA security news.
It announced that Microsoft Cloud App Security has an improved "ransomware and terminated-user activity." The ransomware detection capability can now detect anomalies and more sophisticated attacks.
For terminated employees, Microsoft is previewing the ability to detect when they continue to use SaaS apps.
Another preview is the ability to set granular controls for actions to take when end users have "come from a risky session."
Link: https://rcpmag.com/articles/2018/04/20/microsoft-rsa-security-announcements.aspx



Cofense moves to a 100% channel sales model
Clare Hopping
Cofense has re-launched its reseller channel programme as part of its shift to become a 100% channel sales company.
The firm explained it wants to move towards an all-channel model in order to deepen its relationships with distributors, resellers, and value-added resellers around the globe and streamline the process for customers to obtain enhanced security products and services. 
Cofense already has 300 partners distributing its products worldwide, forming the basis for the next step of its business growth.
Offering a more attractive offering to partners will no doubt attract more businesses to its roster.
Link: http://www.channelpro.co.uk/news/10820/cofense-moves-to-a-100-channel-sales-model



https://globenewswire.com/favicon.ico Securonix Unveils Strategic Alliance to Combat Cyberattacks in the Cloud
ADDISON, Texas, April 18, 2018 (GLOBE NEWSWIRE)—Securonix, the industry leader in big data security analytics and user entity behavior analytics (UEBA), announced the launch of a strategic alliance with top cloud security vendors to protect against cyber & insider attacks.
Customers of Securonix Cloud benefit from rapid deployment and comprehensive coverage across modern cloud applications:
• Frictionless deployment, agility, and reduction in infrastructure management costs
• Complete data security with a SOC2 Type 2 certified environment
• Bi-directional cloud-to-cloud integrations with a strong partner eco-system
• Detection, investigation, and response to threats across all modern cloud platforms
Securonix’s cloud integration strategy is further enabled through the Fusion Partner Program.
The Fusion Partner Program is an ecosystem of over 25 technology partners, including several strategic cloud partners, who have fully integrated their solution with Securonix.
Partners include Netskope, Anomali, CrowdStrike, Demisto, Okta, Qualys, and ServiceNow.
Link: https://globenewswire.com/news-release/2018/04/18/1480815/0/en/Securonix-Unveils-Strategic-Alliance-to-Combat-Cyberattacks-in-the-Cloud.html



https://www.helpnetsecurity.com/favicon.ico In preparation for the GDPR, CoSoSys launches Endpoint Protector 5.1
CoSoSys announced the latest update of its award-winning flagship Data Loss Prevention product, Endpoint Protector 5.1, which brings added functionalities to key features and a boost for GDPR compliance.
Endpoint Protector 5.1 thus has an extended list of predefined PIIs to cover additional EU countries.
Through them, companies can easily track and control data across a larger spectrum.
Optical Character Recognition (OCR) has been added so sensitive data can be searched for in images as well.
eDiscovery scans, which search data at rest for sensitive information stored on endpoints network-wide and then allow for remediation actions, can now be scheduled to run automatically for a single, one-time scan or for re-occurring scans, on a weekly or monthly basis.
New features include time-based and network-based access rights for computers.
While the first allow admins to choose working days and hours and set different access rights according to them, the second defines a company’s network through its DNS and ID and grants access rights depending on whether a computer is on them or not.
Link: https://www.helpnetsecurity.com/2018/04/18/gdpr-endpoint-protector/



https://www.helpnetsecurity.com/favicon.ico Infrastructure-agnostic web app protection with virtual patching option
Signal Sciences announced the latest innovations for its Web Protection Platform.
Its patented architecture provides security, operations and development teams with the visibility, security and scalability needed to protect against the full spectrum of threats their web applications now face, from OWASP Top 10 to account takeovers, API misuse and bots.
The software can be deployed as a next-gen web application firewall (WAF), reverse proxy for comprehensive application coverage, or for runtime application self-protection (RASP).
Link: https://www.helpnetsecurity.com/2018/04/18/infrastructure-agnostic-web-app-protection/



https://securityaffairs.co/favicon.ico Intel announced the new Threat Detection Technology and Security Essentials
Pierluigi Paganini
Intel continues to innovate its products, the tech giant announced two new technologies, the Threat Detection Technology (TDT) and Security Essentials.
The Threat Detection Technology leverages the silicon-level telemetry and functionality to allow security products detect sophisticated threats.
The new Intel Threat Detection Technology (TDT) includes two main capabilities, the Accelerated Memory Scanning and Advanced Platform Telemetry.
Microsoft will integrate the Accelerated Memory Scanning feature into Windows Defender Advanced Threat Protection (ATP) within a couple of weeks.
Link: https://securityaffairs.co/wordpress/71481/security/intel-threat-detection-technology.html



Grant Thornton and Anomali Partner for Threat Intelligence Solutions
Through this alliance, Grant Thornton can provide its clients a suite of threat-intelligence capabilities – providing earlier detection of attacks from adversaries, helping security teams better prepare for intrusions and share threat assessments with key partners.
In addition, Grant Thornton’s team of cyber-risk professionals will counsel organizations on solution design and engineering, program development and use-case integration when implementing Anomali solutions.
Link: http://www.cpapracticeadvisor.com/news/12408370/grant-thornton-and-anomali-partner-for-threat-intelligence-solutions



https://www.helpnetsecurity.com/favicon.ico Anomali partners with Visa to offer global payment breach intelligence
Threat management and collaboration solutions provider Anomali announced a partnership with Visa to provide cyber security teams with intelligence on indicators of compromise (IoCs) drawn from Visa Threat Intelligence, to better detect and manage breaches involving payment information in retail, hospitality, restaurant and other sectors.
Delivered to the Anomali platform through an API from the Visa Developer Platform, Visa Threat Intelligence enables merchants to collaborate within and across sectors to proactively mitigate threats and work to secure critical access points to protect payment card and personally identifiable information.
Link: https://www.helpnetsecurity.com/2018/04/18/anomali-payment-breach-intelligence/



https://pilotonline.com/favicon.ico BluVector and SS8 Deliver the First Product Suite for Advanced Threat Detection and Network Visibility Across the Entire Kill Chain
SAN FRANCISCO—(BUSINESS WIRE)—Apr 18, 2018—RSA CONFERENCE USA – Hunting sophisticated threats is a daunting task requiring a dizzying array of data, tools, and talent.
Companies of all sizes need a simpler, more efficient approach to sensing and responding to those threats originating inside or outside the network.
To address this need, BluVector and SS8 Networks today announced a partnership that delivers a new solution called BluVector® IRIS™, the only suite on the market that offers this visibility across the entire kill chain.
Organizations can now quickly identify and replay anomalous network behaviors that represent movement by infected hosts or malicious insiders seeking to exfiltrate proprietary data.
An add-on to BluVector® Cortex™, BluVector IRIS provides an unprecedented ability to construct a 360 degree view of the entire cyber threat kill chain, enabling organizations to detect, analyze and contain any threats originating from outside or inside the network.
The combined platform examines more than 4,000 network protocols for potential malicious events and performs machine learning, network-based forensic detection, speculative code execution, and behavioral analysis on all communications.
Link: https://pilotonline.com/business/ports-rail/article_6a797b91-6370-54fb-8eb4-16f42520ced7.html



http://markets.businessinsider.com/favicon.ico Citrix Analytics Service Proactively Addresses Security Threats
New Citrix Analytics Service will provide visibility into company-wide user and entity behavior, system security, performance and operations, and simplify IT infrastructure.
Using machine learning and artificial intelligence to detect anomalous behavior and potential threats, Citrix is now able to deliver actionable intelligence from the information gathered via our cloud services and on premises products to help customers proactively identify and manage internal and external threats.
Citrix Analytics uniquely enables customers to adopt a risk-based security model, allowing them to dynamically balance the needs of users to have rapid access to data with IT’s need to secure and govern the environment.
This new service securely aggregates and correlates user interaction with applications, devices, networks and data across our suite of products and cloud services to help detect and prevent malicious activity and data exfiltration.
With an end-to-end view of the location of and access to data, Citrix Analytics also allows organizations to monitor and manage data movement across endpoints, datacenter, mobile, hybrid and multi-clouds.
This visibility into data logging and access requests helps our customers understand data flows to meet their security and oversight obligations under several security standards and regulations, including HIPAA, Sarbanes-Oxley (SOX), and GDPR.
Link: http://markets.businessinsider.com/news/stocks/citrix-analytics-service-proactively-addresses-security-threats-1021441506



http://www.citizentribune.com/favicon.ico Saviynt Announces $40 Million Series A Funding Round with Carrick Capital Partners
SAN FRANCISCO—(BUSINESS WIRE)—Apr 18, 2018—Saviynt, a leading global provider of Identity Governance and Administration (IGA) solutions, announced today that Carrick Capital Partners ("Carrick"), an investment firm with a focus on technology-enabled businesses, including enterprise software, has committed $40 million to its Series A financing round.
The announcement was made from RSA Conference 2018 taking place April 16 th to 20 th in San Francisco.
Saviynt delivers next-generation IGA solutions for organizations to secure their most critical assets, manage data privacy and risk, meet continuous compliance needs and securely adopt new technologies with confidence.
Saviynt’s unique approach provides Identity Governance, Cloud Security and Application GRC capabilities as an integrated platform delivered as an efficient cloud-based service.
With some of the largest global corporations now relying on Saviynt’s solution to ensure the security of their company’s applications, data, and infrastructure, Saviynt is poised for a new chapter of exponential growth.
An Identity Governance solution is fundamental to organizations’ cyber security strategy, with more enterprises opting for a cloud-based delivery model than on-premise solutions.
According to Gartner “By 2021, IGA as a service becomes the dominant delivery model for new deployments, where 40% of new buyers will opt for cloud-architected IGA and 15% for cloud-hosted IGA software, up from 5% and less than 5%, respectively, in 2018.”
Link: http://www.citizentribune.com/news/business/saviynt-announces-million-series-a-funding-round-with-carrick-capital/article_128828ca-674b-5d89-af8d-95cefa4437b8.html



Cyber Security Specialist emt Distribution Takes on ThreatConnect Threat Intelligence Platform in Australia and New Zealand
Adelaide, Australia – 18 April 2018: Cyber security software specialist, emt Distribution today announced it has been appointed as Australian and New Zealand distributor for Arlington, Virginia-based security firm, ThreatConnect.
Link: https://www.cso.com.au/mediareleases/31409/cyber-security-specialist-emt-distribution-takes/



https://www.helpnetsecurity.com/favicon.ico BigID is this year’s most innovative startup at RSA Conference
Based in New York and Tel Aviv, BigID uses advanced machine learning and identity intelligence to help enterprises better protect their customer and employee data at petabyte scale.
Using BigID, enterprises can better safeguard and assure the privacy of their most sensitive data, reducing breach risk and enabling compliance with emerging data protection regulations like the EU GDPR.
Using data supplied by Crunchbase, RSAC calculates that in the past five years alone, the contest’s top 10 finalists have collectively seen 15 acquisitions and have received more than $1.25 billion in investments.
Past winners include successful security veterans Phantom, Waratek, Red Owl Analytics and UnifyID.
Link: https://www.helpnetsecurity.com/2018/04/17/bigid-is-this-years-most-innovative-startup-at-rsa-conference/



https://www.businesswire.com/favicon.ico RedLock Enhances Visibility, Compliance Assurance, and Threat Detection Capabilities With Microsoft Azure
SAN FRANCISCO—(BUSINESS WIRE)—RSA Conference – RedLock, an industry leader in Cloud Threat Defense, today announced enhanced capabilities to help Microsoft Azure customers identify security and compliance risks in their cloud environments.
RedLock’s recent integration with Azure Network Watcher provides a richer understanding of network traffic patterns and is another valuable data source for the RedLock Cloud 360™ platform.
Azure Network Watcher is a network monitoring and diagnostic service that collects Network Security Group (NSG) Flow Logs.
The integration enables customers to monitor virtual machines, network security and security group views, as well as topologically visualize their network traffic in their Azure environment to detect advanced threats such as cryptojacking, lateral movement, and data exfiltration.
RedLock serves the needs of enterprises seeking to ensure compliance, govern security, and enable security operations across Azure environments.
Link: https://www.businesswire.com/news/home/20180417005504/en/RedLock-Enhances-Visibility-Compliance-Assurance-Threat-Detection

Posted on 04/22
NewsPermalink

Friday, December 09, 2016

IT Security Industry News - 2016/12/08

Table of Contents

     
  • Onapsis Joins IBM Security App Exchange Community
  •  
  •  
  • Above Security and Hitachi Data Systems launch information security service offering across North America to fight cybercrime
  •  
  •  
  • 5nine Software Simplifies Hyper-V Network Configuration Best Practices with New Version of Manager
  •  
  •  
  • Tyco Security Launches Shooter Detection System Integration
  •  
  •  
  • Big Data and Data Analytics in Homeland Security and Public Safety is Forecast to Reach $11B in 2022, according to a New Research Report from Homeland Security Research Corp.
  •  
  •  
  • OT and Australian Fintech Start-up Inamo Have Partnered to Introduce Inamo’s Wearable Devices and Platform into the Australian Market
  •  
  •  
  • OpenVPN will be audited for security flaws
  •  
  •  
  • AWS tries to protect its customers from DDoS attacks with new service
  •  
  •  
  • Chinese giant Tianjin Tianhai closes $6bn Ingram Micro buyout
  •  
  •  
  • Google and Slack deepen partnership in the face of Microsoft Teams
  •  
  •  
  • 4 top disaster recovery packages compared
  •  
  •  
  • Amazon’s Giant Data Transfer Trucks Are an IT Auditor’s Worst Nightmare
  •  
  •  
  • Lisa Ropple joins Jones Day’s Boston Office
  •  
  •  
  • Frost & Sullivan Acclaims FireEye’s Dominance of the Global Advanced Malware Sandbox Market
  •  
  •  
  • OwlDetect scans the Dark Web for stolen data
  •  
  •  
  • Cloud Security Market to Cross $10 Billion by 2021: TechSci Research Report
  •  
  •  
  • Cisco Talos: Zeus spawn “Floki bot” malware gaining use, cyber-underworld notoriety
  •  
  •  
  • Cisco Signs on with Privacy Shield
  •  
  •  
  • Cisco whacks its Secure Access Control System
  •  
  •  
  • Symmetry and Sage Solutions Consulting to Bring World Class Security and Compliance for Mission Critical SAP Environments
  •  
  •  
  • LookingGlass Announces New Program for Managed Security Services Providers (MSSPs)
  •  
  •  
  • Kenna Security Closes $15 Million Series B Funding
  •  
  •  
  • Threat intelligence feeds are, at best, uneven in quality, says Microsoft
  •  
  •  
  • SANS Announces Winners of the 2016 Difference Makers Award
  •  
  •  
  • Cisco ACI Partner Ecosystem Packs a Punch – 65 Partners and Growing
  •  
  •  
  • Network Security Market: Global Industry Analysis and Forecast 2016 - 2026

http://www.marketwatch.com/favicon.ico Onapsis Joins IBM Security App Exchange Community
BOSTON, Dec 07, 2016 (BUSINESS WIRE)—Onapsis, a global expert in business-critical application security, today announced that the Onapsis Security Platform integrates with IBM security intelligence technology to provide customers with improved visibility into their network security.
Utilizing QRadar to consolidate different sources of network security, this integration with the Onapsis Security Platform (OSP) will extend the existing visibility of QRadar, as well as security process and workflows to include results from OSP.
Leveraging QRadar’s new open application programming interfaces (API), the Onapsis Security Platform allows Onapsis and IBM customers to have extended coverage for real-time monitoring and reporting of advanced tacks targeting SAP business systems.
Link: http://www.marketwatch.com/story/onapsis-joins-ibm-security-app-exchange-community-2016-12-07

http://www.channelpronetwork.com/favicon.ico Above Security and Hitachi Data Systems launch information security service offering across North America to fight cybercrime
Montreal, QC and Santa Clara, CA – December 6, 2016 – Above Security – A Hitachi Group Company and global IT security service provider, and Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., today announced their partnership to deliver information security consulting services in North America.
The joint service is structured around a unified governance, risk and compliance (GRC) framework that reflects a human approach.
Based on their combined security service capabilities, Above Security and Hitachi Data Systems tackle security issues through deeply collaborative partnerships with their customers, rather than quick-fix technology solutions that can overwhelm and confuse corporate IT teams.
Security experts from Above Security and Hitachi Data Systems work with companies to learn how they operate and how much risk they can tolerate.
Using industry-leading control frameworks such as ISO and NIST, the team then assesses control maturity and gaps.
Based on the results, Above Security and Hitachi Data Systems provide services to defend against cybercrime and data theft, including security program reviews and designs, IT security governance consulting, risk and control assessments, PCI compliance consulting, vulnerability and application assessments and penetration testing.
Link: http://www.channelpronetwork.com/news/above-security-and-hitachi-data-systems-launch-information-security-service-offering-across

http://www.sfgate.com/favicon.ico 5nine Software Simplifies Hyper-V Network Configuration Best Practices with New Version of Manager
5nine Software, a Microsoft Gold Partner and the leading provider of Hyper-V security and management solutions, today released 5nine Manager v9.3.
5nine Manager is a centralized, GUI-based management and monitoring solution for Microsoft Hyper-V, including Server Core and Nano Server.
Its easy-to-use interface, powerful feature set and lightweight implementation simplify the process of managing and configuring virtualized environments.
The latest version of 5nine Manager introduces the ability to create and manage Hyper-V Converged Fabric from its easy-to-use console, enabling administrators without PowerShell expertise to take advantage of this functionality.
Now administrators can create virtual network interface cards (vNICs), with the ability to configure bandwidth minimums, maximums and weights for Converged Fabric.
They can also see a list of the host’s physical adapters and their status.
Link: http://www.sfgate.com/business/press-releases/article/5nine-Software-Simplifies-Hyper-V-Network-10779844.php

Tyco Security Launches Shooter Detection System Integration
WESTFORD, Mass. — Tyco Security Products announced that Software House C•CURE 9000 now integrates with Guardian Indoor Active Shooter Detection System by Shooter Detection Systems.
The Guardian Indoor Active Shooter Detection System combines an acoustic gunshot identification software with infrared camera gunfire flash detection.
Link: http://www.securitysales.com/article/tyco_security_launches_shooter_detection_system_integration

http://www.einpresswire.com/favicon.ico Big Data and Data Analytics in Homeland Security and Public Safety is Forecast to Reach $11B in 2022, according to a New Research Report from Homeland Security Research Corp.
The use of Big Data and Data Analytics by Homeland Security and Public Safety organizations is on the rise, mostly because the world is becoming more digital and connected.
This trend is creating new opportunities, not only for data collection and storage, but also for intelligence processing, exploitation, dissemination, and analysis.
Big Data and Data Analytics technologies can increase the investigative capabilities of Homeland Security and Public Safety organizations in many relevant aspects, including: war on crime & terror, defense from cyber-attacks, public safety, disaster and mass incident management, and development of predictive capabilities.
Link: http://www.einpresswire.com/article/357065809/big-data-and-data-analytics-in-homeland-security-and-public-safety-is-forecast-to-reach-11b-in-2022-according-to-a-new-research-report-from-homeland

http://www.marketwatch.com/favicon.ico OT and Australian Fintech Start-up Inamo Have Partnered to Introduce Inamo’s Wearable Devices and Platform into the Australian Market
COLOMBES, France, Dec 08, 2016 (BUSINESS WIRE)—OT (Oberthur Technologies), a leading global provider of embedded security software products, services and solutions, has today signed an agreement to provide its digital payment enablement technology to Inamo’s wearable solutions, starting with the CURL which is being launched in Australia today.
The CURL is a multi-functional wearable that will initially enable consumers to make payments by simply tapping their device to any point of sale terminal where Visa payWave is accepted.
The action would be the same as with a credit or debit card.
What makes this different from smart phones, smart watches and other wearables is that the CURL is rugged, waterproof and will not need any power to facilitate payment.
So there would be no fears of bringing it for water sports or of low battery conditions preventing payment when it is most needed.
In addition to contactless payments, over the next 18 months the CURL will also be available to use for payment on public transport, building access, ticketing for festivals, and gym membership.
In effect this can combine the functions of multiple products into one multi-purpose wearable device and continues the trend of device / technology convergence.
Under the terms of the agreement, Inamo will provide a full consumer solution which will leverage its own platform and OT’s next generation digital payment enablement solution.
The CURL will be sold for $19.99, plus an account keeping fee of $5 per month.
An initial, limited allotment of the product will be available in January; pre-orders can be made via Inamo’s website at http://www.inamo.com.
Link: http://www.marketwatch.com/story/ot-and-australian-fintech-start-up-inamo-have-partnered-to-introduce-inamos-wearable-devices-and-platform-into-the-australian-market-2016-12-08

OpenVPN will be audited for security flaws
Lucian Constantin
The next major version of OpenVPN, one of the most widely used virtual private networking technologies, will be audited by a well-known cryptography expert.
The audit will be fully funded by Private Internet Access (PIA), a popular VPN service provider that uses OpenVPN for its business.
The company has contracted cryptography engineering expert Matthew Green, a professor at Johns Hopkins University in Baltimore, to carry out the evaluation with the goal of identifying any vulnerabilities in the code.
The audit will be fully funded by Private Internet Access (PIA), a popular VPN service provider that uses OpenVPN for its business.
The company has contracted cryptography engineering expert Matthew Green, a professor at Johns Hopkins University in Baltimore, to carry out the evaluation with the goal of identifying any vulnerabilities in the code.
Link: http://www.itnews.com/article/3148316/security/openvpn-will-be-audited-for-security-flaws.html?idg_eid=98c39854eed91988bc1642a456a668a1&token=%23tk.ITN_nlt_ITnews_Daily_2016-12-08&utm_source=Sailthru&

http://www.computerworld.com/favicon.ico AWS tries to protect its customers from DDoS attacks with new service
Blair Hanley Frank
Amazon Web Services is trying to help protect its customers with a new service aimed at mitigating DDoS impacts.
It’s called Shield, and the free entry-level tier is enabled by default for all web applications running on AWS, starting on Wednesday.
Werner Vogels, the CTO of Amazon.com, unveiled the service at AWS’ re:Invent conference in Las Vegas.
Automatically protecting its customers may help encourage businesses to pick Amazon’s cloud over others, or persuade businesses to migrate their web applications to the cloud.
It’s also a strike against companies like Cloudflare and Akamai, which offer DDoS mitigation services.
Shield Standard is aimed at protecting web apps from the overwhelming majority of common DDoS attacks at no extra cost. (Vogels also said that it would block volumetric attacks like NTP reflection attacks, and many state exhaustion attacks.)
Link: http://www.computerworld.com/article/3145661/cloud-computing/aws-tries-to-protect-its-customers-from-ddos-attacks-with-new-service.html?idg_eid=d5d8326c323742a4ed7bf4fd3dac54c4&token=%23tk.CTWNLE_nlt_

Chinese giant Tianjin Tianhai closes $6bn Ingram Micro buyout
DH Kass
Ingram Micro has completed its $6bn sale to HNA’s Tianjin Tianhai, the companies announced today.
The deal, which amounts to $38.90 per share in an all-cash transaction, produced an executive shuffle and the disbanding of Ingram’s board in favor of an entirely new board, comprised of a mixture of the distributor’s and HNA’s top execs and two independent directors.
According to an 8-K filing, Ingram Micro CFO William Humes, along with general counsel Larry Boyd will exit the distributor on 16 December, following the earlier departure of Paul Read, Ingram Micro’s former president and COO.
Both Humes and Boyd will serve as new board members.
The Ingram execs will be joined on the board by HNA vice chairman and CEO Adam Tan, who will serve as board chair, Alain Monié, Ingram CEO, Bharat Bhise, president and CEO of Bravia Capital, Dale Laurance, former chairman of Ingram’s board, and Jim McGovern, former under secretary and acting secretary of the US Air Force.
Link: http://www.channelnomics.eu/channelnomics-eu/news/3000807/chinese-giant-tianjin-tianhai-closes-usd6bn-ingram-micro-buyout?utm_medium=email&utm_campaign=CRN.Daily_RL.EU.A.U&utm_source=CRN.DCM.Editors_U

http://www.computerworld.com/favicon.ico Google and Slack deepen partnership in the face of Microsoft Teams
Blair Hanley Frank
Wednesday saw the announcement of several new features aimed at making G Suite, Google’s set of productivity software and services, more useful to people who use Slack.
The functionality resulting from the partnership will make it easier to share and work on files stored in Google Drive using Slack.
In a thoroughly modern turn, Google is building a Drive Bot, which will inform users about changes to a file, and let them approve, reject and settle comments in Slack, rather than opening Google Docs.
It goes along with Slack’s continuing embrace of bots as a key part of the chat service’s vision of productivity.
Link: http://www.computerworld.com/article/3147881/enterprise-applications/google-and-slack-deepen-partnership-in-the-face-of-microsoft-teams.html?idg_eid=d5d8326c323742a4ed7bf4fd3dac54c4&token=%23tk.CTWNLE

http://www.computerworld.com/favicon.ico 4 top disaster recovery packages compared
Four of the top disaster-recovery (DR) software suites are Veeam Backup, Altaro VM Backup, Zerto Virtual Replication and VMware’s Site Recovery Manager (SRM), according to reviews written by users in the IT Central Station community.
There’s arguably no more important IT task than making sure business systems and data can be restored after a disaster.
So we asked system administrators to identify the best features—and what’s missing—in four leading software suites for disaster recovery.
Link: http://www.computerworld.com/article/3147340/disaster-recovery/4-top-disaster-recovery-packages-compared.html?idg_eid=d5d8326c323742a4ed7bf4fd3dac54c4&token=%23tk.CTWNLE_nlt_computerworld_dailynews_20

http://goingconcern.com/favicon.ico Amazon’s Giant Data Transfer Trucks Are an IT Auditor’s Worst Nightmare
Megan Lewczyk
What about when you run out of digital storage space.
Or, on a larger scale, your company decides to ditch the cost and maintenance required for their in-house data center.
Same logic.
Once again, rent a truck and move the crap you can’t bear to (or legally can’t) part with off-site.
I don’t know why the “rent a truck” concept seems so revolutionary.
Maybe it’s the melodramatic music and flashing lights?
As with any precious cargo out for a spin, you worry about its safety.
The suggested internal controls for data transfer still apply.
To refresh your memory, ISACA Journal describes the key control objectives for data transfer:
Security of data being transferred is a critical component of the risk associated with data transfers.
The primary objective here is to ensure that the data intended to be extracted from the originating system are exactly the same data as that recorded/ downloaded in the recipient system, i.e., that the data were protected and secured throughout the transfer process.
The secondary objective is to prevent unauthorized access to the data via interception, malicious activities and other means.
So, what does happen if the truck is commandeered.
It’s still vulnerable even if it isn’t exposed to a network during transport.
A data breach would be a gigantic headache for not only the company with the now compromised data but Amazon too.
Better safe, than sorry.
Snowmobile uses multiple layers of security designed to protect your data including dedicated security personnel, GPS tracking, alarm monitoring, 24/7 video surveillance, and an optional escort security vehicle while in transit.
All data is encrypted with 256-bit encryption keys managed through the AWS Key Management Service (KMS) and designed to ensure both security and full chain-of-custody of your data.
Let’s just hope everything goes according to plan and businesses dodge any run-ins with data theft or cyber extortion.
Link: http://goingconcern.com/post/amazons-giant-data-transfer-trucks-are-it-auditors-worst-nightmare

Lisa Ropple joins Jones Day’s Boston Office
The global law firm Jones Day has announced that Lisa M.
Ropple has joined the Firm’s Boston Office as a partner in its Cybersecurity, Privacy & Data Protection and Government Regulation practices.
At Jones Day, Ms.
Ropple will continue to assist client companies in investigating and responding to data security incidents and addressing the wide range of legal challenges they can present.
Link: http://www.metrocorpcounsel.com/news/34458/lisa-ropple-joins-jones-days-boston-office

Frost & Sullivan Acclaims FireEye’s Dominance of the Global Advanced Malware Sandbox Market
MOUNTAIN VIEW, Calif., Dec. 7, 2016 /PRNewswire/—Based on its recent analysis of the advanced malware sandbox market, Frost & Sullivan recognizes FireEye with its 2016 Global Market Leadership Award.
As a pioneer of the advanced malware sandbox as a critical enterprise security solution, FireEye leveraged its first-mover advantage to claim 56% of global revenue in 2015, propelling the company’s revenue to $623.0 million for 2015, which is a year-on-year increase of 46%.
Its market dominance is largely due to the quality of its Threat Management Platform, which is a complete portfolio of advanced threat protection products.
Link: http://www.prnewswire.com/news-releases/frost—sullivan-acclaims-fireeyes-dominance-of-the-global-advanced-malware-sandbox-market-300374111.html

https://www.finextra.com/favicon.ico OwlDetect scans the Dark Web for stolen data
OwlDetect gives you the power to scan the ‘Dark Web’ - the anonymous collection of encrypted websites most commonly used for illegal trading - for almost any piece of personal data that might have been leaked or stolen during a cyber-attack.
This includes email addresses, debit or credit cards, bank details and even passport numbers.
Available as a subscription service, OwlDetect costs just £3.50 per month.
First-time users will be provided with a backdated check for their information, followed by ongoing alerts if any of their personal details are found to be compromised online.
The service will also offer vital advice on the steps users should take to resolve any issues found, and how to be better protected in future.
Link: https://www.finextra.com/pressarticle/67355/owldetect-scans-the-dark-web-for-stolen-data

Cloud Security Market to Cross $10 Billion by 2021: TechSci Research Report
According to TechSci Research report, “Global Cloud Security Market By Service Type, By Deployment Mode, By End User, By Region, Competition Forecast and Opportunities, 2011 - 2021”, global cloud security market is projected to cross $10 Billion by 2021, on account of increasing adoption of cloud computing, rising demand for managed security services, increasing smartphone user base and growing number of data breach incidents.
Further, number of internet users across the globe stood at 3.14 billion in 2015 and this is estimated to reach 3.29 billion by 2016.
This has fueled need for virtual storage infrastructure such as cloud.
Moreover, in 2015, number of smartphone users across the globe stood at 1.89 billion and is estimated to reach 2.12 billion by 2016.
IT & telecom witnessed an increase in the number of cyber attacks and data breaches incidents aimed at gaining access to financial data, identity theft, etc.
Due to such instances IT & telecom companies across the globe are focusing on adoption of cloud security services.
Additionally, growing e-commerce industry, emergence of various e-commerce mobile applications and growing tie-ups of various advertising companies, etc., is increasing data security breaches.
Further, growth in ecommerce sector is generating large volumes of data and this is fueling use of cloud infrastructure for storage of this data.
Thus, retail companies are adopting cloud security solutions to safeguard data from hackers and this is projected to propel demand for cloud security solutions from various end user industries across the globe during the forecast period.
Link: http://www.prnewswire.com/news-releases/cloud-security-market-to-cross-10-billion-by-2021-techsci-research-report-605231166.html

Cisco Talos: Zeus spawn “Floki bot” malware gaining use, cyber-underworld notoriety
Michael Cooney
Cisco’s Talos security group this week warned that a variant of trojan monster Zeus has begun to garner a following in the cyber-underworld as a hard-to-detect attack mechanism.
“[Floki bot] is based on the same codebase that was used by the infamous Zeus trojan, the source code of which was leaked in 2011.
Rather than simply copying the features that were present within the Zeus trojan ‘as-is’, Floki Bot claims to feature several new capabilities making it an attractive tool for criminals,” Talos wrote.
Link: http://www.networkworld.com/article/3148785/security/cisco-talos-zeus-spawn-floki-bot-malware-gaining-use-cyber-underworld-notoriety.html

http://blogs.cisco.com/favicon.ico Cisco Signs on with Privacy Shield
Michelle Dennedy
Cisco supports protecting and enabling the international flow of personal data that furthers a progressive economy.
To that end, we received official word that we are loud, proud, and on the list for the Privacy Shield – the voluntary, self-certification framework for EU-US data transfer.
Why is Cisco participating.
Isn’t Privacy Shield being challenged along with the rest of the data transfer mechanisms.
Although there have been challenges testing the effectiveness of our transatlantic partnership, we have seen that data privacy matters to Cisco employees and customers.
Privacy is the authorized processing of personally identifiable information according to moral, legal, ethical, and sustainable fair principles.
Privacy Shield provides EU-like data protection for personal data processed in the United States.
Complying with Privacy Shield signals that Cisco takes privacy concerns very seriously, because it is the right thing to do for individuals and businesses.
Ultimately, it drives trust in business and confidence with regulators and citizens alike, which is good for Cisco and our customers.
So, we signed up and will keep striving to make our products and processes even better every day.
Link: http://blogs.cisco.com/security/cisco-signs-on-with-privacy-shield

Cisco whacks its Secure Access Control System
Michael Cooney
Cisco this week this week announced the death of its Secure Access Control System – a package customers use to manage access to network resources.
Cisco said the last day customers can order the system is August 30, 2017.
For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers’ service contract the company said.
The last date that Cisco Engineering will release any final software maintenance releases or bug fixes is Aug. 30, 2018.
After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software, the company said.
“The Cisco Secure Access Control System (ACS) product functionality has been implemented in the Cisco Identity Services Engine (ISE) product line.
Customers with only Access Control System installations interested in migrating to ISE may purchase a migration bundle with product part number ACS-ISE-MIG-M or ACS-ISE-MIG-S, on sale until August 31, 2017.
Customers who have maintained parallel installations of both ACS and ISE are able to simplify their security solution by using the functionality of their ISE installment.
Customers with both ACS and ISE installations are not eligible for the migration bundles,” Cisco wrote in an announcement of the product’s end of life.
Link: http://www.networkworld.com/article/3147842/cisco-subnet/cisco-whacks-its-secure-access-control-system.html

http://sports.yahoo.com/favicon.ico Symmetry and Sage Solutions Consulting to Bring World Class Security and Compliance for Mission Critical SAP Environments
JACKSONVILLE, FL and MILWAUKEE, WI—(Marketwired - Dec 7, 2016) - Responding to continued market demand for comprehensive SAP security and audit readiness services, Sage Solutions Consulting, an SAP consulting services provider, and Symmetry, a leading enterprise application management, hybrid cloud hosting and award-winning GRC software solutions provider, today announced a partnership agreement focused on providing world-class security and GRC solutions for enterprise SAP IT environments.
This newly formed partnership enables Sage Solutions Consulting to include the award-winning ControlPanelGRC® software suite into their arsenal of solutions for their customers.
ControlPanelGRC® is a powerful yet simple governance, risk and compliance (GRC) platform that automates compliance and audit-relevant tasks-achieving dramatic time and cost savings in the process.
It features capabilities that address the major areas of SOX compliance at every level for SAP environments, including those in heavily regulated industries.
ControlPanelGRC® is built, implemented and supported by SAP technology and compliance subject matter experts who have years of experience in deploying, managing, and auditing this mission critical environment.
Link: http://sports.yahoo.com/news/symmetry-sage-solutions-consulting-bring-115500283.html

http://www.businesswire.com/favicon.ico LookingGlass Announces New Program for Managed Security Services Providers (MSSPs)
RESTON, Va.—(BUSINESS WIRE)—LookingGlass Cyber Solutions™, a leader in threat intelligence driven security, today announced the Cyber Guardian Network partner program has expanded to include Managed Security Services Providers (MSSPs).
MSSPs can now readily supplement their existing security services portfolio to initiate new revenue streams and enhance their profitability.
By leveraging LookingGlass’ MSSP program, partners have the ability to offer standardized threat intelligence services for quick adoption, and highly customizable services that will allow them to differentiate their offerings.
Link: http://www.businesswire.com/news/home/20161207005273/en/LookingGlass-Announces-Program-Managed-Security-Services-Providers

http://www.marketwired.com/favicon.ico Kenna Security Closes $15 Million Series B Funding
SAN FRANCISCO, CA—(Marketwired - Dec 7, 2016) - Kenna, a vulnerability and risk intelligence platform that enables organizations to measure and monitor their exposure to risk, today announced it has closed a $15 million Series B funding round led by PeakSpan Capital.
New investor OurCrowd and previous investors U.S.
Venture Partners (USVP), Costanoa Venture Capital, and Hyde Park Angels also participated in the round, bringing the company’s total funding to $25 million.
The capital will be used to power Kenna’s engineering roadmap as well as scale sales, marketing, and customer success to meet increasing market demand.
Link: http://www.marketwired.com/press-release/kenna-security-closes-15-million-series-b-funding-2181297.htm

http://news.thewindowsclub.com/favicon.ico Threat intelligence feeds are, at best, uneven in quality, says Microsoft
Anand Khanse
According to analysis by top information security professionals, almost 70% of these threat intelligence feeds are sketchy and not dependable in terms of quality.
They claim that only 31% of the entire spectrum is accessible and accurate.
This low success rate means that IT staff will have to focus on manual vetting and shuffling of the data.
With more than 17,000 malware threats detected every week, this unnecessary process takes up majority of the time of most IT professionals.
This component of Microsoft’s risk analysis department gathers data from across all of the company’s products and services.
In addition to this, between their Digital Crimes Unit (DCU), Cyber Defense Operations Command Center (CDOC), and the entire organisation, Microsoft employs thousands of the smartest security experts to protect sensitive products like Azure and Office 365.
Link: http://news.thewindowsclub.com/threat-intelligence-feeds-microsoft-87514/

https://www.yahoo.com/favicon.ico SANS Announces Winners of the 2016 Difference Makers Award
BETHESDA, Md., Dec. 8, 2016 /PRNewswire-USNewswire/—SANS Institute is pleased to announce the winners of the SANS 2016 Difference Makers Award which celebrates those individuals whose innovation, skill and hard work have resulted in real increases in information security.
While there is no shortage of publicity around failures in security, there are many organizations who aren’t in the news because their security staff have found ways to meet business needs and protect customer and business data from attackers.
The SANS Difference Makers Award was formed to honor these individuals who are quietly succeeding and making breakthroughs in advancing security.
Chris Burrows, CISO Oakland County MI
Eric Alexander, Senior Network and Security Engineer, BI Inc
Jon Homer, DHS
John Martin, Boeing
Joseph Roundy, Cybersecurity Program Manager, Montgomery College
Elayne Starkey, CISO, State of Delaware
Jeff Hobday, Chief, Defensive Cyber Operations Branch, 442nd Signal Battalion at Fort Gordon, GA
Lisa Wiswell, OSD Defense Digital Service; Charley Snyder, OSD Cyber Policy; Alex Romero, Defense Media Activity: Hack the Pentagon
Maj Gen Earl D.
Matthews (USAF, Ret), Vice President, Enterprise Security Solutions, HP Enterprise
Joanne McNabb, Director of Privacy Education and Policy in the Office of the California Attorney General
GySgt Johnathan Norris, JCU Cyber Troop, Ft.
Bragg, NC
Lighthouse Award Winner: Howard Schmidt
Link: https://www.yahoo.com/tech/sans-announces-winners-2016-difference-makers-award-191500562.html

http://blogs.cisco.com/favicon.ico Cisco ACI Partner Ecosystem Packs a Punch – 65 Partners and Growing
Ravi Balakrishnan
When it comes to leadership in the SDN marketplace, clearly there is one winner.
And that is, Cisco ACI.
The proof is in customer momentum numbers.
Cisco ACI has 2700+ ACI customers and a rapidly growing ecosystem of 65 technology partners.
ACI ecosystem partners come from a broad spectrum of L4/L7, Security Management and Orchestration, Analytics, Operations Monitoring and Compliance, Service delivery, and other categories addressing a broad set of use-cases and buying center requirements.
In this blog, I intend to give an overview of our major L4-7 ecosystem partner solutions, the new innovations, a quick discussion on what to look forward to in 2017, and how customers can benefit deploying the solution.
In 2017, we’ll add support for additional use cases with Rapid Threat Containment for ACI and will improve policy automation and simplicity by allowing FirePOWER/Firepower Threat Defense policy to be defined using ACI constructs like EPGs.
Link: http://blogs.cisco.com/datacenter/cisco-aci-partner-ecosystem-packs-a-punch-65-partners-and-growing

http://www.digitaljournal.com/favicon.ico Network Security Market: Global Industry Analysis and Forecast 2016 - 2026
Persistence Market Research which analyzes the Network Security Market and identifies key market drivers and factors impacting growth during the forecast period
New York, NY—(SBWIRE)—12/08/2016—The introduction of virtualization technologies and growing usage of web-based applications are some of the factors that are supporting Network Security market to grow.
Network security helps enterprises in securing communication pathway from unauthorized access and data misuse.
There is increasing demand for advanced security services and integration of network security solutions with other security services to mitigate the risk of cyber-attacks.
The major factor driving Network security market is the growing need of security solutions for cloud technology.
Due to heavy use of virtualization, threats such as malware or defective process are reducing the efficiency of the hypervisor.
This has encouraged Network security solution providers to offer advanced Network security solutions such as Firewall to scan every byte of each packet on all the network traffic.
This Network security solution strengthens cloud-based security by providing additional benefits such as malware protection, detection of intrusion, policy violation data theft and other security measures.
The key challenge in the Network security market is the rising demand for solutions that can support BYOD approach.
With the introduction of BYOD policy companies allow their employees to access business information through their personal devices and to follows open and interconnected network policy.
This creates difficulty for network security solution to understand if the action has been taken up by the device, machine or human.
Many network security solution providers are working towards the development of intelligent security solution that can secure information not only the device or communication pathway.
Another restraint in Network security is the vulnerability to cyber-attack.
This has badly affected operating system of the companies as many organizations are running their network connected devices without network security updates, faces the problem of vulnerability to viruses, theft and data loss along with cloud Integration and connectivity.
This have given hackers and cyber-attackers an easy access to the organization’s network.
To secure network, timely detection, removal of viruses and control is needed.
It is necessary to identify and fix the issues related to network performance and reliability.
Link: http://www.digitaljournal.com/pr/3169770

 

Posted on 12/09
NewsPermalink

Sunday, August 28, 2016

IR News Security - 2016-08-28

Table of Contents

  • Automate, integrate, collaborate: Devops lessons for security
  • Dragos Raises $1.2M in DataTribe-Led Seed Funding Round for Cyber Threat Operations Center; Robert Lee Comments
  • Cyber Pain Points: Failure to get buy-in for Incident Response Plan (IRP) in the top 10!
  • Cybereason Named a Top 'Disruptive Innovator' by Juniper Research
  • Confronting Cybersecurity Challenges Through US-Singapore Partnership – Analysis
  • The New EU Cybersecurity Directive: What Impact on Digital Service Providers?
  • CISO Hunting Tags: What threat hunting should mean to you
  • 4 Tips to Give You Greater Network Visibility and Prepare You to Survive a Breach
  • What’s next for threat intelligence?
  • RiskSense Selected Best Cyber Risk Management Software of the Year
  • InCommon Enters Proof of Concept for Federated Incident Response
  • AI will help virtualised data containers manage their own security, access control
  • Japanese government plans cyber attack institute



Automate, integrate, collaborate: Devops lessons for security
Enterprise security pros are often seen as heavy-handed gatekeepers obsessed with reducing risk.
They'd rather be viewed as enablers who help the organization complete tasks and gain access to needed data. 
To make that transformation, security teams must become faster, more efficient, and more adaptable to change.
That sounds a lot like devops. 
As more companies embrace devops principles to help developers and operations teams work together to improve software development and maintenance, those organizations also increasingly seek to embed security into their processes.
Continuous automated testing improves application security.
Increased visibility in operations improves network security. 
When data collection and analysis is automated, developers, security teams, and operations can work together.
The benefits go beyond application security.
Song describes an organization that saw sales drop dramatically after pushing out a feature update to their ecommerce application.
Was the problem with the update or the application itself.
It turned out that the SSL certificate had expired.
With all the players in one place, it was easier to identify and fix the problem.
There is a "fusion of different operations and teams working together," she says. 
Security doesn't operate in a silo, Song says.
Removing barriers between teams gives security operations information about what is happening faster.
Faster alerts means security operations are looking at the problem earlier in the cycle, and better information on hand helps the team figure out a solution.
Link: http://www.cio.com/article/3110267/security/automate-integrate-collaborate-devops-lessons-for-security.html?token=%23tk.CIONLE_nlt_cio_insider_2016-08-24&idg_eid=e87b17913ba9d312d52f2efa84a73904&utm_s



http://blog.executivebiz.com/favicon.ico Dragos Raises $1.2M in DataTribe-Led Seed Funding Round for Cyber Threat Operations Center; Robert Lee Comments 
Dragos will use the funds to establish a threat operations facility that will work to provide cyber threat detection services for industrial control systems and supervisory control and data acquisition platforms as well as develop technologies intended for ICS networks, the company said Wednesday.
Link: http://blog.executivebiz.com/2016/08/dragos-raises-1-2m-in-datatribe-led-seed-funding-round-for-cyber-threat-operations-center-robert-lee-comments/



http://www.lexology.com/favicon.ico Cyber Pain Points: Failure to get buy-in for Incident Response Plan (IRP) in the top 10! 
Here’s the list of all 10 Pain Points:
-  Lack of a cross-functional “incident commander” to coordinate response across the organization
-  Incident response plans lack cross-organizational considerations and buy-in
-  Limited data classification guidance to help determine severity and guide incident response activities
-  Ill-defined processes (aka “pre-thought use cases”) for responding to high impact incidents
-  Lack of defined checklists or step-by-step procedures, including contact lists for response
-  Lack of consideration of the business impact when determining courses of action for response
-  Ill-defined or mixed use of event and incident taxonomy between responders
-  Lack of defined thresholds between events and incidents to aid in decision making
-  Limited or lack of pre-determined (aka “pre-canned”) external communication statements
-  Lack of training and exercise of “memory muscle” for the most likely or high risk incidents
Link: http://www.lexology.com/library/detail.aspx?g=6e634387-8729-436e-9c38-1a619856714d



http://www.benzinga.com/favicon.ico Cybereason Named a Top 'Disruptive Innovator' by Juniper Research 
Cybereason today announced that the company and its Military-Grade, Real-Time Detection and Response Platform, has been named by Juniper Research as one of the Top Three ‘Disruptive Innovators to Watch in 2016.' Cybereason is the only cybersecurity company to make the watch list.
Link: http://www.benzinga.com/pressreleases/16/08/p8387819/cybereason-named-a-top-disruptive-innovator-by-juniper-research



Confronting Cybersecurity Challenges Through US-Singapore Partnership – Analysis
As a key deliverable to PM Lee’s visit, Singapore’s Cyber Security Agency (CSA) and the US Department of Homeland Security (DHS) co-signed on 2 August a Memorandum of Understanding (MOU) on the Cooperation in the Area of Cybersecurity, which lays a foundation for cooperation on cyber-related issues. 
This agreement covers cooperation in key areas that include regular Computer Emergency Response Teams (CERT) to CERT information exchanges and sharing of best practices, coordination of cyber incident response, conducting new bilateral initiatives on critical infrastructure protection, and continued cooperation on cybercrime, cyber defense, and on regional capacity building. 
Singapore’s CSA has entered into four other bilateral cyber MOUs signed with France, United Kingdom, India and the Netherlands.
The agreement with the US is the fifth and an important milestone for both countries.
It is the first cyber agreement between an ASEAN nation and the US.
While Singapore benefits from accessing knowledge about cyber threats and mitigation responses from the US, Washington will equally gain deeper insights into the cyber threats experienced by Singapore and potentially the South East Asia region. 
Both Singapore and the US are becoming more digitally dependent, with Singapore having aspirations to be the world’s first Smart Nation.
The creative use of information and communications technology (ICT) and Internet of Things (IOT) will undoubtedly bring about significant advances in the way we live, work and play through predictive and automated decision-making based on detailed collected data on individuals. 
From 16-18 August 2016, Singapore’s CSA, Ministry of Foreign Affairs and the US Department of State’s Third Country Training Programme hosted an ASEAN Cybersecurity workshop, the first of its kind.
This Singapore and US lead diplomatic effort brought together ASEAN cyber officials from both policy and technical offices to discuss developing and implementing national cybersecurity strategies, cyber incident response, multi-stakeholder engagement, private-public partnerships and building a culture of cybersecurity. 
Singapore is in a unique position to take the necessary technological leadership role in enhancing its national cybersecurity posture while supporting the region.
The shared insights and experience by both Singapore and the US can be of considerable benefit to the ASEAN countries and to the larger global community as all nations continue to seek ways to improve their cybersecurity postures.
Link: http://www.eurasiareview.com/24082016-confronting-cybersecurity-challenges-through-us-singapore-partnership-analysis/



http://www.lexology.com/favicon.ico The New EU Cybersecurity Directive: What Impact on Digital Service Providers? 
Considerable disagreement surrounded the inclusion of digital service providers within the draft NIS Directive, bringing opposition from the European Parliament, various Member States, and entities falling under the definition of "digital service provider." These opponents viewed cyberattacks on digital service providers as insufficiently significant and therefore argued against additional regulation, which would potentially negatively affect innovation.
While the final NIS Directive does extend to digital service providers, it subjects them to a lighter regulatory touch than essential service operators.[1] 
DSP services cover the three following categories (NIS Directive (Annex III)): "online marketplace," "online search engine," and "cloud computing services": 
"Online marketplace" covers "a digital service that allows consumers and/or traders to conclude online sales or services contracts with traders either on the online marketplace’s website or on a trader’s website that uses computing services provided by the online marketplace." 
"Online search engine" covers "a digital service that allows users to perform searches of all websites or websites in a particular language on the basis of a query on any subject in the form of a keyword, phrase or other input, and returns links in which information related to the requested content can be found." 
"Cloud computing service" means "a digital service that enables access to a scalable and elastic pool of shareable computing resources." 
Security Requirements.
The NIS Directive aims at implementation of "state of the art" measures.
It requires the following from DSPs: 
dentify and take appropriate technical and organizational measures to manage the risks facing the security of the network and information systems used in offering services within the EU. 
Take measures to prevent and minimize the impact of incidents affecting the security of their network and information systems on services offered within the EU, with a view toward ensuring service continuity. 
Incident Notification Requirements.
DSPs must promptly notify the competent authority or "Computer Security Incident Response Team" ("CSIRT")designated by the EU Member State of any incident having a substantial impact on the provision of a service offered within the EU.
Notifications must include information to enable the competent authority or CSIRT to determine the significance of any cross-border impact.
However, the notification should not expose the notifying party to increased liability. 
Regarding implementation of the NIS Directive, EU Member States are required to adopt the Directive’s strategy for regulatory measures for cybersecurity within the EU, to create a computer security incident response team for EU nations to address cross-border security incidents, and to establish a unified strategic cooperation group to encourage Member States to exchange information. 
National Strategy for the Security of Network and Information Systems.
EU Member States must adopt a national strategy defining the objectives, as well as appropriate policy and regulatory measures, in order to achieve a high level of security. 
Post-Notification Procedure.
After consulting the DSP concerned, the notified competent authority or CSIRT (and, where appropriate, the authorities or CSIRTs of other EU Member States concerned) may inform the public about individual incidents or require the DSP to do so, if it determines that public awareness is necessary to prevent an incident or respond to an ongoing incident, or where disclosure of the incident is otherwise in the public interest. 
The NIS Directive’s potential reach over entities established outside of the EU also calls for companies to evaluate whether their activities may bring them within the scope of the Directive.
As penalties for noncompliance are yet to be determined by each Member State, this is even greater reason for companies to ensure that they do not fall foul of the NIS Directive.
Link: http://www.lexology.com/library/detail.aspx?g=ed581119-9a2a-4881-a581-b40e6ecd710f



CISO Hunting Tags: What threat hunting should mean to you
The better your network security and the better engineered the security program.
The absolute best your incident response and threat team should likely reflect.
As your security team increases in skill and demonstrable capability in keeping the network closed.
The more likely that the threats found inside are going to have superlative capability.
Thus, your teams that are the shock absorber for incident response (CIRT and threat hunting) are going to need superlative skill.
Thus, we are looking at highly mature and more importantly well-funded programs.
At some point I’ll write a post talking about right sizing and right funding a security program from a realist point of view. 
Having a good log collection and netflow analysis capability allows you to hunt for threats.
Many people focus on the current network traffic and looking for real time anomalies.
A world class program will keep netflow logged for a window of a year. 
Hunting takes on a sense of stalking, following indicators of possible compromise to particular hosts.
Things like beacons, web pages, slow machines, and other elements might get your notice. 
Whether randomly pulling boxes from production for examination, or given a tip-off from the network surveillance.
Hunting on a host usually starts in the file system and memory system.
There are ways to dump the memory of a host and then evaluate it for possible previously undetected malware.
SANS and others teach memory forensics courses that serve the threat hunting team well in the skills development area.
In my experience I have pulled boxes out of production I thought were exploited only to at a forensic level refute that hypothesis.
In other cases I pulled boxes from production that had no sign of issues and had twenty or more variants of malware infesting them.2005 Robin Hood
reliability and validity are not the same thing.
The dichotomy of discovery based on the nearly random nature of some of the processes make the analogy of hunting work.
You can stalk, you hunt from a blind, or you can take whatever walks into your path.
It is all about looking for things that you didn’t know exist.
Your team needs to be active persistent defensive agents on the network.
The time intensive and mission impacts of interdicting a host all result in managerial reluctance.
That reluctance is well founded because a host may have exploitation’s that will result in downtime. 
I often get asked two questions.
What is the role of honeypots/nets in threat hunting and why do we do this.
Discussing the first question a honeypot is literally a sophisticated intrusion detection system.
From a realist point of view you can think of the honeynet as a sensor, or trip line that gives you warning. 
You only have so many resources, and you only have so much time.
I shepherd my security teams closely to make sure nobody is burning out, and try and maintain a good work/life balance when leading teams.
Threat hunting in the short term creates more work for the teams in general.
Over the long term it decreases the CIRT teams time on response tasks and informs the security team of better protection measures.
If you as a CISO enforce the security feedback loops and configuration controls that will be illuminated by hunting on your network. 
Threat feeds carry lots of indicators of compromise that can be used to defend your network.
Those feeds can be days behind the actual adversary.
The various threat feeds are not necessarily customized to your business, infrastructure, or political standing.
They are in fact part of the information security portion of the CISO portfolio not the threat hunting portion.
The threat hunting group is looking for that last finite number of threats that make it through your world class information security perimeter.
Since this is identifying the worst of the worst and likely the most entrenched adversary.
The whole reason you do this is to finally say you have reduced the surprise factor of network security management to a known level.
Link: http://selil.com/archives/6813



4 Tips to Give You Greater Network Visibility and Prepare You to Survive a Breach
No. 1: Ensure that you have logs, and that they are protected.
No. 2: Keep your database of systems and applications up-to-date. 
No. 3: Have a method to capture network traffic and to send alerts. 
No. 4: Make a plan for responding to a data breach and write it down.
Link: http://www.biztechmagazine.com/article/2016/08/4-tips-give-you-greater-network-visibility-and-prepare-you-survive-breach



http://www.information-age.com/favicon.ico What’s next for threat intelligence? 
Nearly every security vendor wants to get in on the action and the majority of security operations groups are either being told by their management to get on board with it, or they’ve attended various security conferences and realised they need to add threat intelligence into their security program. 
At some stage, every CISO or SOC manager will be asked by management, concerned about the latest hack: What do you know about it.
How does it affect us.
What are we doing about it? 
A solid threat intelligence strategy provides you with a means of being proactive and ensuring that you’re on top of your cyber security, so that you’re in a position to answer these questions before they are even asked. 
On a network, there are only three things security operators need to deal with; noise, nuisance and threats. 
You need to filter out the noise (blocking it at the perimeter or detecting it and automatically remediating), focus on threats (the real gotchas that can negatively impact shareholder value) and determine if a nuisance is actually noise or a threat and deal with it accordingly. 
An effective threat intelligence platform helps organise the threats and provide the information you need to isolate what really matters. 
Once you are using threat intelligence to improve communications and focus your resources, you can start diving into risk management. 
A threat intelligence platform lets you take a more strategic view of the business critical assets you need to protect, the threats that are targeting these assets and the ways in which they are going about it, and the countermeasures you have in place.
Link: http://www.information-age.com/technology/security/123461937/whats-next-threat-intelligence



http://www.businesswire.com/favicon.ico RiskSense Selected Best Cyber Risk Management Software of the Year 
SUNNYVALE, Calif. & ALBUQUERQUE, N.M.—(BUSINESS WIRE)—RiskSense® Inc., the pioneer and market leader in pro-active cyber risk management, today announced that the company’s cyber risk management platform was selected Best Cyber Risk Management Software of 2016 in the 8th Annual Security Products Magazine New Product of the Year Awards.
The RiskSense Platform was recognized for its innovations in intelligence-driven cyber risk analytics, which identify threats in near real-time based on business risk criticality across the entire attack surface of an organization, and prioritize closed-loop remediation efforts.
Link: http://www.businesswire.com/news/home/20160826005107/en/RiskSense-Selected-Cyber-Risk-Management-Software-Year



https://spaces.internet2.edu/favicon.ico InCommon Enters Proof of Concept for Federated Incident Response 
With InCommon interconnected to the global federation community, participants now have the opportunity to take part in and support policies and standards being developed internationally.
One of the most promising collaborations in this area is the Security Incident Response Trust Framework for Federated Identity (Sirtfi).
Developed by a working group comprising international research, campus, and federation operator community members, this framework and related entity tags for IdPs and SPs serves as a first iteration of a global federated incident response approach. 
This proof of concept will include very scoped support for Sirtfi including:
-  Importing the Sirtfi entity attribute for those international IdPs and SPs that have chosen to adhere to the specification along with importing the REFEDS Security Contact metadata into InCommon metadata from eduGAIN.
-  Adding to the InCommon aggregate and exporting to eduGAIN the REFEDS security contact and the Sirtfi entity attribute on the entity descriptors of the following IdPs:
—    NCSA
—    LIGO
—    The University of Chicago
—  Adding the Sirtif tag to several LIGO SPs
Link: https://spaces.internet2.edu/display/InCCollaborate/2016/08/26/InCommon+Enters+Proof+of+Concept+for+Federated+Incident+Response



AI will help virtualised data containers manage their own security, access control
Although virtualised data 'enclaves' offer the best control over enterprise data now, CISOs will increasingly rely on artificial intelligence (AI) technologies to keep ahead of changing threat exposures as data becomes increasingly “self controlling”, one leading security strategist has predicted. 
Organisations that use virtualised enclaves to contain and segregate enterprise data in mobile devices “are getting the best return on their investment,” Citrix chief security strategist Kurt Roemer told CSO Australia. “By mobilising data in an enterprise container that's treated as a set of project-based enclaves on the mobile device, your enterprise data never leaves your control.
That lets you focus resources on sensitive data and not just on the security technologies and controls that are supposed to apply to everything.” 
AI tools will be essential in “considering the workflows that take into account the different relationships, networks, and boundary conditions that help provide the right level of risk in the organisation,” Roemer said. “When you do that, it often leads you to different conclusions than you get on the network you may have in place right now. 
Fully realising the potential of AI technologies will require a more mature perspective of the technology, he added, noting that most organisations still think of AI primarily as a tool for automating security log analysis. 
Those insights would become more evident as AI tools allowed security monitoring policies to extend to parts of the enterprise that might never normally be visible in the same context.
For example, AI might not only be used to look for anomaly conditions and alert administrators, but to monitor paths of communication between application components and automatically reroute that traffic if an issue is detected. 
These decisions will be adaptable based on the circumstances of access – for example, the location or device used by the person requesting access – and enforced at a highly granular level. “An AI based system will be able to look at intelligence systems, contracts, and business relationships, then decide whether a system should still be accessible and whether someone has the right to share that data or not,” Roemer said, noting that the 'all-access pass' – conventional user ID-and-password gateways – had to evolve. “Access needs to be continually evaluated and contextual,” he explained, “and ultimately data is going to need to be really self-controlling.
All of us change our situations throughout the day and your access needs to be constantly evolving to meet the unique risks of each of those situations.
Eliminating the all-access path is about making the access very specific to the risk that is presented.”
Link: http://www.cso.com.au/article/605831/ai-will-help-virtualised-data-containers-manage-their-own-security-access-control/



Japanese government plans cyber attack institute
The government of Japan will create an institute to train employees to counter cyber attacks.
The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure. 
The training institute, which will operate as part of Japan’s Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks.
A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs.
Link: https://thestack.com/security/2016/08/24/japanese-government-plans-cyber-attack-institute/

Posted on 08/28
NewsPermalink

IT Security News - 2016-08-28

Table of Contents

  • France and Germany urge reform to access encrypted messages
  • The 3 Biggest Mistakes In Cybersecurity
  • What IT Pros Need To Know About Hiring Cyber-Security Hunt Teams
  • Best Practices For Data Center's Physical Security
  • 19% of shoppers would abandon a retailer that’s been hacked
  • Lost and stolen devices account for 1 in 4 breaches in the financial services sector
  • Cybercrime in India up 300% in 3 years: Study
  • Onapsis : Releases SAP Security In-Depth Publication for SAP HANA
  • BeyondTrust Survey Uncovers Growing Disparity Managing Privileged Access
  • How do you measure success when it comes to stopping Phishing attacks?
  • How to secure your remote workers
  • New approach needed to IT, says NIST's top cyber scientist
  • Security Leadership & The Art Of Decision Making
  • FCC proposes 5G cybersecurity requirements, asks for industry advice
  • Traffic, jammed: New report says DDoS attacks are up 211 percent
  • New breed of IT professional
  • ​APAC unprepared for security breaches: FireEye's Mandiant
  • SA’s new cybercrimes law explained
  • Get the Security Budget You Need and Spend It Wisely
  • Data breaches: Different regions, very different impacts
  • Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity
  • Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says
  • Got big data? The Cloud Security Alliance offers up 100 best practices
  • Privacy Shield data-transfer agreement now covers 200 companies
  • Security must be top of the manufacturing agenda
  • Security Conferences Abound: Which Should You Attend?
  • Fueling secure technology adoption in banks through a robust cyber security framework[India]
  • The Hidden Dangers Of 'Bring Your Own Body'
  • Vulnerability Spotlight: Multiple DOS Vulnerabilities Within Kaspersky Internet Security Suite
  • Cyberthreats Targeting the Factory Floor
  • Don’t Get Stranded without a Data Security Action Plan



France and Germany urge reform to access encrypted messages
French Interior Minister Bernard Cazeneuve met with his German counterpart, Thomas de Maiziere, on 23 August to discuss anti-terrorism proposals.
Following the meeting, Cazeneuve told the press in Paris that France and Germany will put forward a European initiative to tackle the problem of messaging encryption used by Islamist extremists, to be discussed at the EU summit taking place on 16 September. 
In particular, Cazeneuve said that messaging service operators such as Telegram, which has so far been reluctant to cooperate with the authorities, should be compelled to provide access to encrypted content to terrorism investigations.
The French minister urged the European Commission to pass new legislation targeting encrypted messaging services provided by both EU and non-EU companies, creating the right legal framework to strengthen national security.
Link: http://www.telecompaper.com/news/france-and-germany-urge-reform-to-access-encrypted-messages—1159017?utm_source=headlines_-_english&utm_medium=email&utm_campaign=24-08-2016&utm_content=textlink



http://www.information-management.com/favicon.ico The 3 Biggest Mistakes In Cybersecurity 
Everyone, from the small business owner, to senior executives in businesses of every shape and size are confronting a seemingly insurmountable problem: Constant and rising cyber security breaches.
It seems no matter what we do, there is always someone that was hacked, a new vulnerability exploited, and millions of dollars lost.
1) They think cyber security is a technology problem.
2) They follow a cyber security check list once-and-done.
3) They don't have a cyber security awareness training program in place.
Neither structure nor strategy will help if you ignore the most important element in cyber security: People.
In 2016 ISACA published the top three cybersecurity threats facing organizations in that year.
They were, in order: 52% Social Engineering; 40% Insider Threats; 39% Advanced Persistent Threats.
Link: http://www.information-management.com/news/security/the-3-biggest-mistakes-in-cybersecurity-10029583-1.html



http://www.informationweek.com/favicon.ico What IT Pros Need To Know About Hiring Cyber-Security Hunt Teams 
If your organization doesn't run its own threat analysis center, it may be worth hiring a hunt team to watch your back.
Here's what you need to know. 
At the RSA Conference in 2015, Joshua Stevens, enterprise security architect for HP Security, gave a presentation on hunt team skill sets and on the ways analytics and visualization tools can be used to help identify cyber threats. 
The qualifications cited in the presentation suggest hunt team members should have advanced intrusion detection and malware analysis skills, data science and programming skills, and a creative, analytical mindset. 
If you try to assemble an in-house hunt team, your own personnel may have to work harder to benefit from external incidents.
A vendor handling many clients, however, can apply what it learned from one client to protect its other customers.
Link: http://www.informationweek.com/strategic-cio/security-and-risk-strategy/what-it-pros-need-to-know-about-hiring-cyber-security-hunt-teams/d/d-id/1326602



Best Practices For Data Center's Physical Security
There are several criteria that you need to look into and no wonder what we'll be discussing here is be expensive, time-consuming and resource-intensive. 
- Constructed for ensuring physical protection
construct the exterior (walls, windows, and doors) of materials that provide ballistic protection.
In addition, it must also provide protection on physical grounds, which means that it should have all the physical equipment in place such as barriers to keep invaders from sneaking inside. 
- 24x7 backup powe
- Cages, cabinets and vaults
should be strong and rigid, ensuring the safety of the equipments residing inside. 
- Electronic access-control systems (ACSs) 
- Provisioning process
another practice to provide entry to the facility involves a process that requires providing structured and documented provisioning by the individual requesting to get inside the data center. 
- Fire detection and fire suppression systems
The structures must be hard-wired with alarms backed with fire suppression systems, assuring fire safety. 
- Educate the entire team: Your staff must be educated about security.
Link: http://www.hostreview.com/blog/160823-best-practices-for-data-centers-physical-security



http://www.computerworld.com/favicon.ico 19% of shoppers would abandon a retailer that’s been hacked 
The 2016 KPMG Consumer Loss Barometer report surveyed 448 consumers in the U.S. and found that 19% would abandon a retailer entirely over a hack.
Another 33% said that fears their personal information would be exposed would keep them from shopping at the breached retailer for more than three months. 
The study also looked at 100 cybersecurity executives and found that 55% said they haven't spent money on cybersecurity in the past yearand 42% said their company didn't have a leader in charge of information security. 
The survey results, posted Tuesday online, found that retail and automotive industries were laggards in appointing leaders to assess cyberthreats and opportunities.
The financial services and tech industries were leaders.
Link: http://www.computerworld.com/article/3111447/cybercrime-hacking/19-shoppers-would-abandon-a-retailer-thats-been-hacked.html



http://www.computerworld.com/favicon.ico Lost and stolen devices account for 1 in 4 breaches in the financial services sector 
Bitglass is a vendor in the cloud access security broker (CASB) space.
What that means is that Bitglass is focused on ensuring organizations utilize strong security tools and processes to keep their data safe.
It's a busy space and one in which being seen as a thought leader is important; hence, Bitglass and its competitors invest lots of effort in creating content that is broadly useful to the industry. 
the report found that leaks within the financial services industry almost doubled between 2014 and 2015, with that increase looking set to continue through 2016.
All of the U.S.'s largest banks have suffered recent leaks, and in the first half of this year alone, five of the top 20 banks in the U.S. disclosed breaches. 
Key findings from the report include:
-  1 in 4 breaches in the financial services sector over the last several years were due to lost or stolen devices; 1 in 5 were the result of hacking.
-  14% of leaks can be attributed to unintended disclosures and 13% to malicious insiders.
-  Five of the nation's 20 largest banks have already suffered data breaches in the first half of 2016.
-  In 2015, 87 breaches were reported in the financial services sector, up from 45 in 2014.
-  In the first half of 2016, 37 banks have already disclosed breaches.
-  Over 60 organizations suffered recurring breaches in the last decade, including most major banks.
-  JP Morgan Chase, the nation's largest bank, has suffered recurring breaches since 2007.
The largest breach event, the result of a cyberattack, was widely publicized in 2014 and affected an estimated 76 million U.S. households.
-  Of the three major credit bureaus, the 2015 Experian leak was the largest, affecting 15 million individuals.
Link: http://www.computerworld.com/article/3109974/security/lost-and-stolen-devices-account-for-1-in-4-breaches-in-the-financial-services-sector.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-08-2



http://www.moneycontrol.com/favicon.ico Cybercrime in India up 300% in 3 years: Study 
The study revealed that in the past, the attacks have been mostly initiated from countries like the US, Turkey, China, Brazil, Pakistan, Algeria, Turkey, Europe, and the UAE, adding with growing adoption of internet and smartphones India has emerged as one of the primary targets among cyber criminals.
Attackers can gain control of vital systems such as nuclear plants, railways, transportation or hospitals that can subsequently lead to dire consequences such as power failures, water pollution or floods, disruption of transportation systems and loss of life, noted the study.
In the US alone, there has been an increase of nearly 50 per cent in reported cyber incidents against its critical infrastructure from 2012 to 2015, it said.
The Indian Computer Emergency Response Team has also reported a surge in the number of incidents handled by it with close to 50,000 security incidents in 2015, noted the study titled 'Protecting interconnected systems in the cyber era,'.
Link: http://www.moneycontrol.com/news/current-affairs/cybercrimeindia3003-years-study_7343781.html



http://www.4-traders.com/favicon.ico Onapsis : Releases SAP Security In-Depth Publication for SAP HANA 
Onapsis, the global experts in business-critical application security, today released SAP HANA System Security Review Part 2.
This publication analyzes SAP HANA Internal Communication Channels, details associated risk, and identifies how to properly audit an SAP HANA system.
As the 13th edition in the SAP Security In-Depth series, SAP HANA System Security Review Part 2 describes how to update the SAP HANA platform, noting new improvements in each Support Package.
Link: http://www.4-traders.com/news/Onapsis-Releases-SAP-Security-In-Depth-Publication-for-SAP-HANA—22946404/



http://tucson.com/favicon.ico BeyondTrust Survey Uncovers Growing Disparity Managing Privileged Access 
PHOENIX—(BUSINESS WIRE)—BeyondTrust, the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, today unveiled the results of its definitive Privilege Benchmarking Study based on a worldwide survey of IT professionals.
The study demonstrates a widening gulf between organizations that adhere to best practices for privileged access management. 
Top-tier companies were much more likely to have a centralized password management policy – 92 percent of them do, in contrast with just 25 percent of bottom-tier organizations.

Password cycling is also much more common among top-tier businesses; 76 percent of top-tiers frequently have passwords changed, whereas only 14 percent of bottom-tiers do.

Credential management formed another point of distinction, with nearly three-quarters (73 percent) identifying themselves as efficient in this area, compared to 36 percent of the bottom-tier companies.
More than two-thirds of top-tier companies (71 percent) can monitor privileged user sessions, and 88 percent can restrict access with a measure of granularity.

Among bottom-tiers, fewer than half (49 percent) can monitor sessions, and only 37 percent have granular capabilities to restrict access.
Among top-tier organizations, fully 9 out of 10 grant privileges to apps rather than users.
Among bottom-tier companies, this falls to 46 percent.

While it’s vital to evaluate the risks posed by individual apps and systems, only 6 percent of bottom-tier companies have tools that provide this capability – and, shockingly, 52 percent “just know” what the risks are.
Meanwhile, more than half of top-tier companies (57 percent) can make these assessments.

Top-tier companies are also more likely to actually conduct vulnerability assessments; 91 percent do, compared to just 20 percent of bottom-tier organizations.
Link: http://tucson.com/business/beyondtrust-survey-uncovers-growing-disparity-managing-privileged-access/article_f3ad8500-cba2-5169-b47e-cde165ebca04.html



How do you measure success when it comes to stopping Phishing attacks?
Some measured success based on clicks.
As such, if the employees avoid 80-percent of the Phishing emails delivered during an assessment, they see that as a win.
From there, the assessment moves to focusing on the 20-percent that did click links. 
No two Phishing attacks (simulated or real) are alike.
If an employee avoids an obvious scam based on delivery notifications, but later falls for a scam related to financial documents, that's a problem.
Yet, some organizations stop testing those who are successful during a given round of assessment.
This has the potential to create defensive gridlock. 
The general feeling among defenders was that an anti-Phishing "win" was a 10 to 20-percent click rate, meaning that 80 to 90-percent of the Phishing emails that went to the organization (testing or otherwise) were unsuccessful attempts.
In this case, clicks were inclusive of both links and attachments. 
Many also agreed that a layered defensive posture, as well as continuous assessment and training will help lower the impact of Phishing, but it wouldn't prevent it entirely.
Instead, better compromise detection, and improved response times should be part of any anti-Phishing program. 
"The average failure rate (of the client) of a Phishing/spear-Phishing campaign is usually between 60 to 80-percent - a pretty astronomical number.
However, if we carry those metrics through six months down the road after further security awareness training and tuning of technologies (spam filters, etc.); I've seen this number drop by as much as 30-percent," Blow said.
Link: http://www.csoonline.com/article/3110975/techology-business/how-do-you-measure-success-when-it-comes-to-stopping-phishing-attacks.html#tk.rss_dataprotection



How to secure your remote workers
Public wifi is insecure by nature—it requires no authentication to connect to the network, allowing cybercriminals to easily intercept the connection and distribute malware.
Hackers can also spoof public wifis by creating fake access points and mimicking the names of legitimate connections.
If you’re in a coffee shop and the shop’s wifi name is COFFEE_SHOP-WIFI, they might call theirs COFFEE_SHOP_FREE_WIFI.
Users would have no idea they had connected to the wrong one, since they’d be able to browse the Internet with no apparent interference.
Those connecting to rogue access points can have all of their traffic harvested in plain text, including passwords and other sensitive company data. 
With the onus on remote workers to keep their machines updated, there’s a lot of room for error.
Out-of-date software, plugins, and browsers, plus unpatched and unprotected systems leave remote employees even more vulnerable to attack. 
Remote workers with unpatched systems are especially vulnerable to malvertising campaigns and their associated exploit kits, an estimated 70 percent of which drop ransomware payloads these days.
According to a recent survey by Osterman Research, nearly 40 percent of businesses have been victims of a ransomware attack in the last year—and unprotected endpoints are part of the problem. “Part of the reason [that there are so many attacks] is that we have people that are using their own devices, they’re using corporate devices, and also privacy regulations in the U.S. aren’t as strict as in other countries,” says Mike Osterman, President of Osterman Research. “So there’s a lot of information that’s not as protected as it needs to be, a lot of endpoints that aren’t as protected.” 
Here are eight ways that businesses can better secure their remote workers. 
- Switch to cloud-based storage. 
- Encrypt devices, when possible. 
- Create secure connections to the company network. 
- Roll out automatic updates. 
- Use an encrypted email program. 
- Implement good password hygiene. 
- Increase user awareness. 
- Deploy an endpoint security program.
Link: https://blog.malwarebytes.com/101/2016/08/how-to-secure-your-remote-workers/



http://fedscoop.com/favicon.ico New approach needed to IT, says NIST's top cyber scientist 
No amount of security software, firewalls or anomaly detection systems can protect an IT infrastructure that's fundamentally insecure and a new approach to computer architecture is required to deal with the looming cybersecurity crisis, the National Institute of Standards and Technology's top computer security scientist told the president's commission on long-term cybersecurity. 
The "only way" to address the looming cybersecurity crisis is "to build more trustworthy secure components and systems," Ron Ross told the Commission on Enhancing National Cybersecurity during a Tuesday meeting in Minneapolis. 
Security, he observed, "does not happen by accident."  Things like safety and reliability needs to be engineered in from the beginning, he argued, comparing the process to the "disciplined and structured approach" used to design structurally sound bridges and safe aircraft. 
This new approach "will require a significant investment of resources and the involvement of essential partnership including government, industry, and the academic community," said Ross, comparing it to the moonshot of the 1960's.
Link: http://fedscoop.com/ron-ross-cybersecurity-comission-august-2016



Security Leadership & The Art Of Decision Making
What a classically-trained guitarist with a Master's Degree in counseling brings to the table as head of cybersecurity and privacy at one of the world's major healthcare organizations. 
Bishop Fox’s Vincent Liu sat down recently with GE Healthcare Cybersecurity and Privacy General Manager Richard Seiersen in a wide-ranging chat about security decision making, how useful threat intelligence is, critical infrastructure, the Internet of Things, and his new book on measuring cybersecurity risk.
We excerpt highlights below.
You can read the full text here. 
Vincent Liu: How has decision making played a part in your role as a security leader? 
Richard Seiersen:  Most prominently, it’s led me to the realization that we have more data than we think and need less than we think when managing risk.
In fact, you can manage risk with nearly zero empirical data.
In my new book “How to Measure Anything in Cybersecurity Risk,” we call this “sparse data analytics.” I also like to refer to it as “small data.” Sparse analytics are the foundation of our security analytics maturity model. 
VL: If you’re starting out as a leader, and you want to be more “decision” or “measurement” oriented, what would be a few first steps down this road? 
RS: Remove the junk that prevents you from answering key questions.
I prefer to circumvent highs, mediums, or lows of any sort, what we call in the book “useless decompositions.” Instead, I try to keep decisions to on-and-off choices.
When you have too much variation, risk can be amplified.
Most readers have probably heard of threat actor capability.
This can be decomposed into things like nation-state, organized crime, etc.
We label these “useless decomposition” when used out of context. 
VL: How useful is threat intelligence, then? 
RS: We have to ask—and not to be mystical here—what threat intelligence means.
If you’re telling me it is an early warning system that lets me know a bad guy is trying to steal my shorts, that’s fine.
It allows me to prepare myself and fortify my defenses (e.g., wear a belt) at a relatively sustainable cost.
What I fear is that most threat intelligence data is probably very expensive, and oftentimes redundant noise. 
VL: Where would you focus your energy then? 
RS: For my money, I would focus on how I design, develop, and deploy products that persist and transmit or manage treasure.
Concentrate on the treasure; the bad guys have their eyes on it, and you should have your eyes directed there, too.
This starts in design, and not enough of us who make products focus enough on design.
Of course, if you are dealing with the integration of legacy “critical infrastructure”-based technology, you don’t always have the tabula rasa of design from scratch.
Link: http://www.darkreading.com/analytics/security-leadership-and-the-art-of-decision-making-/a/d-id/1326716



http://fedscoop.com/favicon.ico FCC proposes 5G cybersecurity requirements, asks for industry advice 
The FCC published a request Wednesday for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific “performance requirements” for developers of example internet-connected devices. 
“Cybersecurity issues must be addressed during the design phase for the entire 5G ecosystem, including devices.
This will place a premium on collaboration among all stakeholders," said FCC Chairman Tom Wheeler during a National Press Club event on June 20. "We continue to prefer an approach that emphasizes that industry develop cybersecurity standards just as we have done in wired networks." 
In addition to a structured security strategy, the FCC’s 5G application process will require organizations to share their ongoing participation in threat intelligence and other data sharing programs — such initiatives include the likes of the Cyber Threat Alliance. 
A quick review of the FCC’s proposed 5G cybersecurity plan shows a six category split, organized by a companies' security approach, coordination efforts, standards and best practices, participation with standards bodies, other security approaches and plans with information sharing organizations.
Link: http://fedscoop.com/fcc-proposes-5g-cybersecurity-requirements-asks-for-industry-advice



http://fedscoop.com/favicon.ico Traffic, jammed: New report says DDoS attacks are up 211 percent 
Distributed denial of service attacks are on the rise across the globe, as opportunistic Dark Web dealers increasingly sell hacking-as-a-service products, according to a new threat intelligence report compiled by Imperva, a California-based cybersecurity firm. 
The company measured threats faced by its customers during a roughly one-year time period, seeing a 211 percent year-over-year increase in attacks. 
The firm largely attributed this apparent growth to the establishment of several botnet operations — which serve as a platform to automate and increase attack volume — and malicious actors’ ability to access greater bandwidth to help generate and use such weapons.
Dark Web dealers are using these botnets, according to Imperva, to offer more effective cyber tools to would-be customers.
Link: http://fedscoop.com/ddos-attacks-up-211-percent-august-2016



http://www.federaltimes.com/favicon.ico New breed of IT professional 
T professionals are now integral to business decisions and have a much more visible role in protecting sensitive data.
They’re also increasingly expected to manage information privacy when key privacy positions aren’t filled or simply don’t exist. 
T professionals today must translate what they’re seeing in their threat-intelligence and risk-management efforts into business impact. 
IT professionals who think they can fight security and privacy battles alone have already lost the war. 
An open mind and flexible approach can go a long way in helping keep IT professionals relevant in today’s organization. 
An open mind and flexible approach can go a long way in helping keep IT professionals relevant in today’s organization.
Link: http://www.federaltimes.com/articles/new-breed-of-it-professional



http://www.zdnet.com/favicon.ico ​APAC unprepared for security breaches: FireEye's Mandiant 
In its latest report, Mandiant M-Trends Asia Pacific, the cyberforensics firm found that organisations across APAC allowed attackers to dwell in their environments for a median period of 520 days before discovering them—three times the global median of 146 days. 
Mandiant said APAC organisations cannot defend their networks from attackers because they frequently lack basic response processes and plans, threat intelligence, technology, and expertise. 
The report found that APAC was almost exclusively targeted by some attacker tools, with one suspected Chinese threat group, APT30, targeting highly sensitive political, economic, and military information for at least a decade. 
Mandiant said that during its investigations, it found that most organisations depended only on antivirus software to detect malicious persistence mechanisms. 
"Antivirus software is a signature-based technology that cannot detect every malicious event across an entire estate," the company said. 
"To significantly improve, organisations must bring together the technology, threat intelligence, and expertise necessary to quickly detect and respond to cyber attacks."
Link: http://www.zdnet.com/article/apac-unprepared-for-security-breaches-fireeyes-mandiant/



http://www.gadget.co.za/favicon.ico SA’s new cybercrimes law explained 
A new Cybersecurity Bill is coming into effect later this year which aims to stop cybercrime and improve security for South Africans.
SEAN DUFFY, Security Executive at Dimension Data Middle East & Africa, explains the basics of the bill. 
The Cybercrimes Bill affects everyone using a computer or the Internet, or anyone who owns an information infrastructure that could be declared critical.
Among others, the following individuals and organisations should take note: ordinary South African citizens or employees using the Internet, network service providers, providers of software and hardware tools, financial services providers (the Bill includes prohibited financial transactions), representatives from government departments, those involved with IT regulatory compliance, as well as information security experts. 
The Cybercrimes Bill consolidates South Africa’s cybercrime laws, which makes successful prosecution of criminals more likely.
Up until now, cyber offences were charged under various acts, among others the Prevention of Organised Crime Act, and the Electronic Communications and Transactions (ECT) Act of 2002.
The ECT Act seemed to govern most online crime, but only included three cybercrime offences. 
Penalties on conviction are quite severe.
Penalties include fines of R 1 – R 10 million and imprisonment of one to ten years, depending on the severity of the offence.
The nature of the crime determines the penalty. 
Incidents will happen, but it’s how an organisation responds that matters.
Government is working on establishing a legal mechanism for anyone to defend themselves against cybercrime.
However, organisations need to be more proactive in their security through the use of services such incident response plans, real-time threat management, vulnerability management and managed security services.
Link: http://www.gadget.co.za/sas-new-cybercrimes-law-explained/



https://securityintelligence.com/favicon.ico Get the Security Budget You Need and Spend It Wisely 
It’s challenging for a CISO to get budget for cybersecurity.
Your board of directors really wants to spend that IT money on projects and solutions that will expand the business and bring in more revenue.
That’s what your shareholders value. 
As breaches become more commonplace, your colleagues and customers become desensitized to the potential impact of a breach, which can downgrade their sense of urgency to protect assets in advance.
New CISOs sometimes report being given no security budget at all. 
So how do you show that there is value in investing in cybersecurity and justify a proper security budget.
There isn’t an ROI in the way that most company accountants understand it.
Much of the time you have to rely on your experience and judgment, as well as the competing claims of security vendors — none of which helps you build a compelling case when you are being asked to assess the return on the investment and tell the board members why they should spend their money on your security budget. 
A team of researchers at the Robert H.
Smith Business School at the University of Maryland developed and refined an economics-based model to help businesses with this exact problem. 
The researchers produced an informative video to show the basics of the model and their research findings.
The video distills years of research into a four-step process to help you determine where your security budget is best spent.
The basic principles are similar to those proposed by many experienced security consultants — with some key refinements. 
First, classify your assets by value in terms of cost of a potential breach as well as vulnerability to a breach.
Then, estimate the degree to which the solution in question will reduce the likelihood of a breach.
Some simple statistics then show you how to maximize the return on your cybersecurity investment. 
Surprisingly, it’s not always best to set out to protect your most obvious assets.
Sometimes the costs of fully protecting the most vulnerable assets are impractically high.
From a business return standpoint, you may be better off protecting a larger number of less vulnerable assets. 
The researchers used their model against real-life scenarios and found that, for most use cases, your cybersecurity budget should not exceed 37 percent of the expected losses due to a security breach.
This is the point at which the costs usually (but not always) start to outweigh the expected benefits. 
The beauty of the Gordon-Loeb model is that it gives you a framework to derive costs versus benefits for different levels of investment.
They are clear that there are use cases where it does not apply, however: For example, in a case where the breach of an asset would lead to catastrophic loss. 
No model should be relied upon prescriptively, but going through the modeling exercise when you assess your security risk should at least help you review and refine your thinking.
Link: https://securityintelligence.com/get-the-security-budget-you-need-and-spend-it-wisely/



http://www.computerweekly.com/favicon.ico Data breaches: Different regions, very different impacts 
A Deloitte report on the business impact of a cyber attack recently showed that 89% of the impact of a breach comes from three factors: 

Value of lost contract revenue;
Devaluation of trade name; and
Lost value of customer relationships.
It is important to note that these factors look quite different from an EU perspective.
Most EU companies are not currently required to notify regulators or customers after a data breach, as opposed to the US, where 47 out of 50 states have mandatory notification laws.
As a result, several main impacts (which are felt heavily in the US) are either non-existent or less visible in the EU, including: 
- Cost
- Scrutiny
- Pressure
As a result of these differences, EU companies are less incentivised to improve cyber security.
The EU market for cyber insurance is consequently less mature than in the US – where products have been developed to transfer the costs of business disruption, customer notification, and identity theft protection. 
However, this situation will change over the next two years, as the EU General Data Protection Regulation (GDPR) and Network and the Information Security (NIS) directives come into force in mid-2018.
Both pieces of legislation will increase the number of companies and sectors that will have to report breaches to their national regulator – and possibly to customers – within 72 hours (GDPR) or without “undue delay” (NIS Directive) depending on the severity of the breach.
Link: http://www.computerweekly.com/opinion/Data-breaches-Different-regions-very-different-impacts



http://www.lexology.com/favicon.ico Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity 
On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. 
According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an attacker infiltrated the e-retailer’s website.
Nearly one year later, the e-retailer’s merchant bank notified it that fraudulent charges were appearing on customers’ credit card accounts.
The e-retailer then hired a cybersecurity firm to conduct a forensic investigation, and the malware was discovered and removed from the e-retailer’s website. 
Besides the obvious lesson of complying with state data breach notification laws where applicable, the other important lesson is that companies must carefully evaluate how they market the privacy and security of their e-commerce platforms.
Federal and state agencies, like the Federal Trade Commission (FTC) and state attorneys general, have increased their scrutiny of companies’ privacy and cybersecurity representations.
Regulators will also scrutinize companies’ actual cybersecurity practices.
The FTC has offered some practical advice to guide companies in this regard, some of which we have previously discussed here and here.
Bottom line: Companies should prioritize cybersecurity and treat it as an investment rather than a cost.
Link: http://www.lexology.com/library/detail.aspx?g=023110ea-5bc9-4023-9c1f-4cb67dd87aaa



Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says
A report out by Cybersecurity Ventures predicts global annual cybercrime costs will grow to $6 trillion by 2021. 
While a $6 trillion estimate might be a little high, “a trillion dollars plus is a real possibility,” says Larry Ponemon, chairman and founder of the Ponemon Institute.
Though this isn’t a number he saw coming down the pipeline. “If you asked me five or six years ago, I’d fall over,” he says.   
The predicted cybercrime cost takes into account all damages associated with cybercrime including: damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
It does not include the cost incurred for unreported crimes. 
The Cybersecurty Ventures report, which is a compilation of cybercrime statistics from the last year, also predicts that the world’s cyberattack surface will grow an order of magnitude larger between now and 2021.
Link: http://www.darkreading.com/attacks-breaches/global-cost-of-cybercrime-predicted-to-hit-%246-trillion-annually-by-2021-study-says/d/d-id/1326742



http://www.computerworld.com/favicon.ico Got big data? The Cloud Security Alliance offers up 100 best practices 
For companies working with distributed programming frameworks such as Apache Hadoop, for example, the CSA recommends using Kerberos authentication or an equivalent to help establish trust. 
Companies that use nonrelational data stores such as NoSQL databases, meanwhile, are hampered by the fact that such products typically include few robust embedded security features, the report's authors say.
For that reason, they suggest using strong encryption methods such as the Advanced Encryption Standard (AES), RSA, or Secure Hash Algorithm 2 (SHA-256) for data at rest. 
Also included in the report are suggestions for real-time security and compliance monitoring, privacy-preserving analytics, data provenance, cryptographic techniques, and more.
The handbook is now available as a free download. 
Market researcher Gartner, meanwhile, predicts that the improper use of big data analytics will cause half of all business to experience ethics violations by 2018.
Link: http://www.computerworld.com/article/3113127/security/got-big-data-the-cloud-security-alliance-offers-up-100-best-practices.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-08-26&idg_eid=d5d83



http://www.computerworld.com/favicon.ico Privacy Shield data-transfer agreement now covers 200 companies 
Companies must register with the International Trade Administration of the U.S.
Department of Commerce to be covered.
It's a self-certification process, so the ITA is only checking that the forms are filled in correctly, not that companies are necessarily complying with all 13,894 words of the rules.
The Privacy Shield rules are needed to ensure that EU citizens' personal information is afforded the same legal protection in the U.S. as required under EU law. 
There are now 200 companies standing behind Privacy Shield, the framework agreement allowing businesses to process the personal information of European Union citizens on servers in the U.S. 
Some 5,534 organizations signed up to Safe Harbor before the court ruling came, with the certification status still listed as "current" for 3,375 of them.
Link: http://www.computerworld.com/article/3112576/internet/privacy-shield-data-transfer-agreement-now-covers-200-companies.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-08-26&idg_eid=d5d8326c323



https://www.theengineer.co.uk/favicon.ico Security must be top of the manufacturing agenda 
In order for manufacturers to be fully prepared, embedding security within manufacturing technology at the point of origin and ensuring end-user environments are as secure as possible would be the most effective methods to ensure such vulnerabilities are significantly mitigated.
As these systems have been traditionally isolated from office network environments and the internet through air-gapping, it is evident that industrial hardware and software was not designed with security in mind, rather, it was intended to function within a closed environment. 
Within modern industries, however, we see an increased demand for real time data and remote access services.
Previously separate systems are now interconnected with other company networks, exposing the hardware, services and protocols to attackers.
The popularity of WirelessHART products show a significant shift among manufacturers to integrate and utilise networked technology to increase efficiencies within their businesses.
The benefits of this technology are undeniable, allowing manufacturers with legacy systems to swiftly and cheaply upgrade their existing systems to a level of productivity arguably comparable to fully digital environments. 
For a business to fully secure its industrial environment, the education of staff on security best practices must become an essential element of day-to-day activities.
A focussed approach to training and awareness enables staff to better understand the threats that affect their work environments – it is therefore essential for all personnel to fully understand the security risks relevant to their duties, thus minimising the risks associated with a successful cyber-attack.
Link: https://www.theengineer.co.uk/security-must-be-top-of-the-manufacturing-agenda/



https://securityintelligence.com/favicon.ico Security Conferences Abound: Which Should You Attend? 
There is normally a hiatus in security conferences between September and February that allows those of us who have been drinking from the fire hose to stop and take a breath.
This breathing space permits us to implement, adjust, engage and otherwise ensure we are where we need to be with respect to securing our data, our clients’ data and our customers’ data.
The hiatus also gives us the opportunity to decide which security conferences will give us the biggest bang for our buck in terms of education and industry awareness in the coming year. 
ShmooCon 2017 is a three-day security conference taking place in Washington, D.C. in January 2017.
The format lends itself to those engaged in maintaining and breaking cybersecurity devices, network and appliances. 
The Cyber Threat Intelligence Summit is a two-day security conference hosted by the SANS Institute in Arlington, Virginia.
Four days of training seminars and classes will precede the conference in late January 2017. 
The RSA Conference is the largest of all the security conferences, to be held in San Francisco in mid-February 2017.
In the run up to the conference, we will see major vendors release a plethora of new studies and product announcements.
Then there’s a multitude of agnostic and vendor-driven training forums.
Many will find the enormous expo areas an excellent means by which to learn about solutions from vendors and receive some introductory training on these tools. 
The International Association of Privacy Professionals (IAPP) hosts a variety of global conferences focused on educating attendees on the broad topic of privacy. 
InterConnect is IBM’s premier annual conference for security, cloud and mobile.
The 2017 event is scheduled for mid-March in Las Vegas and will once again feature more than 2,000 sessions, ranging from deep-dive technical demonstrations to business content to hands-on labs and workshops. 
InfoSec World is a security conference and expo scheduled to take place in ChampionsGate, Florida, in April 2017.
The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. 
The international Forum of Incident Response and Security Teams (FIRST) Conference will take place in San Juan, Puerto Rico, in June 2017.
Those involved in incident response at the national, local or enterprise level will benefit from attending. 
The Black Hat security conferences are held in Las Vegas each summer and elsewhere in the world (in Asia and Europe) at varying times.
According to the organizers, more than two-thirds of attendees are information security professionals with the CISSP distinction.
The conference is light on vendor displays and heavy on practical demonstrations of new exploits and discoveries, so it’s definitely a worthwhile event for security professionals and those IT workers on the ground. 
DEF CON takes place annually in Las Vegas, and the next conference will occur in late July 2017.
The organizers bill the conference as “the hacking conference,” and past attendees will certainly attest to the veracity of this claim. 
While the aforementioned security conferences are by no means all-inclusive, they are always on this writer’s calendar for consideration.
They should be on yours as well.
Link: https://securityintelligence.com/security-conferences-abound-which-should-you-attend/



http://cio.economictimes.indiatimes.com/favicon.ico Fueling secure technology adoption in banks through a robust cyber security framework[India] 
The threat landscape is evolving and in light of increased adoption of technology by banks as a part of the country’s move towards a cashless economy, Reserve Bank of India (RBI) has recently mandated the creation of a Cyber Security Framework to fortify the security postures at banks.
Banks are now mandated to formulate a Cyber Crisis Management Plan (CCMP) which will address the aspects of detection, response, recovery and containment. 
Security is becoming a part of boardroom agenda across organizations and as rightly recognized by RBI, security should not be an IT-only concern.
Reiterating the key role of the CISO in bridging business needs with IT needs, cybersecurity policies should be distinct from an organization’s broader IT policy specifically highlighting the risks from cyber threats and the measures for mitigation. 
The information centric model should include envisioning the information infrastructure, information intelligence, and information governance. 
Following the advisory by RBI, banks have undergone gap assessments as the initial step and would have submitted the analysis by July 31.
The roadmap to achieve an all-inclusive cybersecurity infrastructure is going to be perplexing where banks will face challenges pertaining to implementation, costs, investments, organizational arrangements and so on.
However, the goal once achieved, will be a huge leap towards a robust, secure banking ecosystem.
Link: http://cio.economictimes.indiatimes.com/tech-talk/fueling-secure-technology-adoption-in-banks-through-a-robust-cyber-security-framework/1748



The Hidden Dangers Of 'Bring Your Own Body'
1) Who, exactly, has ownership of this data?
2) How should the business manage this data? 
There may not be that much biometric data currently in the average enterprise, but its use is on the rise.
Both the private and public sectors probably (and legally) have some of your biometric data right now.
If you’ve ever worked for a government-affiliated organization and achieved any type of security clearance, it has your fingerprint data.
If you have a US driver’s license —even if you have no criminal record—there’s a good chance that the FBI is already analyzing your photo for a facial-recognition database.
The information that HR departments handle on a regular basis—Social Security numbers, home addresses, health insurance details, tax information, etc.—all pose threats to privacy and security that are practically incomparable to traditionally stolen data types such as credit card numbers. 
The key objective for the immediate future is to determine what’s within the realm of control, and how security can be strengthened for the locations where there is most likely to be sensitive items.
This relatively simple task today will be important for the future, regardless of how common biometric data becomes in business.
Link: http://www.darkreading.com/endpoint/the-hidden-dangers-of-bring-your-own-body/a/d-id/1326703



https://blogs.cisco.com/favicon.ico Vulnerability Spotlight: Multiple DOS Vulnerabilities Within Kaspersky Internet Security Suite 
Talos has discovered multiple vulnerabilities in Kaspersky’s Internet Security product which can be used by an attacker to cause a local denial of service attack or to leak memory from any machine running Kaspersky Internet Security software. 
The vulnerabilities affect Kaspersky Internet Security 16.0.0, KLIF driver version 10.0.0.1532, but may affect other versions of the software too.
Since anti-virus software runs with low level privileges on any system, vulnerabilities in these software are potentially very interesting for attackers.
Although these vulnerabilities are not particularly severe, administrators should be aware that security systems can be used by threat actors as part of an attack, and keep such systems fully patched. 
Vulnerabilities discovered by Piotr Bania and Marcin ‘Icewall’ Noga of Cisco Talos.
Link: https://blogs.cisco.com/security/talos/vulnerability-spotlight-multiple-dos-vulnerabilities-within-kaspersky-internet-security-suite



http://www.industryweek.com/favicon.ico Cyberthreats Targeting the Factory Floor 
Cyberattacks targeting manufacturing companies are on the rise, according to a recent report from IBM X-Force Research’s 2016 Cyber Security Intelligence Index.
The report noted that the sector is the second most-attacked industry behind healthcare.
Automotive manufacturers were the top targets for criminals, accounting for almost 30% of all cyberattacks in 2015, while chemical companies were attackers’ second-favorite targets. 
Most manufacturing companies are behind the curve on security.
The Sikich report noted that only 33% of the manufacturers it surveyed were performing annual penetration testing within their IT groups.
When it comes to ICS networks even less is being done to secure them.
Because of lax security standards, manufacturers are leaving themselves exposed at every point of their networks. 
One of the biggest security challenges manufacturers face is dealing with the variety of different communication protocols used in ICS networks. 
Standard data plane protocols like Modbus and DNP3 are used by HMI/SCADA/DCS applications to communicate physical measurements and process parameters such as current temperature, current pressure, valve status, etc. 
Meanwhile, the control plane protocols — which are used to configure automation controllers, update their logic, make code changes, download firmware, etc. — are proprietary and vendor-specific.
Each vendor uses its own implementation of the IEC-61131 Standard for Programmable Controllers.
These implementations are rarely documented, making it very difficult to monitor critical activities. 
Contrary to popular belief, this is not extremely difficult.
Once inside the network, an attacker can easily download control logic to an industrial controller or change its configuration.
Since these actions are executed using proprietary vendor-specific protocols, there is no standard way to monitor these control plane activities.
As a result, changes made by an attacker can go unnoticed until damage starts to occur. 
Gaining visibility into ICS networks is the first step in being able to protect them from cyberthreats.
Discovering all assets, especially industrial controllers, is critical.
This includes maintaining a reliable inventory of configurations, logic, code and firmware versions for each controller.
Link: http://www.industryweek.com/information-technology/cyberthreats-targeting-factory-floor



http://www.healthcare-informatics.com/favicon.ico Don’t Get Stranded without a Data Security Action Plan 
Navigating this increasingly complex maze of requirements from different states while simultaneously combatting data breaches is not an easy task.
That’s why it’s critical for healthcare providers to prepare a comprehensive data security action plan by following these five steps: 
1) Benchmark to identify vulnerabilities
2) Adopt a consistent security posture
3) Evaluate and manage third-party relationships
4) Gain a full understanding of all state and federal regulations
5) Implement a communications strategy to protect your reputation
Link: http://www.healthcare-informatics.com/article/cybersecurity/don-t-get-stranded-without-data-security-action-plan

Posted on 08/28
NewsPermalink

Wednesday, July 27, 2016

IT Security News - 2016-07-27

Table of Contents

  • ​Australian firms face growing cyber litigation threat
  • As Biometric Scanning Use Grows, So Does Security Risk
  • Researchers Struggle to Determine True Cost of Data Breaches
  • Here are the key security features arriving with Windows 10 next week
  • Senate body approves controversial cyber-crime bill [ISLAMABAD]
  • Ransomware 2.0 is around the corner and it's a massive threat to the enterprise
  • Security Current Launches eBook on Phishing and Malware in Ongoing Series for CISOs
  • The rise in cyber attacks shows we need to change the way we think about crime
  • Nonprofit cybersecurity key to serving community responsibly, experts say
  • Changing security situation, deeply convinced practicing the new security concept [auto translated - so text is challenging]
  • The Cost of a Data Breach in India: What You Need to Know
  • WinMagic survey finds 23% of businesses claim to stop a data breach a day
  • The Information Security Leader, Part 4: Three Persistent Challenges for CISOs
  • Debunking the common myths of Data Loss Prevention (DLP)
  • Hands up, whose firewall rules are a mess? Yes? Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe. In fact, 65% of the 300 security professionals surveye
  • Enhancing cyber security by implementing a robust threat and vulnerability management program



​Australian firms face growing cyber litigation threat
Australian companies face ‘US levels’ of litigation if they fail to prepare for mandatory data breach reporting requirements which are likely to come into effect this year, a lawyer has warned. 
Speaking in Sydney, Adam Salter, a partner at law firm Jones Day’s cybersecurity, privacy and data protection practice, said companies not adequately prepared are at greater risk of being sued by their corporate customers.
Litigation would be initiated for breach of privacy obligations embedded in customer contracts and by consumer customers, he said. 
Salter based his view on the firm’s experience in other jurisdictions – such as the US and European Union – that have introduced mandatory data breach notification laws. 
Salter said Australian businesses should regularly review and strengthen their IT and data security systems, policies and procedures and prepare for how they would report a potential data breach to authorities and customers.
Link: http://www.cio.com.au/article/603956/australian-firms-face-growing-cyber-litigation-threat/



http://www.nbcnews.com/favicon.ico As Biometric Scanning Use Grows, So Does Security Risk 
The use of biometrics has exploded in recent years, with companies ranging from 24-Hour Fitness to NYU Langone Medical Center using this convenient technology to identify their customers. 
By 2019, biometrics are expected to be a 25-billion-dollar industry with more than 500 million biometric scanners in use around the world, according to Marc Goodman, an advisor to Interpol and the FBI.
Newest to the scene, Wells Fargo this fall will begin offering a smartphone app with biometric authentication for corporate customers — making all their financial information just an eye scan away. 
But there have already been cases of biometric hacking on a large scale.
An estimated 22 million people had their personal data stolen in a massive data breach at the Office of Personnel Management in December 2014, including RAND privacy expert and mother of two Rebecca Balebako.
She received a letter from OPM last year informing her that her personal information, including her ten fingerprints, were stolen in the breach. 
As biometric technology grows more personal and more widespread, so too do the risks to personal privacy.
Link: http://www.nbcnews.com/tech/tech-news/biometric-scanning-use-grows-so-do-security-risks-n593161



http://www.eweek.com/favicon.ico Researchers Struggle to Determine True Cost of Data Breaches 
Depending on the estimate, the average data breach can cost a company $7 million or $150 million.
Why are data breach costs so difficult to estimate? 
In May, tucked away in its quarterly filing to the Securities and Exchange Commission, retail giant Target updated its running total of the cost of its 2013 holiday season breach. 
While the retail giant may have outdone its peers with the bill for its breach, it is hardly alone.
U.K. mobile service provider TalkTalk attributed more than $80 million in losses to a breach that garnered information on 157,000 customers.
Following its breach in 2014, Home Depot tallied at least $161 million in costs from the loss of 40 million payment-card accounts and more than 50 million e-mail addresses, the company claimed in March. 
Yet, other companies have no idea how much damage their breaches have done.
In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem.
More than a year later, the company cannot put a number to its damages. 
Yet, other companies have no idea how much damage their breaches have done.
In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem.
More than a year later, the company cannot put a number to its damages. 
A more modest estimate, from the Ponemon Institute's “2016 Cost of Cybercrime” report, found that the average company could expect a $4 million loss per breach incident today.
U.S. companies have consistently higher losses, including an average breach cost of $7 million and an average per-capita breach cost of $221.
U.S. companies and organizations also encountered higher costs from the loss of customers, the report stated. 
Having a well-trained incident response team and extensively using encryption were the two strategies that most decreased the cost of data breaches, while the involvement of a third party in the data breach and a company’s use of an extensive cloud infrastructure were the two factors that most increased costs, according to the “2016 Cost of Cybercrime” report. 
The disagreement between approaches is par for the course in data-breach calculations.
In a paper comparing six data-breach cost calculators, two Colorado State University researchers found that each approach made different assumptions and arrived at different per-record costs for data breaches. (Three of the calculators were created in conjunction with the Ponemon Institute and three different sponsors.)
Link: http://www.eweek.com/security/researchers-struggle-to-determine-true-cost-of-data-breaches.html



http://www.computerworld.com/favicon.ico Here are the key security features arriving with Windows 10 next week 
The new functionality aims to help IT departments protect their companies before and after a breach
Windows Information Protection aims to make it possible for organizations to compartmentalize business and personal data on the same device.
It comes alongside the general release of Windows Defender Advanced Threat Protection, a system that uses machine learning and Microsoft's cloud to better protect businesses after their security has been breached. 
Using Windows Information Protection, companies can encrypt their data on employee devices using keys that are controlled by IT. 
Companies can also set policies about which applications can be used to handle business data, so users can't live-tweet the content of a company's HR system, for example. 
For businesses to use Windows Information Protection, they'll need a Windows 10 Enterprise E3 subscription, which costs $7 per user per month. 
Windows Defender ATP requires a company be subscribed to the more expensive Windows 10 Enterprise E5 service, which is meant for companies looking for premium Windows 10 add-on features.
Link: http://www.computerworld.com/article/3100025/security/here-are-the-key-security-features-arriving-with-windows-10-next-week.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&idg_eid=d5d83



http://www.dawn.com/favicon.ico Senate body approves controversial cyber-crime bill [ISLAMABAD] 
ISLAMABAD: A Senate panel on Tuesday approved the controversial Prevention of Electronics Crimes Bill 2015. 
The bill, which has already been approved by the National Assembly, will now be put up for discussion in the Senate, which must approve it before it can be signed into law by the president. 
Salient features of bill

Up to seven years imprisonment, Rs10 million fine or both for hate speech, or trying to create disputes and spread hatred on the basis of religion or sectarianism
Up to three years imprisonment and Rs0.5 million fine or both for cheating others through internet
Up to five year imprisonment, Rs5 million fine or both for transferring or copying of sensitive basic information
Up to seven years imprisonment and Rs0.5 million fine or both for uploading obscene photos of children
Up to Rs50 thousand fine for sending messages irritating to others or for marketing purposes.
If the crime is repeated, the punishment would be three months imprisonment and a fine of up to Rs1 million
Up to three year imprisonment and a fine of up to Rs0.5 million for creating a website for negative purposes
Up to one year imprisonment or a fine of up to Rs1 million for forcing an individual for immoral activity, or publishing an individual’s picture without consent, sending obscene messages or unnecessary cyber interference
Up to seven year imprisonment, a fine of Rs10 million or both for interfering in sensitive data information systems
Three month imprisonment or a Rs50 thousand fine or both for accessing unauthorised data
Three year imprisonment and a fine of up to Rs5 million for obtaining information about an individual’s identification, selling the information or retaining it with self
Up to three year imprisonment and a fine of up to Rs0.5 million for issuing a SIM card in an unauthorised manner
Up to three year imprisonment and fine of up to Rs1 million rupees for making changes in a wireless set or a cell phone
Up to three year imprisonment and a fine of up to Rs1 million for spreading misinformation about an individual
Up to three years imprisonment and fine of up to Rs1 million for misusing internet
Link: http://www.dawn.com/news/1273324/senate-body-approves-controversial-cyber-crime-bill



http://www.techrepublic.com/favicon.ico Ransomware 2.0 is around the corner and it's a massive threat to the enterprise 
"The landscape is simple.
Attackers can move at will.
They're shifting their tactics all the time.
Defenders have a number of processes they have to go through," said Jason Brvenik, principal engineer with Cisco's security business group, discussing the Cisco 2016 Midyear Cybersecurity Report. 
Cisco used data from its customers to create the report, since there are more than 16 billion web requests that go through the Cisco system daily, with nearly 20 billion threats blocked daily, and with more than 1.5 million unique malware samples daily, which works out to 17 new pieces of malware every second, Brvenik said. 
The next step in the evolution of malware will be ransomware 2.0, which Brvenik said "will start replicating on its own and demand higher ransoms.
You'll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted.
That's really a nightmare scenario." 
Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company's network, Brvenik said. 
New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency.
For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions.
These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities, according to the report. 
Brevik noted that the nature of the attack is also likely to change, focusing on service-oriented technologies and systems, with teams ready to attack and try to compromise systems.
Advertising is a viable model for attack. 
"We saw a 300% increase in the use of HTTPS with malware over the past four months.
Ad injection is the biggest contributor.
Adversaries are using HTTPS traffic to expand time to operate.
That's the attacker opportunity as it exists today," he said.
Link: http://www.techrepublic.com/article/ransomware-2-0-is-around-the-corner-and-its-a-massive-threat-to-the-enterprise/?ftag=TRE684d531&bhid=21487072891631060763005914609462



Security Current Launches eBook on Phishing and Malware in Ongoing Series for CISOs
TENAFLY, N.J., July 26, 2016 /PRNewswire/—Security Current, an information and collaboration community by CISOs for CISOs, today announced the release of its latest ebook, A CISOs Guide to Phishing and Malware by Joel Rosenblatt, which now is publicly available.
The ongoing Security Current ebook series, A CISO's Guide to… provides insights and guidance on key issues facing today's CISO from a CISO's perspective. 
In this ebook, Rosenblatt, director of information security for Columbia University, explores real-world examples of advanced targeted attacks via email and social media, demonstrating how these evolving threats are increasing an organization's business risks.
More specifically, he explores attack vectors such as email that are being exploited as never before.
Link: http://www.prnewswire.com/news-releases/security-current-launches-ebook-on-phishing-and-malware-in-ongoing-series-for-cisos-300303829.html



http://phys.org/favicon.ico The rise in cyber attacks shows we need to change the way we think about crime 
You are now 20 times more likely to have your money stolen online by a criminal overseas than by a pickpocket or mugger in the street, according to recent figures from the Office for National Statistics.
The figures, revealed that almost 6m fraud and cyber crimes were committed in the past year in England and Wales alone – making it now the most common type of crime experienced by adults in the UK.
The average frontline police officer also needs to be able to think about the digital crime scene as well as, or instead of, the physical one.
Being able to respond and investigate criminal cyber activity should no longer be the domain of police specialists – because, as the evidence shows, victims are more likely to suffer a cyber criminal act than any other form of crime.
Beyond law enforcement, society must think about the role of the private sector and their duty of care.
Everyone online is sitting on an internet service provider's network, which effectively owns the digital land upon which we have set up our digital lives.
In the physical world, landlords renting a property have a duty of care to the safety of their tenants, so surely it makes sense for our digital landlords to be held to the same standards.
To respond effectively we need to look at the data gathered on the nature of these crimes – to understand how cyber crimes occur, and who is most at risk.
In the long run, this will make it easier for law enforcement to work out how to tackle these cases.
But this must be done in a sensible and measured way, as the situation is likely to appear to get worse before it gets better as people become more aware of what these crimes are and how to report them.
Similarly organisations, such as the ONS and the City of London Police, will get better at recording cyber crime – causing the figures to go up again.
For now though, these new figures make it clear that cyber crime must become a significant priority for the police and crime commissioners up and down the country.
Link: http://phys.org/news/2016-07-cyber-crime.html



https://mibiz.com/favicon.ico Nonprofit cybersecurity key to serving community responsibly, experts say 
Regardless of size or resources, nonprofits must keep cybersecurity top of mind. 
Regardless of size or resources, nonprofits must keep cybersecurity top of mind. 
Puckett has made cybersecurity a top priority for the foundation.
One of a nonprofit’s biggest risk areas is “reputation,” she said, and a breach of any kind can seriously compromise the trust a community places in an organization. 
“Nonprofits rely extremely heavily on their I.T. vendors,” she said. “ I know why — because they don’t know what they don’t know — but nonprofits need to become informed with some of the basics so that they at least know the questions to ask.
If they don’t know those questions, they need to reach out to resources that are available all over.” 
One of those resources is the West Michigan Cyber Security Consortium (WMCSC), a free-to-join group of more than 250 local businesses and organizations sharing best practices for remaining secure.
WMCSC is working with Trivalent Group Inc., the Better Business Bureau and the Michigan Small Business Development Center to host the third annual Michigan Cyber Security Conference on Oct. 5. 
Puckett said her organization performs multiple security audits throughout the year.
One audit reviews the foundation’s internal controls, such as password requirements, lockout policies, firewalls, two-factor authentication, etc.
Another audit involves a penetration test, in which a third-party consultant attempts to hack into the network to look for any weaknesses the foundation could patch up. 
The single most important issue to address, however, is employee education, sources said.
Considering how effective most of the modern security systems are, an uninformed or careless employee is actually the most likely cause of infiltration, according to Puckett.
That’s why she sends out monthly security awareness letters, as well as occasional phishing tests to see if employees will fall for the common password-stealing scam.
Even going to the wrong website can have disastrous results. 
For Goodwill, protecting the information of “the people we serve” is top priority, Wallace said.
Through various programs, such as career and health care services, Goodwill has access to many of its participants’ personal information.
As such, the Health Insurance Portability and Accountability Act (HIPAA) plays a large part in the organization’s security policies.
As one “very small example,” Wallace said that neither job coaches nor any other employees are allowed in any way to interact on social media with program participants. 
“It doesn’t matter what size you are,” Wallace said. “It’s important for any nonprofit that has private information about individuals.
You owe it to the people you’re serving.”
Link: https://mibiz.com/news/nonprofit-business/item/23843-nonprofit-cybersecurity-key-to-serving-community-responsibly,-experts-say



http://BLANK.com Changing security situation, deeply convinced practicing the new security concept [auto translated - so text is challenging] 
As China's first sales of over one billion yuan veteran security vendors in the security market, deeply convinced annual earnings growth of 30%.
By 2015, sales are deeply convinced of a breakthrough 1.6 billion in security virtualization and variety of products continued to maintain market share. 

In recent years, emerging security events to promote the development of the network security market, the number of network security vendors continue to increase, the structural safety of the product are continuously enriched, market size and network security investment constantly increasing.
As China's first sales of over one billion yuan veteran security vendors in the security market, deeply convinced annual earnings growth of 30%.
By 2015, sales are deeply convinced of a breakthrough 1.6 billion in security virtualization and variety of products continued to maintain market share.
The changing face of the Internet and the escalating threat, as well as fierce competition in the market, deeply convinced of the safety concept to practice what is it.
Faced with ever-changing network security situation, the urgent need to change in response to changes in the security environment and IT attacks occurred.
Security is not safe or is it the product of a pile of security services, but an ability. 
First of all, the visual is security.
Know thyself only know yourself, see the security necessary capacity of enterprises.
Only through their own lack of understanding, to see to understand the security situation, in order to identify threats and targeted for construction safety. 
Second, companies need to continue the detection of risks, and respond quickly.
There is no perfect thing, there is no hundred percent security.
Faced advanced targeted attacks (APT), we can not completely prevent the control of an attacker in, effective approach is to control their behavior to avoid further attacks and destruction. 
inally, secure delivery should be easy to use.
First, because of the ability to secure corporate security managers have become increasingly demanding, they need only to understand the network but also to understand the application, it is necessary to understand the technology, but also need to know the laws and regulations in order to guarantee effective lines of business, operations process security; and second, because the security management becomes complex, the need for information assets, to track human behavior, security risk management, and timely elimination of security risks. 
To achieve safe optionally starting from the following three points: First, more visual elements.
The elements of user behavior, assets and other visual analysis, to find the point of risk, and in a timely manner for safe disposal.
The second point, bypassing behavior defense system visualization.
Mainly involving sensitive information, external links, abnormal traffic.
Third, in order to render the management perspective.
To make it easier to understand the risks and effective security management, security required from a management perspective will be visualized presentation. 
In continuous testing, the need for the event has occurred, unknown threats, as well as loopholes in the system for continuous detection by detecting the terminal, abnormal behavior of the server, to detect unknown threats and new threats, detect new vulnerabilities because the system updates frequently generated, and ultimately quickly issued a policy based on test results, narrow the scope of the threat, quickly fix vulnerabilities. 
In this regard, deep convinced technology from the server security, endpoint security, security cloud platform to form a continuous integral detection technology architecture that provides detection of unknown threats, cloud scanning, cloud testing and other testing services continued. 
Simple secure delivery of on-line needs easier deployment, simpler daily operation and maintenance.
Infrastructure Security delivery need to simplify the integration of security functions as possible, and in an integrated strategy deployed on the front line of safety testing, simplify policy deployment;
Link: http://news.securemymind.com/2016072624304.html



https://securityintelligence.com/favicon.ico The Cost of a Data Breach in India: What You Need to Know 
IBM and Ponemon Institute recently released the “2016 Cost of Data Breach Study: India,” the annual benchmark study on the cost of data breach incidents for companies based in India. 
Below are the key takeaways from the report:

The average total cost of a breach was 9.73 crore INR.
This represents a 9.5 percent increase over 2015 costs.
In comparison, the global average total cost of a data breach increased by 5.4 percent.
The size of data breaches increased as well — the average size grew by 8.5 percent in 2016.
This is much more than the global average increase of 3.2 percent.
The impact of data breaches varied by industry.
Certain sectors, such as financial services, had higher data breach costs when compared with industries such as research and the public sector.
Forty-one percent of companies experienced a data breach as a result of a malicious or criminal attack, which was the most common root cause of a breach.
The cost of a data breach was directly related to the number of records comprised in the attack.
The greater the number of records lost, the higher the cost.
Data breaches that involved less than 10,000 records had an average cost of 5.96 crore INR, while breaches involving more than 50,000 records had an average cost of 16 crore INR.
The longer it takes to detect and contain a data breach, the more costly it becomes to resolve.
Link: https://securityintelligence.com/the-cost-of-a-data-breach-in-india-what-you-need-to-know/



WinMagic survey finds 23% of businesses claim to stop a data breach a day
LONDON, UK – July 26, 2016 – WinMagic Inc., the intelligent key management and data security company, has today released survey data in which IT managers say they thwart an attempted data breach at least once a month.
The survey of 250 IT Managers found that a staggering 23% stop a breach every day.
A data breach can be the result of an attack on the network, or an employee inadvertently sending or taking information out of the corporate network without adequate care. 
The survey also spoke with 1,000 employees, 41% of whom believe IT security is solely the IT department’s responsibility – A further 37% say they have a role to play in IT security too.
Even though so many employees seemingly abdicate themselves of responsibility for IT security, a fifth of IT managers want to be able to empower them to use personal devices to access work documents.
Interestingly only 36% felt such access should be restricted to approved employees. 
IT managers also rated employees as the second biggest risk behind hackers to security (24%).
Link: http://www.pressreleaserocket.net/winmagic-survey-finds-23-of-businesses-claim-to-stop-a-data-breach-a-day/474317/



https://securityintelligence.com/favicon.ico The Information Security Leader, Part 4: Three Persistent Challenges for CISOs 
CISOs and their teams must embody two distinct roles: subject matter experts in the technical aspects of cybersecurity and trusted advisers in making recommendations about security-related risks.
CISOs and their teams need to become confident in addressing four fundamental questions about security-related risks to help guide executive-level discussions toward making better-informed business decisions about managing risks to an acceptable level, as opposed to providing the executives with updates of tactical metrics having to do with security’s activities, work progress and operational costs.
CISOs and their teams need to learn how to overcome three persistent challenges in identifying, assessing and communicating effectively about security-related risks.
A surprising percentage of information security professionals lack an accurate understanding of risk, in spite of the fact that risk is the very reason for the existence of the business function called information security. 
One of the biggest challenges for CISOs is that security professionals traditionally think of cybersecurity as intangible, which is yet another reason why engaging in executive-level discussions about the question “How secure are we?” makes very little sense.
If something is intangible, our instincts tell us it can’t be measured.
Not surprisingly, many people with predominantly technical and engineering-oriented backgrounds experience an inherent discomfort in not being able to quantify security-related risks with precision. 
Ironically, CISOs and their teams often use emotional and qualitative approaches to communicate risks with business decision-makers. 
Qualitative and semi-quantitative risk assessments have become extremely popular.
They’re manifested in five-by-five heat maps that are typically visualized in vibrant green, yellow and red.
Security leaders say they like them because the business decision-makers seem to get it and they often lead to better conversations about risk.
Link: https://securityintelligence.com/the-information-security-leader-part-4-three-persistent-challenges-for-cisos/



Debunking the common myths of Data Loss Prevention (DLP)
MYTH 1: DLP requires significant internal resources to manage and maintain
MYTH 2: DLP requires at least 18 months to deliver value
MYTH 3: DLP requires policy creation first
In summary, DLP represents one of the strongest lines of defence available for businesses looking to effectively protect themselves against the growing number of accidental and malicious threats out there.
However, lingering myths and misinformation about aspects such as ROI, resourcing and policy are holding it back unfairly.
It’s time the IT industry dispelled these myths once and for all, helping DLP to achieve it’s full potential as a cornerstone of modern data security.
Link: http://www.itproportal.com/2016/07/26/debunking-the-common-myths-of-data-loss-prevention-dlp/



https://www.firemon.com/favicon.ico Hands up, whose firewall rules are a mess? Yes? Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe. In fact, 65% of the 300 security professionals surveye 
Hands up, whose firewall rules are a mess.
Yes.
Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe.
In fact, 65% of the 300 security professionals surveyed said if their firewall rules were a teenager’s bedroom, their mom would be so angry she would ground them; and half of those said they would be grounded for life.
The same study also showed that 32% admitted they had inherited over half of the rules they manage from a predecessor – no wonder they are a mess.
And a quarter of security professionals confessed to being afraid to turn off legacy rules.
To add to the complexity, 72% of security professionals surveyed use two or more firewall vendors within their IT environments to try and manage rules for. 
If, like the majority of IT security professionals, you’re in danger of being grounded over your messy firewall rules, here are some tips from my colleague Tim Woods on how to start tidying up your firewall policies: 
Step 1: Remove technical mistakes
Step 2: Remove unused access
Step 3: Review, refine and organize access
Step 4: Continual policy monitoring
Link: https://www.firemon.com/messy-firewall-rules-get-security-professionals-grounded-life/



Enhancing cyber security by implementing a robust threat and vulnerability management program
Threat and vulnerability management is a process of identifying, analyzing, modeling, simulating the potential impact and risk thereby planning to remediate security threats and weaknesses.
The program could covered:
-  Asset inventory management
-  Vulnerability scanning
-  Vulnerability assessment and analysis
-  Vulnerability remediation and mitigation planning
-  Risk and threat modeling and impact analysis
-  Penetration testing
Threat and vulnerability management program managers need to deliver effective vulnerability management for traditional and emerging technologies in growing, perimeter-less IT environments including mobility, cloud and IoT.
To ensure a successful vulnerability management program, security leaders need to verify the effectiveness of their threat and vulnerability management efforts and align these with business context and objectives.
Assessing the impact of potential threats to evaluate their risk will become a primary tool in managing the large volume of vulnerabilities that enterprises need to detect and remediate on an ongoing basis in order to prevent the cyber advisories and data breaches.
Link: http://www.csoonline.com/article/3099988/vulnerabilities/enhancing-cyber-security-by-implementing-a-robust-threat-and-vulnerability-management-program.html

Posted on 07/27
NewsPermalink

Tuesday, July 26, 2016

IR News Security - 2017-07-26

Table of Contents

  • DEFCON CYBER™ Joins FireEye Cyber Security Coalition
  • Digital Forensics – A Presentation In The Courts
  • California sets cybersecurity example for states to follow
  • California sets cybersecurity example for states to follow
  • Joint Task Force: Forensics and Anti-Forensics
  • Digital response teams need full access to data to prevent threats
  • Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
  • EVVO launches automated Security Operations Centre in Singapore
  • Former Splunk Security Executive Fred Wilmot Joins PacketSled as Chief Technology Officer
  • Spy Game: The Emerging Cybersecurity Realm of Threat Intelligence
  • AlienVault Unveils Latest Edition of Open Threat Exchange
  • ThreatQuotient Recognized on CRN’s 2016 Emerging Vendors List



http://www.marketwatch.com/favicon.ico DEFCON CYBER™ Joins FireEye Cyber Security Coalition 
MANASSAS, Va., July 25, 2016 /PRNewswire/—DEFCON CYBER™ offers a proactive cybersecurity solution cloud service that prioritizes incidents, automates the response workflow process, and measures activity responses across operations to produce a cybersecurity risk posture score.
DEFCON CYBER™ operationalizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework to be the business risk driver for incident prioritization and mitigation.
DEFCON CYBER™ enables an organization and its supply chain to significantly reduce priority incident response times and measure the cybersecurity risk posture through the successful execution of their respective cybersecurity risk management strategies.
DEFCON CYBER™ is offered as a hosted cloud service, on-premise cloud service (VMWare and Hyper-V), or an application plug-in to an existing Microsoft SharePoint enterprise platform. 
Rofori Corporation today announced its partnership with FireEye, as a member of the FireEye® Cyber Security Coalition—an ecosystem designed to simplify customers' complex security environments via the intelligence-led FireEye Global Threat Management Platform.
Joint customers will benefit from enhanced threat detection and faster, more efficient correlation and response.
Rofori Corporation has applied its patented collaboration technology to the application of cybersecurity best practice outcomes to precisely manage the incident prioritization, automated initialization and tracking the response activity, and closing mitigated incidents.
DEFCON CYBER™ continuously measures the activities across asset management, threat intelligence, and operations to calculate the organization's cybersecurity posture.
DEFCON CYBER™ makes full use of the output of FireEye's leading iSight Intelligence to provide instant correlation between actionable threat intelligence and indicators. "In today's environment, resources are limited to analyze and correlate vast amounts of information," said Chuck O'Dell, Rofori Corporation CEO. "The combination of DEFCON CYBER™ and FireEye's iSIGHT Intelligence enables automated and continuous correlation of threat intelligence data to priority incidents."
Link: http://www.marketwatch.com/story/defcon-cybertm-joins-fireeye-cyber-security-coalition-2016-07-25



http://www.enterpriseitnews.com.my/favicon.ico Digital Forensics – A Presentation In The Courts 
In an exclusive interview with EITN at RSA Conference 2016, Singapore- Digital Forensics expert Stephen McCombie lists the 3 biggest challenges in Digital Forensics are as follows: 
1) Sheer amount of data
2) High complexity of data
3) Legalizing digital evidence
The biggest myth of Digital Forensics is that it is a technical process.
But the reality is it more about the PRESENTATION (of digital evidence) to the courts.
If the digital evidence is not admissible, useable and ‘case law tested‘, then what forensics is even about at all?
Link: http://www.enterpriseitnews.com.my/digital-forensics-a-presentation-in-the-courts/



http://thehill.com/favicon.ico California sets cybersecurity example for states to follow 
Once again, California has positioned itself as a leader in the effort to make U.S. business more cyber-secure.
California’s Attorney General Kamala Harris recently released the California Data Breach Report, which discusses the types of breaches that companies face in California and the frequency of those breaches.
Due to the personal privacy implications of a breach for any company’s customers, AG Harris argues in the report that state governments need to do much more to ensure that companies are providing reasonable security.
The report proposes that, in order to better protect company data and customers’ privacy, businesses operating both in California and across the country adopt the Center for Internet Security’s list of 20 controls for effective cybersecurity defense, the CIS 20. 
CSC 4: Continuous vulnerability assessment
It is critical for companies to regularly adapt to evolving threats and to continuously test their systems for cybersecurity weaknesses. 
CSC 6: Maintenance, monitoring, and analysis of audit logs
Similar to vulnerability assessment, analyzing audit logs to better understand the potential threats to a network is a full-time commitment. 
CSC 13: Data protection
CSC 13 recommends password protections and data encryption, popular ways to protect data in the cloud that your business may already utilize.
Most importantly, these protection mechanisms should include automated tools to periodically check if data is presented in clear text. 
CSC 19: Incident response and management  
Honest incident response and management is critical.
Without these, customers’ data is not truly safe, and CSC 19 offers a system for businesses to identify breaches, control the damage and move forward after the fact. 
For smaller businesses that lack the internal capacity to create a breach communication chain, partnering with an outside incident response team could be a huge benefit.
Having additional eyes to watch over the network could make the difference between responding to a breach right away and minimizing damage and letting an attack go unnoticed, burying your business with the high costs of taking care of the incident later.
Link: http://thehill.com/blogs/congress-blog/technology/289099-california-sets-cybersecurity-example-for-states-to-follow



http://thehill.com/favicon.ico California sets cybersecurity example for states to follow 
Once again, California has positioned itself as a leader in the effort to make U.S. business more cyber-secure.
California’s Attorney General Kamala Harris recently released the California Data Breach Report, which discusses the types of breaches that companies face in California and the frequency of those breaches.
Due to the personal privacy implications of a breach for any company’s customers, AG Harris argues in the report that state governments need to do much more to ensure that companies are providing reasonable security.
The report proposes that, in order to better protect company data and customers’ privacy, businesses operating both in California and across the country adopt the Center for Internet Security’s list of 20 controls for effective cybersecurity defense, the CIS 20. 
CSC 4: Continuous vulnerability assessment
It is critical for companies to regularly adapt to evolving threats and to continuously test their systems for cybersecurity weaknesses. 
CSC 6: Maintenance, monitoring, and analysis of audit logs
Similar to vulnerability assessment, analyzing audit logs to better understand the potential threats to a network is a full-time commitment. 
CSC 13: Data protection
CSC 13 recommends password protections and data encryption, popular ways to protect data in the cloud that your business may already utilize.
Most importantly, these protection mechanisms should include automated tools to periodically check if data is presented in clear text. 
CSC 19: Incident response and management  
Honest incident response and management is critical.
Without these, customers’ data is not truly safe, and CSC 19 offers a system for businesses to identify breaches, control the damage and move forward after the fact. 
For smaller businesses that lack the internal capacity to create a breach communication chain, partnering with an outside incident response team could be a huge benefit.
Having additional eyes to watch over the network could make the difference between responding to a breach right away and minimizing damage and letting an attack go unnoticed, burying your business with the high costs of taking care of the incident later.
Link: http://thehill.com/blogs/congress-blog/technology/289099-california-sets-cybersecurity-example-for-states-to-follow



https://dasseclabs.wordpress.com/favicon.ico Joint Task Force: Forensics and Anti-Forensics 
Looking at the field of digital forensics, we can go back to this old CSO article, entitled The Rise Of Antiforensics.
The article details information security professionals who have written software that “fools” (author’s words) industry standard computer/digital forensics tools and the article’s early tone seems to indicate a bias against antiforensics and it’s tools as they would be harmful to business and law enforcement.
The article itself comes around to a more nuanced view towards these tools; however, I want to explore a different nuance here: antiforensics has, in itself, an intrinsic value to a business organization’s information security program, just as forensics does. 
Incorporating digital forensics into your operations is, from a reasoning standpoint, fairly simple: in the event something happens – being able to identify a root cause.
Just as senior managers would be interested in why a marketing campaign was failing, not investing in digital forensic capabilities for your disaster recovery or incident response staff can not only properly identify root cause scenarios but can be built in to processes going forward to mitigate it from occurring again.
Some of this can be as simple as change management rules, system event logging and monitoring, while more specific software, tools or personnel can be brought in to augment in the event of an incident that requires it. 
There are two areas in which we should look for when we consider the term antiforensics –  prevention and destruction. 
In one hand, we have preservation of data used for root cause analysis and in the other, we have methods to destroy data.
At first glance, the two seem opposed and there is room for only one in organizational security policies.
Indeed, one might argue that according to the CIA Triangle model of Information Security (weighing the trade-offs to ensure the Confidentiality, Integrity and Availability of data),  only the preservation of data through encryption to mitigate forensic threats best fits the model, leaving data destruction out of the model at all. 
The CIA model runs of the premise that information needs to be accessible though.
In the event of where information must remain confidential with near-zero chance of data or information being accessible or recoverable from a piece of media.
However, some business cases might require data to be inaccessible.
Equipping your operations staff with the right tools and training is essential for making sure your organization is prepared for an event where data needs to be secured for retrieval later or destroyed beyond any recognition.
While information security professionals are entrusted to safeguard information, it’s equally important to have options to be able to act quickly in the event either solution is needed.
Link: https://dasseclabs.wordpress.com/2016/07/25/joint-task-force-forensics-and-anti-forensics/



Digital response teams need full access to data to prevent threats
In order to handle digital threats, experts are saying that governments or companies must be able to establish their respective incident response teams with clear frameworks, as well as the ability to have access to absolutely every kind of data in a system. 
As Indonesia, a country where breaches are rampant, prepares to establish its own National Cybersecurity Agency (BCN) in August, observers have given recommendations about how prevention teams would be able to fully deal with particular matters. 
Clear frameworks in this case hinge on the aspects of proper governance, an outline to what threats are present and have occurred before and the technical methods of solving them.
Observers note that such coordinated guidelines can make a difference in the way companies and governments train their response teams and yield more effective results. 
“Incident response teams need hunters, pure and simple.
They can be centralized or even partly outsourced — it doesn’t matter.
The crucial aspect of it is to develop a clear framework on prevention so that these hunters can easily learn what the problems and solutions are.
It will be easier for these hunters to also pass what they learned down to newer ones,” he added. 
Indonesia itself currently has an internet incident response team (ID SIRTII) that had recently been integrated into the National Cybersecurity Agency. 
According to data from Microsoft Indonesia, cybersecurity attacks and breaches, especially in the banking sector, have cost the country up to Rp 33.29 billion (US$2.54 million), as Indonesia holds a 50 percent infection rate for malware viruses, the highest in Southeast Asia. 
About 22 percent of all crimes conducted in Indonesia in 2014 were cybercrimes, though the figure decreased to 18.26 percent in 2015.
Between 2012 and 2015, the police arrested 571 individuals in connection with cybercrimes, with the vast majority — 529 of them — foreign nationals operating in Indonesia.
Link: http://www.thejakartapost.com/news/2016/07/25/digital-response-teams-need-full-access-data-prevent-threats.html



http://www.marketwired.com/favicon.ico Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat 
FREMONT, CA—(Marketwired - Jul 25, 2016) - Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced that the Attivo ThreatMatrix™ Deception and Response Platform has been enhanced to provide an organization's visibility and assessment of vulnerable attack paths that a cyber attacker would take to reach critical assets.
Attivo is empowering organizations with insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure.
Additionally, the company announced that its next generation software has enhanced its deception technology to misdirect and detect attackers seeking to begin their attack by targeting Microsoft Active Directory, which is a favored target for attackers seeking credentials for attack escalation.
The new release will also include an expansion of the ThreatMatrix Platform to support routed networks, for micro-segmented datacenters and enterprises networked across multiple locations and branch offices. 
The ThreatMatrix Deception and Response Platform provides real-time threat detection and attack forensic analysis for accelerated incident response and remediation.
The platform is designed to provide early detection of cyberattacks from all threat vectors including zero-day, stolen credential, ransomware and phishing attacks that are renowned for bypassing traditional prevention systems.
The platform is aligned to Gartner's Adaptive Security Architecture of Predict, Block/Prevent, Detect and Respond (Gartner, February 2016)* and is designed for early Detection of threats, accelerated incident Response and strengthening of Prevention systems based on attack information gathered while deceiving and engaging attackers.
The company's announcement expands the ThreatMatrix Platform into the pillar of Prediction and enhances its Detection capabilities. 
ThreatPath™: Provides an attack path vulnerability assessment based on likely attack paths that an attacker would have traversed through misconfigured systems or credential misuse. 
Active Directory Deception and Detection: Organizations running the Microsoft Windows Server platform are susceptible to attacks where attackers exploit and gain un-authorized access to Active Directory. 
Routed Network Support: ThreatMatrix BOTsink engagement servers can now engage with deceptive IP addresses and networks on routers over Layer 3 GRE tunnels, which is ideal for micro-segmented datacenters, enterprises networked across multiple locations and branch offices.
Link: http://www.marketwired.com/press-release/attivo-networks-launches-attack-path-vulnerability-assessments-continuous-threat-management-2144878.htm



EVVO launches automated Security Operations Centre in Singapore
EVVO Cybersecurity, a Singapore cybersecurity vendor and cloud solutions provider, has launched a Security Operations Centre (SOC) to extend cybersecurity services to SMEs.
The SOC is also the first in Singapore to leverage automation software. 
The new SOC will leverage automation software for level one tasks for security analysts such as assigning automated, playbook-based workflows to incidents for immediate and scalable response.
This will also enable EVVO Cybersecurity to increase productivity and accuracy enabling them to track and improve processes over time. 
The SOC will function as EVVO Cybersecurity’s threat defence and mitigation facility, catering to SMEs, empowering them to go beyond the traditional SOC functions of merely monitoring perimeter security. 
By integrating EVVO360, a cybersecurity analytics platform, and a suite of cybersecurity intelligence solutions, EVVO Cybersecurity aims to provide customers with a 360-degree view of all the endpoints and network traffic across the organisation.
This will greatly enhance the ability of organisations to detect, response and recover from incidents of compromise.
Link: http://www.networksasia.net/article/evvo-launches-automated-security-operations-centre-singapore.1469497028



Former Splunk Security Executive Fred Wilmot Joins PacketSled as Chief Technology Officer
SAN DIEGO, July 26, 2016 /PRNewswire/—PacketSled, Inc., the company that democratizes security investigations and response by providing its customers with automated network visibility, detection, incident response and forensics in the cloud, announced today that Fred Wilmot will be joining the company as its Chief Technology Officer, effective immediately.
In this role, he will be responsible for all aspects of the company's technology strategy, including software engineering, security research and development, and cloud operations. 
Fred brings more than 20 years of cybersecurity expertise to PacketSled.
Most recently, he served as Vice President, Solutions Engineering at Context Relevant, where he implemented a real-time transaction fraud platform for financial markets, weaponizing security use cases with data science automation and machine learning. 
During his tenure at Splunk, Fred was responsible for the company's ascension to a market leader in the security industry, placing the company in the Gartner SIEM magic quadrant.
As the founder and director of the global security practice, Fred prototyped innovation in the field, and built platform applications that were utilized in responding to some of the most major breaches in Internet history.
Fred and his team were responsible for architecting and delivering the first version of Splunk's enterprise security product.
Link: http://www.prnewswire.com/news-releases/former-splunk-security-executive-fred-wilmot-joins-packetsled-as-chief-technology-officer-300304209.html



http://www.gocertify.com/favicon.ico Spy Game: The Emerging Cybersecurity Realm of Threat Intelligence 
While Watson might be the most famous cyberpersonality to take on the challenge of defending networks against attacks, it isn’t the first.
This is the latest development in the emerging field of cyberthreat intelligence (CTI), a discipline dedicated to applying military-style intelligence techniques to the collection, analysis and use of information about cybersecurity threats. 
CTI providers do the heavy lifting of cybersecurity analysis that most enterprises simply don’t have the resources to undertake.
They typically combine information from at many different categories of sources to generate products that help their clients better understand and react to the evolving cybersecurity threat landscape.
Some of hese sources include: 
- Gathering threat information from deployed security tools. 
- Deploying their own sensors. 
- Gathering intelligence from public sources. 
- Recruiting spies. 
After CTI providers gather information from all of these sources, they feed it to a team of analysts who have the job of transforming it into actionable intelligence.
One of the most common products offered by CTI vendors is a real-time feed of known malicious hosts on the Internet.
Link: http://www.gocertify.com/articles/spy-game-the-emerging-cybersecurity-realm-of-threat-intelligence



http://finance.yahoo.com/favicon.ico AlienVault Unveils Latest Edition of Open Threat Exchange 
-  Launched in 2012, Open Threat Exchange (OTX) has grown to more than 47,000 users who contribute approximately 4 million artifacts each day to the OTX community.
-  With the latest version, OTX members can now create private communities and discussion groups, where they can share content and selected pulses with members.
-  OTX data works hand-in-hand with security platforms, such as AlienVault Unified Security Management, to ensure users have the latest intelligence to identify threats. 
With this release, OTX members can now create private communities and discussion groups, where they can share threat information with only members of the group.
This capability enables more targeted, in-depth discussion and threat information distribution related to specific industries, particular regions and types of threats.
This new feature supports the mission of Information Sharing and Analysis Centers (ISACs) pursuant to Presidential Decision Directive-63 (PDD-63) by providing a platform for information sharing and risk mitigation for specific groups and teams.
In addition, managed service providers can use this feature to distribute threat data to their subscribers. 
OTX data works hand-in-hand with security platforms, such as AlienVault USM, to ensure users have the latest intelligence to identify, respond to and mitigate threats.
As part of AlienVault's commitment to continually innovating and enabling even the smallest IT departments to detect and respond to threats more effectively, a new version of USM, with enhanced capabilities like USB detection, will also be available in early August.
Link: http://finance.yahoo.com/news/alienvault-unveils-latest-edition-open-130000037.html



http://www.businesswire.com/favicon.ico ThreatQuotient Recognized on CRN’s 2016 Emerging Vendors List 
RESTON, Va.—(BUSINESS WIRE)—ThreatQuotient™, a leading provider of enterprise-class threat intelligence platforms, announced today that CRN®, a brand of The Channel Company, has named ThreatQuotient to its 2016 list of Emerging Vendors.
This annual list recognizes recently founded, up-and-coming technology suppliers who are shaping the future of the IT channel through unique technological innovations.
In addition to celebrating these standout companies, the Emerging Vendors list also serves as a valuable resource for solution providers looking to expand their portfolios with cutting-edge technology.
Link: http://www.businesswire.com/news/home/20160726005486/en/ThreatQuotient-Recognized-CRN%E2%80%99s-2016-Emerging-Vendors-List

Posted on 07/26
NewsPermalink

IT Security Industry News - 2016-07-26

Table of Contents

  • Scanning Code for Viruses Is No Longer a Job for Humans
  • No More Ransom: Law Enforcement and IT Security Companies Join Forces to Fight Ransomware
  • Cybersecurity firm offers users reimbursement for ransomware infections
  • DEFCON CYBER™ Joins FireEye Cyber Security Coalition
  • How to ensure your A.I. gets good nutrition
  • Sydney IT company looking to educate about security
  • Australia’s security software spending sees growth spurt
  • Juniper Networks reports lower profit
  • How predictive analytics discovers a data breach before it happens
  • 3 Reasons To Buy FireEye
  • Trustwave opens Waterloo office, strengthens ties with Rogers Communications
  • Tenable Network Security Names Seasoned Security Leader Dave Cole as Chief Product Officer
  • Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
  • Former IBM Cloud Chief Sets Sights on Hot Security Market
  • Belden Industrial Cyber Security Initiative Builds Momentum
  • Imperva Named by Gartner as the Only Leader in the 2016 Magic Quadrant for Web Application Firewalls for the Third Straight Year
  • Fortinet to Provide Enterprises With On-Demand Security at Scale With Verizon Virtual Network Services
  • RiskVision Teams With Offensive Security to Advance Enterprise Vulnerability Management
  • Ingram Micro Named Cisco Asia Pacific Security Distributor of the Year
  • Palo Alto Networks clinch 500 customers in India in past 2 years
  • Centripetal Networks Joins with Infoblox to Offer Actionable Threat Intelligence
  • AlienVault Unveils Latest Edition of Open Threat Exchange



http://motherboard.vice.com/favicon.ico Scanning Code for Viruses Is No Longer a Job for Humans 
Alexey Malanov, malware expert at Kaspersky Lab, said 99 percent of the code his firm analyzes is seen only by machines—and it's been that way for five years.
The process keeps improving in terms of speed and efficacy, he said. 
Automation works because most malware is an alteration of code already known. “Even if a cybercriminal creates something from scratch, in most cases he’ll integrate previously known malicious functionality,” said Malanov. "Automation will process all this." 
Machine learning works along with a wide range of clustering and classifying algorithms, used to identify whether or not the scanned file is malicious or not, said Liviu Arsene, senior e-threat analyst at Bitdefender, another antivirus company that uses machines to process over 99 percent of the malware it receives. 
Humans are better at discovering new features hidden within the malware, they have a better intuition and make non-obvious connections.
They are able to tackle a problem from creative angles.
Link: http://motherboard.vice.com/en_uk/read/scanning-code-for-viruses-is-no-longer-a-job-for-humans



http://www.businesswire.com/favicon.ico No More Ransom: Law Enforcement and IT Security Companies Join Forces to Fight Ransomware 
WOBURN, Mass.—(BUSINESS WIRE)—Today, the Dutch National Police, Europol, Intel Security and Kaspersky Lab join forces to launch an initiative called No More Ransom, a new step in the cooperation between law enforcement and the private sector to fight ransomware together.
No More Ransom (http://www.nomoreransom.org) is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals. 
The aim of the online portal http://www.nomoreransom.org is to provide a helpful online resource for victims of ransomware.
Users can find information on what ransomware is, how it works and, most importantly, how to protect themselves.
Awareness is key as there are no decryption tools for all existing types of malware available to this day.
If you are infected, the chances are high that the data will be lost forever.
Exercising a conscious internet use following a set of simple cyber security tips can help avoid the infection in the first place. 
The project provides users with tools that may help them recover their data once it has been locked by criminals.
In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June 2016 for the Shade variant. 
The project has been envisioned as a non-commercial initiative aimed at bringing public and private institutions under the same umbrella.
Due to the changing nature of ransomware, with cybercriminals developing new variants on a regular basis, this portal is open to new partners’ cooperation.
Link: http://www.businesswire.com/news/home/20160725005101/en/Ransom-Law-Enforcement-Security-Companies-Join-Forces



http://www.computerworld.com/favicon.ico Cybersecurity firm offers users reimbursement for ransomware infections 
Security firm SentinelOne is confident it can beat any of today’s ransomware—and is willing to put money behind that claim. 
The company is offering a new service that will cover up to $1 million in damages for any customers infected by ransomware. 
SentinelOne is calling it the “Cyber Threat Guarantee” and treating it like an extended warranty that customers can buy starting Tuesday. 
SentinelOne’s guarantee works like this: for individual computers infected with ransomware, the company will pay up to $1,000 to free the system.
The number of computers it will cover is up to 1,000 systems. 
The policy has been designed this way because most ransomware attackers ask for around $250 or more to decrypt any data held hostage, Grossman said. 
Customers who opt-in to the guarantee will pay an additional $5 fee for each Windows PC or server protected on top of their existing service.
The coverage will last a year before it can be renewed again. 
Grossman joined SentinelOne last month after designing a similar guarantee program for his previous company, Whitehat Security.
Under that program, WhiteHat would refund customers if their websites ever got hacked with a vulnerability that the company failed to detect.
Link: http://www.computerworld.com/article/3099999/security/cybersecurity-firm-offers-users-reimbursement-for-ransomware-infections.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&idg_eid=d5d



http://www.marketwatch.com/favicon.ico DEFCON CYBER™ Joins FireEye Cyber Security Coalition 
MANASSAS, Va., July 25, 2016 /PRNewswire/—DEFCON CYBER™ offers a proactive cybersecurity solution cloud service that prioritizes incidents, automates the response workflow process, and measures activity responses across operations to produce a cybersecurity risk posture score.
DEFCON CYBER™ operationalizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework to be the business risk driver for incident prioritization and mitigation.
DEFCON CYBER™ enables an organization and its supply chain to significantly reduce priority incident response times and measure the cybersecurity risk posture through the successful execution of their respective cybersecurity risk management strategies.
DEFCON CYBER™ is offered as a hosted cloud service, on-premise cloud service (VMWare and Hyper-V), or an application plug-in to an existing Microsoft SharePoint enterprise platform. 
Rofori Corporation today announced its partnership with FireEye, as a member of the FireEye® Cyber Security Coalition—an ecosystem designed to simplify customers' complex security environments via the intelligence-led FireEye Global Threat Management Platform.
Joint customers will benefit from enhanced threat detection and faster, more efficient correlation and response.
Rofori Corporation has applied its patented collaboration technology to the application of cybersecurity best practice outcomes to precisely manage the incident prioritization, automated initialization and tracking the response activity, and closing mitigated incidents.
DEFCON CYBER™ continuously measures the activities across asset management, threat intelligence, and operations to calculate the organization's cybersecurity posture.
DEFCON CYBER™ makes full use of the output of FireEye's leading iSight Intelligence to provide instant correlation between actionable threat intelligence and indicators. "In today's environment, resources are limited to analyze and correlate vast amounts of information," said Chuck O'Dell, Rofori Corporation CEO. "The combination of DEFCON CYBER™ and FireEye's iSIGHT Intelligence enables automated and continuous correlation of threat intelligence data to priority incidents."
Link: http://www.marketwatch.com/story/defcon-cybertm-joins-fireeye-cyber-security-coalition-2016-07-25



How to ensure your A.I. gets good nutrition
A.I. shouldn’t be allowed to drink wildly from a data lake where data has not been cleansed, packaged and structured for easy consumption.According to the Compliance, Governance and Oversight Counsel (CGOC), nearly 70% of the data that companies produce and collect has no business, legal or compliance value, so you must develop a way to understand and specify the scope and criteria of the data to be fed to A.I.
Which data stores and what file types.
What connections exist between the data.
Who is responsible for making the determination and for final approval? 
You need to tag and classify the data to ensure that it can be properly digested.
Depending on the A.I. task, some metadata has more value than others.
If you are looking for marketing insights, you will likely value metadata drawn from EXIF files associated with images on social media sites, including geolocation, timestamps, camera type and serial numbers.
In medical settings, metadata elements including patient ID-date of birth, provenance-timestamp, and privacy-content are essential. 
Finally, you must have governance capabilities built into the system to track responses to the information used and adjust the diet accordingly.
Link: http://www.cio.com/article/3098428/artificial-intelligence/how-to-ensure-your-a-i-gets-good-nutrition.html?token=%23tk.CIONLE_nlt_cio_insider_2016-07-26&idg_eid=e87b17913ba9d312d52f2efa84a73904&utm_so



http://www.capebretonpost.com/favicon.ico Sydney IT company looking to educate about security 
SYDNEY — A Sydney-based information technology company that relaunched this spring is looking to solve the data and security breaches some small- and medium-sized companies face as business grows. 
Devantec IT surfaced again in April after about a three-year hiatus due to president and CEO James Mackinnon’s work on other projects. 
Devantec recently announced it is offering free network assessments to companies this summer.
The company is looking to educate local businesses in the dos and don’ts of IT best practices.
Local businesses should consider their IT strategy from the outset and how it can work as efficiently as possible to ensure growth over the long-term, he said. 
It could be as straight forward as a company setting a goal to grow to 50 employees and expanding to a second location, said Danielle Patterson, Devantec’s chief marketing officer. 
“We want people to stop feeling scared of technology.”
Link: http://www.capebretonpost.com/News/Local/2016-07-25/article-4597848/Sydney-IT-company-looking-to-educate-about-security/1



http://www.computerweekly.com/favicon.ico Australia’s security software spending sees growth spurt 
According to Gartner, the global security software market rose by 3.7% in 2015, while Australia recorded a 19.4% leap in spending. 
Australia’s national focus on computer security should increase after the appointment of the country’s first cyber security minister.
Former diplomat Dan Tehan was announced in mid-July as minister assisting the prime minister for cyber security. 
Australian organisations are also being urged to be more vigilant about information governance – so that even if cyber attackers get past the padlocks and cameras, the information available to them is tightly managed and controlled. 
A new organisation, Information Governance ANZ, will be launched formally in August as a forum for Australian and New Zealand governance professionals.
Co-founder and director Susan Bennett said Australia is lagging behind the US in information governance, despite there being significant risks for organisations that choose to store every piece of computer-generated data just because it is technically possible.
Link: http://www.computerweekly.com/news/450300891/Australia-security-software-spending-growth-spurt



http://www.marketwatch.com/favicon.ico Juniper Networks reports lower profit 
Juniper Networks Inc. on Tuesday reported an 11% decline in second quarter profit and warned challenging market conditions would continue to pressure margins. 
The Sunnyvale, Calif., company said it expects operating margins to decline slightly from the 18.8% it reported last year. 
Shares, down 12% this year, fell 0.9% to $24 in after-hours trading. 
Over all, Juniper reported a profit of $140 million, or 36 cents a share, down from $158 million, or 40 cents a share, a year earlier.
Excluding stock-based compensation and other items, profit was 50 cents a share, compared with 53 cents a year earlier and analysts' projections of 47 cents a share.
The most recent results are based on 2.7% fewer shares outstanding.
Link: http://www.marketwatch.com/story/juniper-networks-reports-lower-profit-2016-07-26-17485198



https://techcrunch.com/favicon.ico How predictive analytics discovers a data breach before it happens 
]The traditional approach to fighting cyberattacks involves gathering data about malware, data breaches, phishing campaigns, etc., and extracting relevant data into signatures, i.e. the digital fingerprint of the attack.
These signatures will then be compared against files, network traffic and emails that flow in and out of a corporate network in order to detect potential threats. 
Though a very promising trend, predictive analytics has some hefty requirements when applied to cybersecurity use cases.
For one thing, the variety and volume of data involved in identifying and predicting security threats are overwhelming.
This necessitates the use of analytics solutions that can scale to the huge storage, memory and computation requirements. 
“The challenges are the same, yet amplified, as those encountered when applying analytics in general,” says Lucas McLane (CISSP), Director of Security Technology at machine learning startup SparkCognition. “This is because predictive analytic processing requires a lot more computing resources (i.e.
CPU, memory, disk I/O throughput, etc.).
This is especially true when the algorithms are operating on large-scale data sets.
Predictive analytics engines need to be paired with computing resources that are designed to scale with the volume of data targeted for analysis.” 
Forging alliances across industries certainly has its benefits.
As Orad explains, advanced analytics platforms such as Sisense enable cybersecurity firms to obtain “an end-to-end solution for modeling, analyzing and visualizing data, without investing vast resources into building a data warehouse as traditional tools would necessitate.” 
“Predictive analytics in security provide a forecast for potential attacks — but no guarantees,” says McLane from SparkCognition.
That’s why he believes it has to be coupled with the right machine learning solution in order to be able to harness its full potential. 
SparkCognition’s platform, SparkSecure, uses “cognitive pipelining,” a technique that involves the combination of machine-learning-based predictive analytics with the company’s own patented and proprietary static and dynamic natural language processing engine, called DeepNLP. 
Not everyone believes that predictive analytics is the ultimate solution to deal with advanced threats.
Arijit Sengupta, CEO of business analysis company BeyondCore, suggests that we look at the problem from a different perspective. 
According to Sengupta, cybersecurity challenges stem from two factors.
Firstly, the value and volume of online assets are exploding at and exponential rate.
Secondly, hackers are increasingly growing in sophistication due to their easy and inexpensive access to large compute resources through cloud computing. 
Invincea’s Ghosh believes it is inevitable the security industry will need to re-tool to address an ever-changing threat. “We are making our bet on artificial intelligence is the solution to predict our adversaries’ next moves,” he says.
Link: https://techcrunch.com/2016/07/25/how-predictive-analytics-discovers-a-data-breach-before-it-happens/



http://seekingalpha.com/favicon.ico 3 Reasons To Buy FireEye 
Though FireEye shares have gained momentum on the back of buyout speculation, investors should not ignore the company's robust long-term prospects.
The cost of data breaches is set to increase to over $2.1 trillion by 2019, representing a four-fold increase compared to the estimated cost of breaches in 2015.
The company is well-prepared to tap this opportunity by shifting its business to an "as-a-service" model, since this will help it enjoy economies of scale and enhance margins.
By enhancing economies of scale, FireEye expects product gross margin in the high-60% range and service margin in the mid-70% range for the full year.
The company is also enhancing operational efficiency by shifting toward lower-cost locations, consolidating support and SoC operations, improving purchasing efficiencies, and reducing discretionary spending.
Link: http://seekingalpha.com/article/3990991-fireeye-3-reasons-buy?auth_param=137vrm:1bpb0s2:868907aba33eb11dad51e4eed0db6dbf&uprof=45&dr=1#alt2



http://www.cantechletter.com/favicon.ico Trustwave opens Waterloo office, strengthens ties with Rogers Communications 
Global security firm Trustwave has opened a new office in Waterloo, Ontario, announced a new wave of hiring, and added a new country manager, Michael Sims, to oversee the company’s Canadian operations. 
Trustwave had previously leased an approximately 850 square metre space in Cambridge, Ontario. 
Sims joined Trustwave in April 2016, after serving as Canadian Country Manager for Optiv Security, where he oversaw that company’s go-to-market strategy for managed security services and other offerings.
Link: http://www.cantechletter.com/2016/07/trustwave-opens-waterloo-office-strengthens-ties-rogers-communications/



http://www.businesswire.com/favicon.ico Tenable Network Security Names Seasoned Security Leader Dave Cole as Chief Product Officer 
COLUMBIA, Md.—(BUSINESS WIRE)—Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, announced today that it has hired security industry veteran Dave Cole as chief product officer, responsible for leading continued technology innovation and product excellence. 
Before joining Tenable, Cole served as chief product officer at CrowdStrike, where he drove the design, development and support of the company’s cloud-based endpoint security product.
Prior to that, he led product management for Norton at Symantec.
As a seasoned product leader, Cole also held senior product positions at Foundstone and Internet Security Systems.
Link: http://www.businesswire.com/news/home/20160725005027/en/Tenable-Network-Security-Names-Seasoned-Security-Leader



http://www.marketwired.com/favicon.ico Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat 
FREMONT, CA—(Marketwired - Jul 25, 2016) - Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced that the Attivo ThreatMatrix™ Deception and Response Platform has been enhanced to provide an organization's visibility and assessment of vulnerable attack paths that a cyber attacker would take to reach critical assets.
Attivo is empowering organizations with insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure.
Additionally, the company announced that its next generation software has enhanced its deception technology to misdirect and detect attackers seeking to begin their attack by targeting Microsoft Active Directory, which is a favored target for attackers seeking credentials for attack escalation.
The new release will also include an expansion of the ThreatMatrix Platform to support routed networks, for micro-segmented datacenters and enterprises networked across multiple locations and branch offices. 
The ThreatMatrix Deception and Response Platform provides real-time threat detection and attack forensic analysis for accelerated incident response and remediation.
The platform is designed to provide early detection of cyberattacks from all threat vectors including zero-day, stolen credential, ransomware and phishing attacks that are renowned for bypassing traditional prevention systems.
The platform is aligned to Gartner's Adaptive Security Architecture of Predict, Block/Prevent, Detect and Respond (Gartner, February 2016)* and is designed for early Detection of threats, accelerated incident Response and strengthening of Prevention systems based on attack information gathered while deceiving and engaging attackers.
The company's announcement expands the ThreatMatrix Platform into the pillar of Prediction and enhances its Detection capabilities. 
ThreatPath™: Provides an attack path vulnerability assessment based on likely attack paths that an attacker would have traversed through misconfigured systems or credential misuse. 
Active Directory Deception and Detection: Organizations running the Microsoft Windows Server platform are susceptible to attacks where attackers exploit and gain un-authorized access to Active Directory. 
Routed Network Support: ThreatMatrix BOTsink engagement servers can now engage with deceptive IP addresses and networks on routers over Layer 3 GRE tunnels, which is ideal for micro-segmented datacenters, enterprises networked across multiple locations and branch offices.
Link: http://www.marketwired.com/press-release/attivo-networks-launches-attack-path-vulnerability-assessments-continuous-threat-management-2144878.htm



http://fortune.com/favicon.ico Former IBM Cloud Chief Sets Sights on Hot Security Market 
Lance Crosby, who co-founded SoftLayer, the cloud computing company IBM bought three years ago for about $2 billion, is finally ready to talk about StackPath, his cybersecurity startup. 
It’s a well-funded effort; StackPath has $150 million in backing from Boston-based private equity fund ABRY Partners, and another $30 million from what Crosby calls “friends and family.” 
-  MaxCDN built a content delivery network (CDN) with 19 global points of presence, which monitor and speed up delivery of content for some 16,000 customers.
-  Fireblade offers a web application firewall, to protect against malignant content.
-  Staminus works to stop distributed denial of service (DDoS) attacks.
-  Cloak is a virtual private network that brings secure Wi-Fi for iOS and Mac applications.
This is an ambitious undertaking.
StackPath will compete with Akamai in CDNs, Prolexic, and others in DDOS—CloudFlare, which offers CDN, DDOS and firewall capabilities, for example.
Link: http://fortune.com/2016/07/25/stackpath-ceo-on-his-startup/



http://www.businesswire.com/favicon.ico Belden Industrial Cyber Security Initiative Builds Momentum 
ST.
LOUIS—(BUSINESS WIRE)—Belden Inc. (NYSE: BDC), a global leader in high quality, end-to-end signal transmission solutions for mission-critical applications, today announced the achievement of four strategic milestones of its industrial cyber security initiative over the first half of 2016.
Together, these milestones demonstrate Belden’s commitment to the emerging industrial cyber security market and realization of its strategic vision for this market segment. 
Key cyber security milestones include: 
he Tofino Xenon Industrial Security Appliance now solves many of the most specialized energy-specific cyber and physical security challenges.
The easy-to-deploy appliance protects against malicious and unauthorized access due to system vulnerabilities, improves supervisory control and data acquisition (SCADA) system reliability, provides greater security control for industrial control system (ICS) devices, and supports more industrial protocols than any other device available, including DNP3 and IEC 104. 
In response to customers’ requests for a pragmatic solution to the complexities of industrial cyber security, Belden has developed a practical three-step approach to industrial cyber security strategies.
The Belden 1-2-3 model provides industrial organizations with practical advice on developing a cyber security program that reduces risks while supporting and enhancing availability, reliability and safety. 
Belden’s partnership with FireEye brings together advanced detection, targeted threat intelligence and specialized Mandiant ICS services from FireEye with an industrial cyber security portfolio that includes deep visibility; endpoint intelligence and change detection from Tripwire; secure noninvasive network segmentation from Tofino; and ruggedized industrial networking solutions from GarrettCom. 
Tripwire® Configuration Compliance Manager (CCM) now monitors industrial automation environments.
It allows customers to measure the configuration security of industrial environments against ANSI/ISA-62443, a global standard for securing industrial automation systems, controllers and associated networking equipment configurations.
Tripwire CCM can now reduce cyber security risks from external attacks, as well as malicious insiders and human error.
It does this while protecting critical infrastructure reliability, uptime and safety in industrial automation and manufacturing environments.
Link: http://www.businesswire.com/news/home/20160725005741/en/Belden-Industrial-Cyber-Security-Initiative-Builds-Momentum



http://globenewswire.com/favicon.ico Imperva Named by Gartner as the Only Leader in the 2016 Magic Quadrant for Web Application Firewalls for the Third Straight Year 
REDWOOD SHORES, Calif., July 25, 2016 (GLOBE NEWSWIRE)—Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today announced that it has been named the sole leader in the Gartner Magic Quadrant for Web Application Firewalls (WAF).
Imperva is unique in that it is the only vendor that has been the sole leader in a Gartner Magic Quadrant for the past three years.
Link: http://globenewswire.com/news-release/2016/07/25/858649/0/en/Imperva-Named-by-Gartner-as-the-Only-Leader-in-the-2016-Magic-Quadrant-for-Web-Application-Firewalls-for-the-Third-Straight-Year.html



Fortinet to Provide Enterprises With On-Demand Security at Scale With Verizon Virtual Network Services
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced that it has been selected as a vSecurity technology partner as part of Verizon Enterprise Solutions' new Virtual Network Services. 
The Fortinet Security Fabric will provide enterprise customers of Verizon Virtual Network Services with open, adaptive virtual security and actionable threat intelligence, turning network protection into a driver of business insight and agility. 
A broad range of security features within the FortiGate virtual network function (VNF), including enterprise firewalls, FortiManager single pane of glass management, integrated threat intelligence from FortiGuard Labs, data loss prevention, IP security, and intrusion detection system will enable enterprises to deploy advanced software-defined networking (SDN) security functions to protect all points in their network. 
As part of Verizon's Virtual Network Services, Fortinet will provide plug-and-play vSecurity VNFs so businesses can deploy security network functions in software.
With a broad range of advanced virtual network security features offered, including Fortinet FortiGate enterprise firewalls, advanced threat intelligence, global policy controls, and internal segmentation to protect mission-critical data from breaches, Fortinet vSecurity will deliver all the performance of traditional network security in virtualized solutions.
Link: http://www.broadwayworld.com/bwwgeeks/article/Fortinet-to-Provide-Enterprises-With-On-Demand-Security-at-Scale-With-Verizon-Virtual-Network-Services-20160725



RiskVision Teams With Offensive Security to Advance Enterprise Vulnerability Management
SUNNYVALE, CA—(Marketwired)—07/26/16—RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced it will be utilizing the Exploit Database, a non-profit project maintained by Offensive Security.
As part of the RiskVision offering, exploit information is correlated with RiskVision-configurable business context and vulnerability attributes to prioritize exploitable threats in vulnerability risk scoring.
This helps security and business risk owners reduce network operations activity while dramatically improving risk posture in their organizations. 
he Exploit Database's aim is to serve the most comprehensive collection of exploits gathered through direct submissions and mailing lists, as well as other public sources, and then present them in a freely-available, easy-to-navigate database.
The database is a repository for exploits and proof-of-concepts, rather than advisories, making it a valuable resource for those who need actionable data right away. 
RiskVision's closed-loop vulnerability management delivers innovation in every step of the cyber vulnerability work flow.
In addition to integrating with threat exploit services such as Offensive Security, RiskVision utilizes products and services from vendors in the threat intelligence, vulnerability scanning, endpoint security, SIEM and DLP, IT service management and configuration management spaces. 
RiskVision's approach to vulnerability management improves operational efficiency by performing automated risk scoring based on threat and business context, as well as filtering for relevant incidents based on event monitoring data.
Uniquely, with RiskVision, Security Operations analysts can prioritize remediation, Organizational Unit risk experts can participate in decision-making with compliance oversight and IT Operations can be assured their workloads do not require additional staff.
Link: http://news.sys-con.com/node/3881210



http://www.marketwired.com/favicon.ico Ingram Micro Named Cisco Asia Pacific Security Distributor of the Year 
IRVINE, CA—(Marketwired - Jul 26, 2016) - Ingram Micro Inc. (NYSE: IM) today announced it has earned Cisco's Security Distributor Award for Outstanding Performance in the Asia-Pacific-Japan (APJ) region for 2016.
Link: http://www.marketwired.com/press-release/ingram-micro-named-cisco-asia-pacific-security-distributor-of-the-year-nyse-im-2145482.htm



Palo Alto Networks clinch 500 customers in India in past 2 years
Bangalore: US based Palo Alto Networks, a network and enterprise security provider is growing faster with an expanding base of customers in the Indian market, according to company's top executive. 
"Most of these customers are replacing products and solutions of legacy security vendors and migrating to our offerings," added Bhasin, who was appointed as top executive of company's India operations in 2013. 
The steady rise in customer base does suggest how Palo Alto Network's business in India is flourishing, although it doesn't provide specifics of its business in India. 
However, citing IDC study, Bhasin said that company's growth has been faster than the top four security vendors in India. 
Company is moving fast enough to close in the gap between its two close competitors Cisco and Check with market share of 17.4 percent and 13.8 percent respectively. 
Although, Palo Alto Networks was a late entrant in the Indian market, which is largely dominated by established security vendors like Cisco, Juniper, Check Point, Fortinet and others, but it has significantly successful in penetrating this market.
Link: http://cio.economictimes.indiatimes.com/news/corporate-news/palo-alto-networks-clinch-500-customers-in-india-in-past-2-years/53395107



Centripetal Networks Joins with Infoblox to Offer Actionable Threat Intelligence
Centripetal Networks Inc., the leading provider of Real-Time Active Network Defense solutions, today announced it is joining with Infoblox to provide a platform to easily apply cyber threat intelligence to directly defend networks with up-to-date intelligence.
The relationship further expands Centripetal’s RuleGate® Network Protection System with the addition of Infoblox’s ActiveTrust data, which combines threat intelligence from trusted white-hat allies, including law enforcement agencies and internet infrastructure providers, with vetted data from select open-source providers. 
Centripetal’s RuleGate® Network Protection System dynamically updates threat intelligence from Infoblox, and more than 40 other sources, normalizes the intelligence, and applies it to the network to alert, block or redirect malicious traffic.
The platform includes the Advanced Cyber Threat™ (ACT) service, the RuleGate® network appliance and QuickThreat®, Centripetal Networks’ real-time threat intelligence analytics application.
Link: http://www.pressreleaserocket.net/centripetal-networks-joins-with-infoblox-to-offer-actionable-threat-intelligence/474462/



http://finance.yahoo.com/favicon.ico AlienVault Unveils Latest Edition of Open Threat Exchange 
-  Launched in 2012, Open Threat Exchange (OTX) has grown to more than 47,000 users who contribute approximately 4 million artifacts each day to the OTX community.
-  With the latest version, OTX members can now create private communities and discussion groups, where they can share content and selected pulses with members.
-  OTX data works hand-in-hand with security platforms, such as AlienVault Unified Security Management, to ensure users have the latest intelligence to identify threats. 
With this release, OTX members can now create private communities and discussion groups, where they can share threat information with only members of the group.
This capability enables more targeted, in-depth discussion and threat information distribution related to specific industries, particular regions and types of threats.
This new feature supports the mission of Information Sharing and Analysis Centers (ISACs) pursuant to Presidential Decision Directive-63 (PDD-63) by providing a platform for information sharing and risk mitigation for specific groups and teams.
In addition, managed service providers can use this feature to distribute threat data to their subscribers. 
OTX data works hand-in-hand with security platforms, such as AlienVault USM, to ensure users have the latest intelligence to identify, respond to and mitigate threats.
As part of AlienVault's commitment to continually innovating and enabling even the smallest IT departments to detect and respond to threats more effectively, a new version of USM, with enhanced capabilities like USB detection, will also be available in early August.
Link: http://finance.yahoo.com/news/alienvault-unveils-latest-edition-open-130000037.html

Posted on 07/26
NewsPermalink

Monday, July 11, 2016

IT Security News - 2017-07-11

Table of Contents

  • How to handle security risks in Red Hat virtualization environments
  • Google is already fighting hackers from the future with post-quantum cryptography
  • If My Website Is Hacked and Customer Data Exposed, Am I Liable?
  • Business travellers putting organisations' cyber-security at risk
  • Protecting a BIT of Integrity BYTES
  • Global Cybergangs Take The ‘Cyber Arms Race’ Lead
  • Cybercrime Now Surpasses Traditional Crime In UK
  • Report: Firms see cyber threats, but not the means to deal with them
  • Business Intelligence and Data Security: A Double-Edged Sword
  • 8 Ways Ethically Compromised Employees Compromise Security



http://www.techrepublic.com/favicon.ico How to handle security risks in Red Hat virtualization environments 
Here's a rundown of the types of threats to virtualization environments, and ways they can be mitigated: 
- Denial of Service (DOS) attacks
- Memory corruption and leakage  
- Guest-to-Host escape
Mitigation Techniques
-You can use control groups to protect the four core resources (memory, CPU, disk or network) that can be exploited. 
-SELinux is Red Hat's Linux Security Module and it operates by implementing Mandatory Access Controls (MAC). 
-sVirt (secure virtualization) combines SELinux and virtualization. 
-SecComp is a kernel feature still early in development which also provides sandboxing like capabilities.
Link: http://www.techrepublic.com/article/how-to-handle-security-risks-in-red-hat-virtualization-environments/?ftag=TRE684d531&bhid=21487072891631060763005914609462



http://mashable.com/favicon.ico Google is already fighting hackers from the future with post-quantum cryptography 
"We're announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used," Google Software Engineer Matt Braithwaite wrote in a blog post Thursday, pointing out that Google plans to discontinue the experiment after two years, and hopefully move on to an even better algorithm. 
What does all this mean for Chrome users.
Not much.
Regular users won't be part of the test.
Those who want to have a fraction of their online communication protected with a post-quantum key exchange algorithm should install the latest Chrome Canary build.
To check whether post-quantum crypto was on, go to a HTTPS-secured page, click on the lock next to the URL in the address bar, click on "details," and check if Key Exchange starts with “CECPQ1”.
Link: http://mashable.com/2016/07/08/google-chrome-quantum-cryptography/#zm1AzEuUGuqW



If My Website Is Hacked and Customer Data Exposed, Am I Liable?
That is a question most small business owners aren’t losing sleep over or are readily prepared to answer.
But in an era where data breaches routinely occur, it warrants serious consideration. 
Unfortunately, there is no cut-and-dried answer to that question.
Some attest that the entity holding the information is liable while others suggest the customer bears responsibility. 
Perez, weighing in on the liability issue, warns that small businesses running an ecommerce site must comply with the Payment Card Industry Data Security Standard (PCI DSS). 
“The landscape of cyber security is shifting rapidly as data breaches are spiking,” Delaney said. “Congress, regulators and state attorneys general are taking a hard look at how companies … are protecting consumer information from unauthorized access.
Hearings have been held, and new laws pushed.” 
Notification can quickly become very expensive, however, particularly if you have thousands of customers with which to communicate. 
Unfortunately, standard commercial property and liability insurance does not cover the loss of personally identifiable information.
To address the issue, several companies now offer cyber liability policies intended to cover a data breach where customer information, such as Social Security or credit card numbers, is exposed or stolen. 
While the question of liability is still not clear cut, businesses can protect themselves and their customers by following the guidelines included in this article.
Link: http://smallbiztrends.com/2016/07/website-hacked-customer-data-exposed-liable.html



http://www.scmagazine.com/favicon.ico Business travellers putting organisations' cyber-security at risk 
A survey by Kaspersky Lab of 11,850 people from across Europe, Russia, Latin America, Asia Pacific and the US found that the pressure from work to get online is clouding the judgment of business travellers when connecting to the internet. 
It said that three in five (59 percent) of people in senior roles say they try to log on as quickly as possible upon arrival abroad because there is an expectation at work that they will stay connected.
The research also found that 47 percent think that employers, if they send staff overseas, must accept any security risks that go with it. 
Almost half (48 percent) of senior managers and more than two in five (43 percent) of mid-level managers use unsecure public access Wi-Fi networks to connect their work devices when abroad.
At least two in five (44 percent and 40 percent, respectively) use Wi-Fi to transmit work emails with sensitive or confidential attachments. 
One in five (20 percent) senior executives admit to using work devices to access websites of a sensitive nature via Wi-Fi – compared to an average 12 percent.
One in four (27 percent) have done the same for online banking – compared to an average 16 percent.
Link: http://www.scmagazine.com/business-travellers-putting-organisations-cyber-security-at-risk/article/508027/



https://blogs.technet.microsoft.com/favicon.ico Protecting a BIT of Integrity BYTES 
Leveraging the NIST Cybersecurity Framework to apply necessary albeit painful and often overlooked cyber changes to protect your most critical high-value assets (“Crown Jewels”) from advanced cyber threats
This post will focus primarily on Identify function’s Asset Management component and the Protect function of the NIST framework as it relates to often overlooked operational changes needed to isolate critical high-value assets. 
What to Protect? 
How to Protect? 
Rise above the threats.
Leverage the NIST Cybersecurity Framework and follow best practices to isolate and protect your most critical “crown jewels” and tier-0 credentials using operational security practices and not just dependence on the latest “shiny object” security tools.
Bad guys have these same security tools before they attack, so we need to change the way we isolate and operate on our network.
These changes can be painful and often not intuitive, but defending against advanced attackers require advanced operational defenses to keep a breached PC from becoming a totally owned network.
Link: https://blogs.technet.microsoft.com/staysafe/2016/07/07/protecting-a-bit-of-integrity-bytes/



http://www.pymnts.com/favicon.ico Global Cybergangs Take The ‘Cyber Arms Race’ Lead 
In the release of its first Cyber Crime Assessment report on Thursday (July 7), the U.K.’s National Crime Agency (NCA) said that police and businesses are losing the “cyber arms race” to these sophisticated criminals. 
According to the data, the most significant and advanced threat to the U.K. is actually from a small group of international crooks that use “highly profitable” malware to fuel cyberattacks.
These organized gangs of criminals are able to launch attacks directly at both businesses and individuals. 
According to the report, advertisements — ranging from “DDOS attacks for as low as $5 USD an hour” to “Online tutorials from $20 USD that cover DDOS attacks, cracking Wi-Fi, Crypters and much more” — are just a sample of the offerings posted across the underground marketplace, which it describes as growing bigger, more sophisticated and competitive. 
The intelligence analysts found that malware is becoming “much cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information,” posing an even greater threat to unsuspecting groups, consumers, private organizations and the government.
Link: http://www.pymnts.com/news/security-and-risk/2016/cybergangs-cyber-arms-race-malware/



Cybercrime Now Surpasses Traditional Crime In UK
Cybercrime is currently outpacing traditional crime in the United Kingdom in terms of impact spurred on by the rapid pace of technology and criminal cyber-capability, according to the UK’s National Crime Agency. 
The trend suggests the need for a more collective response from government, law enforcement, and industry to reduce vulnerabilities and prevent crime, the NCA report says. 
One security expert notes that the cybercrime situation here in the US is even more dire. 
“I think it is more dramatic in the US and I do think cybercrime is a larger industry than narcotics trafficking because of intellectual property theft and secondary infection,” says Tom Kellermann, co-founder and CEO of Strategic Cyber Ventures, which invests in next-generation security technology.
Link: http://www.darkreading.com/threat-intelligence/cybercrime-now-surpasses-traditional-crime-in-uk/d/d-id/1326208



http://fedscoop.com/favicon.ico Report: Firms see cyber threats, but not the means to deal with them 
The study, “Taking the Offensive: Working Together to Disrupt Cyber Crime,” was undertaken by international consulting firm KPMG and telecoms group BT. 
While awareness of the threat has never been higher — 73 percent of respondents said digital security was on the agenda of board meetings — most organizations still don’t understand the scale of the threat and aren’t ready for it, according to the report. 
Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication—what the report calls a “vast dark market” for cyber crime tools.
Less than a quarter (22 percent) said they were “fully prepared” to combat security breaches by ever-more-agile cyber criminals. 
Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber crime.
Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes.
Lack of investment and even cultural change within organizations were cited as barriers.
Link: http://fedscoop.com/organizations-fully-aware-of-growing-cyber-threat-but-few-ready-to-deal-with-it-study-finds



http://www.business2community.com/favicon.ico Business Intelligence and Data Security: A Double-Edged Sword 
Business intelligence represents great opportunities for businesses that have the right people, processes and technology in place.
According to a recent ComputerWorld survey, 50 percent of respondents are increasing their IT security budget. 41 percent are increasing their analytics investment.
Another survey found that 35 percent of respondents considered security concerns to be the biggest obstacle surrounding data analysis.
The analytics software space is packed with vendors looking to cash in on this opportunity.
Proof positive is how hot the big data market has been over the past several years.
New data frontiers like social media, mobile ecommerce and web content performance represent new challenges and opportunities for insight for companies of all sizes.
Security Information and Event Management systems are powerful analytics solutions in their own right.
The latest security analytics systems are positioned as more advanced than SIEM could offer.
Threat Analytics/Intelligence solutions, delivered via the cloud by companies like FireEye, Palo Alto Networks and Fortinet are seen as the next generation of security intelligence.
Traditional BI vendors collect a lot of data from various repositories such as ERP, CRM and asset management systems, though they have typically left security and threat analytics to the leading vendors in that space.
Sharing business performance information across your company should be carried out on a “need to know” basis.
Providing permission-based access to data visualizations and executive dashboards should be provisioned with consideration of:
Standards-based API’s, certified by credible sources makes for safer analytics hub than coding your own connections.
Analytics engines are often at the center of multiple systems, which makes them a potentially lucrative target for opportunistic hackers.
Since many data breaches are as a result of employee activities, it emphasizes the need to govern access to reporting systems.
Link: http://www.business2community.com/business-intelligence/business-intelligence-data-security-double-edged-sword-01577755#KvjcbYs2JVLiiH8q.97



8 Ways Ethically Compromised Employees Compromise Security
The fact is that there are always a few bad apples in the barrel, and when it comes to employees—whether IT or your typical corporate user—the bad actors can introduce a lot of risk to the organization.
But some IT executives may not realize just how many potential bad apples there can be, depending on the circumstances. 
Here are a few statistics that show how prevalent shaky ethics really are in the workplace.
Link: http://www.darkreading.com/threat-intelligence/8-ways-ethically-compromised-employees-compromise-security/d/d-id/1326196

Posted on 07/11
NewsPermalink

Sunday, July 10, 2016

Security Industry News - 2016-07-10

Table of Contents

  • Novosco buys UK IT security services firm NetDef
  • Independent Research Firm Cites BeyondTrust as a Leader in Privileged Identity Management Report
  • Thai companies beef up security as malware threats evolve
  • Kaspersky ATM security solution promises big malware defense in a small package
  • Cybersecurity firms step up intel sharing despite issues of trust
  • Skyport interacts with Cisco ACI
  • European tech investors spot safe havens from Brexit worries
  • Why FireEye Is A Toxic Investment
  • UPDATED: Michael Yell joins RSA



Novosco buys UK IT security services firm NetDef
UK IT security solutions and managed services company NetDef has been acquired by Irish cloud provider Novosco for a 7-figure sum.
The deal will expand Novosco's workforce to 140 and expand its UK business.
Link: http://www.telecompaper.com/news/novosco-buys-uk-it-security-services-firm-netdef—1152320



http://tucson.com/favicon.ico Independent Research Firm Cites BeyondTrust as a Leader in Privileged Identity Management Report 
PHOENIX—(BUSINESS WIRE)—BeyondTrust,
the leading cyber security company dedicated to preventing privilege
abuse and stopping unauthorized access, today announced it has been
named a Leader in The Forrester WaveTM: Privileged Identity
Management, Q3 2016 report.
According to The Forrester Wave, BeyondTrust
excels with its privileged session management capabilities.
Link: http://tucson.com/business/independent-research-firm-cites-beyondtrust-as-a-leader-in-privileged/article_da699be3-f0ae-541e-907a-b1f62a430533.html



http://www.thestar.com.my/favicon.ico Thai companies beef up security as malware threats evolve 
Spending on computer security in Thailand is expected to resume double-digit growth this year, fuelled by the growing sophistication of malware threats and development of the digital economy and the national e-payment system, says a security software firm. 
The surge follows high-single-digit growth in 2015.
No raw figures are available on computer security spending. 
Khongsak Kortrakul, senior manager for technical service at Trend Micro (Thailand), said the growth of malware threats is boosting demand for automated data protection software. 
Companies in Thailand experience about 10 malware incidents a month, with medium-sized enterprises heavily targeted.
Link: http://www.thestar.com.my/tech/tech-news/2016/07/08/companies-beef-up-security-as-malware-threats-evolve/



http://www.atmmarketplace.com/favicon.ico Kaspersky ATM security solution promises big malware defense in a small package 
Kaspersky Lab recently announced the availability of Kaspersky Embedded Systems Security, a targeted enterprise-grade solution designed to defend ATMs, point-of-sale systems and point-of-service machines against malware attacks. 
The solution works to protect a variety of Windows-based platforms that handle sensitive financial operations, a press release said. 
The solution supports Windows versions from XP up to and including Windows XP Embedded, Windows Embedded 8.0 Standard and Windows 10 IoT.
Additionally, it can run on systems with as little as 256 megabytes of memory and just 50 megabytes of available disk space, Kaspersky said.
Link: http://www.atmmarketplace.com/news/kaspersky-atm-security-solution-promises-big-malware-defense-in-a-small-package/



Cybersecurity firms step up intel sharing despite issues of trust
“We have to win this war together,” said Ben Johnson, chief security strategist of Carbon Black. 
The company is the latest to help pool together security expertise with a new platform called the Detection eXchange. 
In 2014, Palo Alto Networks joined with rivals including Fortinet, Intel Security and Symantec to form the Cyber Threat Alliance.
The vendors are each sharing around 1,000 malware samples each day and using that data to bolster their security products. 
The alliance is still small, with only about eight members, but Howard believes it will be a “game changer” if the group can expand to 50. 
The intelligence sharing fills gaps in what each security vendor knows.
For instance, Palo Alto Networks and Symantec overlap in only about 70 percent of the malware intelligence they share, according to Howard. 
A major fear is that information shared about vulnerabilities or a company's infrastructure may be leaked accidentally to other hackers.
But the pros can outweigh the cons.
Companies Wright has talked to see the benefits of wider collaboration and even expect it from their vendor.
They realize they’re walking a fine line between the risk of sharing too much and potentially stopping the next cyber attack.
Link: http://www.pcworld.com/article/3093477/cybersecurity-firms-step-up-intel-sharing-despite-issues-of-trust.html



http://www.convergedigest.com/favicon.ico Skyport interacts with Cisco ACI 
Skyport's SkySecure converged system brings together zero trust compute, virtualization and a full stack of security technologies.
It logs all traffic at a forensically auditable level, enabling users to see where traffic originates, where it is headed, whether it was allowed or not, what policy allowed or blocked it, and when and who put that policy into action.
Remote management capability allows users to easily secure branch infrastructure without firewalls, proxies, MPLS or other security measures.
Link: http://www.convergedigest.com/2016/07/skyport-interoperates-with-cisco-aci.html



http://www.reuters.com/favicon.ico European tech investors spot safe havens from Brexit worries 
Technology investors seeking refuge after Brexit are picking companies delivering instant access to services for Web and mobile customers or firms mainly doing business globally which can benefit from the pound's fall. 
They are shying away from hardware makers or e-commerce suppliers with sizeable UK sales, which count for less after currency swings driven by Britain's vote to leave the EU. 
Shareholders are also wary of software and services firms getting caught short by budget freezes by customers scrambling to reassess their businesses and resulting slowing economic growth. 
Two UK-based safe havens are ARM Holdings (ARM.L), which licenses chip technology used in most smartphones worldwide, and Sophos (SOPH.L), driven by demand for its computer security software and services, most financial analysts say. 
U.S. names like Salesforce.com (CRM.N) and Red Hat (RHT.N), with long-term subscriptions for Internet-delivered software and little direct exposure to Britain, are safe bets, said Silicon Valley-based analyst Trip Chowdhry.
Amazon.com (AMZN.O) and Apple (AAPL.O), while active in Britain, enjoy strong brands and have sticky subscription business models likely to insulate them from any UK slowdown, he said.
Link: http://www.reuters.com/article/us-britain-eu-tech-results-idUSKCN0ZQ0F2



http://seekingalpha.com/favicon.ico Why FireEye Is A Toxic Investment 
FireEye investors who have bought the stock in the hopes of an acquisition should consider selling their holdings as none will buy out the company at its asking valuation. 
FireEye has removed its CEO who used to specialize in selling several emerging companies and was spearheading companies like McAfee and Documentum when they were acquired. 
No buyer will pay a premium for FireEye as its expenses have been rising at a faster pace than the revenue, while the debt is also substantial. 
Due to a rapid growth in expenses, FireEye's operating cash flow has slipped deep into the red, which is why no buyer might pay its $30/share asking price. 
FireEye has made a mistake by not accepting two buyout offers this year, while the management shake-up indicates that the board does not intend to sell the company. 
With expenses increasing at a faster rate than revenue, FireEye's business model is currently unsustainable.
Clearly, the company is bleeding money and will continue to do so as the trend above suggests. 
In my opinion, an acquisition would have been the best possible outcome.
However, due to the reasons mentioned above, the chances of the company getting acquired at $30 per share are next to zero now.
Hence, I think investors should stay away from the stock.
Link: http://seekingalpha.com/article/3987377-fireeye-toxic-investment#alt2



UPDATED: Michael Yell joins RSA
Security vendor RSA has appointed a new head of channels and alliances for Asia Pacific and Japan, naming former TeleSign executive Michael Yell to the role. 
Yell joined the company as of June 2016 and will be based at RSA’s Sydney offices. 
The company has recently moved a number of APJ roles to Sydney including channel, inside sales, business unit leads and marketing. 
As part of the role, Yell will be charged with implementing regional channel strategy in the region and managing the company’s partner base.
Link: http://www.arnnet.com.au/article/603160/michael-yell-joins-rsa/

Posted on 07/10
NewsPermalink

Friday, July 08, 2016

IT Security News - 2017-07-08

Table of Contents

  • Commission boosts cybersecurity industry and steps up efforts to tackle cyber-threats
  • Endpoint and Network Security: The rise of “Defense in Depth”
  • EU to invest €450 million in cybersecurity partnership fund
  • The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges
  • Password Sharing Is a Federal Crime, Appeals Court Rules
  • French internet security report urges use of best practice
  • Meeting the cyberchallenge
  • BT : Industrialisation Of Cybercrime Is Disrupting Digital Enterprises
  • Brian Krebs at TMG Executive Summit: Financial institutions have to empower security leaders
  • Microsoft Cybersecurity Advocates for Coordinated Norms



http://europa.eu/favicon.ico Commission boosts cybersecurity industry and steps up efforts to tackle cyber-threats 
Since the adoption of the EU Cybersecurity Strategyin 2013, the European Commission has stepped up its efforts to better protect Europeans online.
It has adopted a set of legislative proposals, in particular on network and information security, earmarked more than €600 million of EU investment for research and innovation in cybersecurity projects during the 2014-2020 period, and fostered cybersecurity cooperation within the EU and with partners on the global stage. 
But more work is needed to address the increasing number and complexity of cyber-threats.
This is why the Commission proposes today a series of measures to reinforce cooperation to secure Europe's digital economy and society, and to help develop innovative and secure technologies, products and services throughout the EU. 
The Commission has proposed an action plan to further strengthen Europe’s cyber resilience and its cybersecurity industry.
This includes measures to: 
- Step up cooperationacross Europe
- Support the emerging single market for cybersecurity products and services in the EU
- Establish a contractual public-private partnership (PPP) with industry  
The EU Cybersecurity Strategy and the forthcoming NIS Directive already lay the groundwork for improved EU-level cooperation and cyber resilience. 
The forthcoming NIS Directive establishes two coordination mechanisms:
-  the Cooperation Group which supports strategic cooperation and exchange of relevant information related to cyber incidents among Member States, and
-  the Network of Computer Security Incident Response Teams (so-called CSIRT network) which promotes swift and effective operational cooperation on specific cybersecurity incidents and sharing information about risks.
Link: http://europa.eu/rapid/press-release_MEMO-16-2322_en.htm



http://www.information-management.com/favicon.ico Endpoint and Network Security: The rise of “Defense in Depth” 
While there is an important place for network security – the simple fact that no system will ever be 100% secure shines light on the need for additional layers of security.
Often network security solutions are trying to filter dangerous content from reaching vulnerable endpoints, but isn’t it better if we can make the endpoints less vulnerable.
With this in mind, the best strategy is to build security from the endpoint out - reducing the attack surface and building defendable infrastructure. 
While network-based security solutions can attempt to block threats before they hit the endpoint, the major problem with this approach is that companies that rely heavily on network security end up with an “eggshell” security stance – whereby a system is reliant on a single outer shell to protect all of the organization’s data. 
The main difficulty faced by detection solutions is the impossible trade-off between security and usability.
Namely, all threats need to be deeply analyzed, but security teams simply cannot make employees wait while they address these issues, which would reduce productivity and staff morale. 
Intel Security found that more than 30% of organizations disable network-based security features for this exact reason.
Malware authors know this, and therefore will create attacks that simply lay dormant for a period of time to bypass the network sandbox.
This has caused malware to evolve new methods of avoiding networks security products, including:
• Delayed onset
• Detecting virtualized environment
• Checking the number of CPU cores (network sandbox usually only presents one)
• Checking if user is real (monitor mouse movement, etc.)
• Exploiting the virtual environment to escape
The most effective way to complement a strong network defense is by reducing the attack surface of the endpoint. 
1- Removing administrator privileges
2- Application whitelisting
3- Sandboxing
A bank doesn’t leave the vault door open just because they have a security guard on the door – they start from the vault and layer security outward.
If the endpoint isn’t secure, and security admins do not ensure that both systems work in tandem, companies simply risk losing data, intellectual property, resources, money and invaluably, trust – in other words, everything.
Link: http://www.information-management.com/news/security/endpoint-and-network-security-the-rise-of-defense-in-depth-10029240-1.html



EU to invest €450 million in cybersecurity partnership fund
The Commission said that it will invest an initial €450 million in the partnership and expects organisations including national, regional and local government bodies, research centres and academia to invest three times as much. 
The partnership will bring companies together for research into cybersecurity solutions for different sectors including energy, health, transport and finance, the Commission said. 
The Commission will encourage EU countries to make use of cooperation mechanisms which will be established under the new Network and Information Security (NIS) Directive, which is expected to be adopted by the European Parliament this week.
Link: http://www.out-law.com/en/articles/2016/july/eu-to-invest-450-million-in-cybersecurity-partnership-fund/



https://securityintelligence.com/favicon.ico The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges 
This kernel of wisdom comes from a certain high-tech headhunter in the late 1980s, who passed it on as she was helping her candidates prepare for their next job.
Twenty years later, it showed up again in “What Got You Here Won’t Get You There,” a best-selling business book by Marshall Goldsmith. 
Two Distinct Roles
As recommended in a strategy map for security leaders, successful next-generation CISOs should strive for their information security teams to be perceived by key stakeholders as being strong in both of two distinct roles: 
- Subject matter experts
- Trusted advisers
Four Fundamental Questions
1) What’s the risk? 
2) What’s the annualized risk in the specific context
3) How does an incremental investment quantifiably reduce risk? 
4) How does one investment compare to another
Three Persistent Challenges
1) A language challenge
2) A measurement challenge
3) A communications challenge
Link: https://securityintelligence.com/the-information-security-leader-part-1-two-distinct-roles-four-fundamental-questions-and-three-persistent-challenges/



http://motherboard.vice.com/favicon.ico Password Sharing Is a Federal Crime, Appeals Court Rules 
One of the nation’s most powerful appeals courts ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all “hacking” law that has been widely used to prosecute behavior that bears no resemblance to hacking. 
In this particular instance, the conviction of David Nosal, a former employee of Korn/Ferry International research firm, was upheld by the Ninth Circuit Court of Appeals, who said that Nosal’s use of a former coworker’s password to access one of the firm’s databases was an “unauthorized” use of a computer system under the CFAA. 
At issue is language in the CFAA that makes it illegal to access a computer system “without authorization.” McKeown said that “without authorization” is “an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.” The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?
Link: http://motherboard.vice.com/read/password-sharing-is-a-federal-crime



French internet security report urges use of best practice
An official report on internet security in France has urged all players in the sector to follow best practice recommendations for the BGP, DNS and TLS security protocols. 
The Resiliance of the French Internet report also encouraged all those in the sector to prepare themselves against the distributed denial-of-service (DDoS) attacks that have been behind some of the higher-profile failures of internet services. 
The 2015 report, the fifth of its kind, made the following principle recommendations: monitor prefix advertisements, and be prepared to react in case of hijacking; use protocols that support forward secrecy and discontinue the increasingly vulnerable SSLv2 and SHA-1 algorithms; diversify the number of SMTP and DNS servers in order to improve the robustness of the infrastructure; apply best practices to limit the effects of failures and operational errors and pursue the deployment of IPv6, DNSSEC, and RPKI to help develop skills and to anticipate possible operational problems.
Link: http://www.telecompaper.com/news/french-internet-security-report-urges-use-of-best-practice—1152056



http://www.washingtontimes.com/favicon.ico Meeting the cyberchallenge 
Each year, the United States falls farther behind in educating K-12 students in science, technology, engineering and math (STEM).
It falls behind in teaching the next generation of technology workers for American companies.
And it falls behind in instructing cybersecurity professionals who will help protect our country.
This deficiency puts our national security at greater risk.
After years of analyzing this challenge, it’s now time for the federal government to act and help address this vulnerability.
Congress should invest in the future by providing adequate resources for K-12 computer science education for the next fiscal year, especially in this transition period between presidential administrations. 
In addition, at a time of increasing cyberthreats and greater complexity in cyberwarfare, the nation also needs skilled cybersecurity.
We now require individuals who can design weapons to support U.S. warfighters and provide cyberdefense for our country’s assets.
Our cyberstrength relative to that of our nation’s adversaries is too vital to ignore.
Link: http://www.washingtontimes.com/news/2016/jul/4/meeting-the-cyberchallenge/



http://www.4-traders.com/favicon.ico BT : Industrialisation Of Cybercrime Is Disrupting Digital Enterprises 
DALLAS, July 5, 2016 /PRNewswire/—Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals.
The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG. 
The report, Taking the Offensive - Working together to disrupt digital crime finds that, while 94 per cent of IT decision makers are aware that criminal entrepreneurs are blackmailing and bribing employees to gain access to organisations, roughly half (47 per cent) admit that they don't have a strategy in place to prevent it. 
The report also finds that 97 per cent of respondents experienced a cyber-attack, with half of them reporting an increase in the last two years.
At the same time, 91 per cent of respondents believe they face obstacles in defending against digital attack, with many citing regulatory obstacles, and 44 per cent being concerned about the dependence on third parties for aspects of their response. 
Mark Hughes, CEO Security, BT, said: "The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft.
The twenty-first century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market." 
The BT-KPMG report shows that Chief Digital Risk Officers (CDROs) are now being appointed to hold strategic roles which combine digital expertise with high-level management skills.
With 26 per cent of respondents confirming that a CDRO has already been appointed, the report's data suggests that the security role and accountability for it is being re-examined.
Link: http://www.4-traders.com/BT-GROUP-PLC-11943/news/BT-Industrialisation-Of-Cybercrime-Is-Disrupting-Digital-Enterprises-22632905/



Brian Krebs at TMG Executive Summit: Financial institutions have to empower security leaders
DES MOINES, IA (July 7, 2016) — TMG Executive Summit keynote speaker Brian Krebs told a room full of credit union and community bank leaders that layers of technology are not enough to stop a data breach.
Instead, the investigative reporter insisted, security is only as effective as the people managing it for you. 
“Organizations buy into the idea that doing security right is layering on the right mix of technology software and services, and that this magic combination will block 99 percent of attacks,” said Krebs, mastermind behind the popular Krebs on Security blog. “It’s just not true.
It’s very expensive to do security right, and that’s partly because the actual security of your organization comes from security specialists.” 
It’s not uncommon, Krebs said, for an organization to look at its event logs for the first time after someone like him gives them a call.
He devotes a lot of energy to breach notification.
Comparing the experience of being notified of a breach to the five stages of grief, Krebs says the people he notifies are almost always in denial. “Those with a high degree of security maturity skip through the first stages and go straight to depression,” Krebs said to a roomful of nervous laughter. 
Phishing, he said, is becoming increasingly sophisticated, even though some cybersecurity experts talk about it as a solved problem.
Over a span of three weeks, Krebs notified several different companies of phishing threats facing their C-suites.
He had seen actual communications spoofing CEO email addresses on the dark web.
No one from any of these vulnerable organizations returned his calls. 
Krebs concluded his hour-long talk by coming back to his point about the importance of human security leadership.
The head of security, Krebs advised, should always report to the COO, CEO or the board of directors.
Organizations with what he calls a high degree of security maturity have created separation between IT and security: “The surest way to deny your security people any say is to have them report to the head of IT.”
Link: https://www.cuinsight.com/press-release/brian-krebs-tmg-executive-summit-financial-institutions-empower-security-leaders



https://securityintelligence.com/favicon.ico Microsoft Cybersecurity Advocates for Coordinated Norms 
Microsoft wants new standards for the cybersecurity world, a vision proposed in its recently published paper “From Articulation to Implementation: Enabling Progress on Cybersecurity Norms.” 
Overall, the Microsoft cybersecurity viewpoint emphasizes the need for a consensus across the industry.
Specifically, the company wants to establish norms regarding the effective disclosure of security issues as well as methods to deal with the attribution of hostile acts directed at software. 
What Microsoft wants is a “coordinated disclosure” approach.
This is a variant of responsible disclosure that also allows disclosure to computer emergency response teams (CERTs) along with the vendor.
The company believes that public disclosure should only happen after a patch has been issued and believes this should be the new cybersecurity norm. 
But Juan Andres Guerrero-Saade, a senior security researcher at Kaspersky Lab, may have identified a problem with trying to establish any norms.
He told SecurityWeek that “the whole concept of norms assumes that they relate to some homogeneous body guided by the same basic principles.
That clearly isn’t so in cyberspace.”
Link: https://securityintelligence.com/news/microsoft-cybersecurity-advocates-for-coordinated-norms/

Posted on 07/08
NewsPermalink

Thursday, July 07, 2016

Security Industry News - 2016-07-07

Table of Contents

  • 10 cutting-edge tools that take endpoint security to a new level
  • mindSHIFT unveils new proactive IT security offerings to protect customers' information
  • Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice
  • Despite Decline, FireEye Is Still Not Cheap
  • Faraday: Collaborative pen test and vulnerability management platform
  • Faraday: Collaborative pen test and vulnerability management platform
  • UpGuard Becomes Member of the Center for Internet Security, Develops Solution to Help Businesses Meet CIS Guidelines
  • Twistlock Secures $10 Million in Series A Funding
  • Ixia Combines Visibility and Test Technology to Speed Network Fault Isolation and Outage Resolution
  • Report: Here's Who FireEye Could Be Eyeing For An Acquisition
  • Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio
  • Worldwide cloud IT infrastructure revenue grows to $6.6 billion
  • Fusion Wins $1.3 Million Contract to Provide Cloud Services to Leading Cybersecurity Company
  • Antivirus merger: Avast to buy AVG for $1.3 billion
  • Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out
  • Cyphort Strengthens Management Team with Two New Executive Hires
  • Palo Alto offers $16,000 in looming CTF hack off



10 cutting-edge tools that take endpoint security to a new level
The 10 products we tested in this review go beyond proactive monitoring and endpoint protection and look more closely at threats.
They evaluate these threats in a larger ecosystem, combining the best aspects from network intrusion detection and examining the individual process level on each computer.
That is a tall order, to be sure. 
Evidence of how important this product category has become is Microsoft's latest entry, called Windows Defender Advanced Threat Protection.
Announced at the RSA show in March, it will be slowly rolled out to all Windows 10 users (whether they want it or not, thanks to Windows Update).
Basically what Microsoft is doing is turning every endpoint into a sensor and sending this information to its cloud-based detection service called Security Graph.
No remediation feature has been announced to work with this yet. 
Besides Microsoft, there are many products to choose from.
We looked at Outlier Security, Cybereason, Sentinel One, Stormshield SES, ForeScout CounterAct, Promisec PEM, CounterTack Sentinel, CrowdStrike Falcon Host, Guidance Software Encase, and Comodo Advanced Endpoint Protection. (BufferZone, Deep Instinct, enSilo, Triumfant, ThreatStop and Ziften declined to participate.) 
The best products combine both hunting and gathering approaches and also look at what happens across your network, tie into various security event feeds produced by both internal systems and external malware collectors, work both online and offline across a wide variety of endpoint operating systems and versions, and examine your endpoints in near real-time. 
As you might suspect, no one product does everything.
You will have to make compromises, depending on what other security tools you already have installed and the skill levels of your staff.
Because of this, we weren't able to score each product numerically or award an overall winner.
Link: http://www.infoworld.com/article/3091100/endpoint-protection/10-cutting-edge-tools-that-take-endpoint-security-to-a-new-level.html



http://finance.yahoo.com/favicon.ico mindSHIFT unveils new proactive IT security offerings to protect customers' information 
STERLING, Va., July 6, 2016 /PRNewswire/—mindSHIFT Technologies, Inc., a Ricoh company, today announced the launch of mindSHIFT IT Security, Risk and Compliance Services.
This latest addition to mindSHIFT's robust IT services portfolio will enable customers to take a proactive approach to information security. 
Available to customers today, mindSHIFT's IT Security, Risk and Compliance Services consist of three distinct services to help organizations identify and mitigate risk from security breaches, cyberattacks, rogue employees and to help organizations achieve compliance with federal, state and industry regulations.
These services include External Vulnerability Assessments, Penetration Testing and Cybersecurity Risk Assessments.
Link: http://finance.yahoo.com/news/mindshift-unveils-proactive-security-offerings-133000140.html



http://finance.yahoo.com/favicon.ico Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice 
Kroll (“the Company”), a global leader in risk mitigation, compliance, security, and incident response solutions, today announced the appointment of J.
Andrew Valentine as an Associate Managing Director in its Cyber Security and Investigations practice.
With a wide range of experiences and skills that bridge the private sector and law enforcement, Valentine is a highly accomplished practitioner as well as a recognized thought leader, author, and speaker on computer crime and cyber security.
He has managed numerous high-profile criminal forensic and data breach investigations in the United States and internationally, where his work proved instrumental in the arrests and successful prosecutions of notorious hackers and criminals. 
Over the course of a 14-year career, Valentine became well-versed in criminal and civil investigative requirements, including computer forensics, evidentiary procedures, and fact-finding techniques, during his service with the Florida Department of Law Enforcement’s Computer Crime Center and with Verizon/Cybertrust.
He has regularly collaborated with government and state/provincial law enforcement agencies worldwide, including the Federal Bureau of Investigation, U.S.
Secret Service, and Department of Homeland Security.
Adept at making a complex and challenging subject matter clear and comprehensible, Valentine has served as an expert witness in criminal and civil trials.
Link: http://finance.yahoo.com/news/kroll-names-j-andrew-valentine-155300383.html



http://seekingalpha.com/favicon.ico Despite Decline, FireEye Is Still Not Cheap 
FireEye’s economic earnings, the true cash flows of the business, have declined from -$40 million in 2012 to -$587 million over the trailing twelve months.
By removing stock based compensation expense, FEYE is able to report non-GAAP results that, while not positive, are improving year-over-year while the true profits are declining. 
With shares now greatly overvalued plus large profit losses and strong competition, FireEye (NASDAQ:FEYE) is this week's Danger Zone pick. 
The security industry is highly competitive and FEYE faces significant challenges from each of its competitors.
As noted in the company's 10-K, competition comes from Cisco (NASDAQ:CSCO), Juniper (NYSE:JNPR), Intel (NASDAQ:INTC), IBM (NYSE:IBM), and Palo Alto Networks (NYSE:PANW), among others.
Figure 3 makes it clear that FEYE's competition have higher margins and ROICs.
With such negative profitability, FireEye has competitive disadvantages in the form of less capacity to invest in product development and less pricing flexibility. 
More recently, in 1Q16, revenue grew by 34% year-over-year.
However, cost of revenues grew 37%, R&D grew 31%, and general and administrative costs grew 30% year-over-year.
In order to buy into the bull case, one must believe FEYE can significantly cut costs in order to improve margins, while simultaneously growing revenue to maintain the "growth story" initially sold to the market.
Link: http://seekingalpha.com/article/3986664-despite-decline-fireeye-still-cheap?auth_param=137vrm:1bnqfrk:d48164696a98d79d229d4e247763caad&uprof=45&dr=1



https://www.helpnetsecurity.com/favicon.ico Faraday: Collaborative pen test and vulnerability management platform 
Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time.
It gives CISOs a better overview of their team’s job, tools and results.
You can run it on Windows, Linux and OS X. 
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan. 
Radical changes to the tool – how looks and behaves – are in the works.
One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
Link: https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/



https://www.helpnetsecurity.com/favicon.ico Faraday: Collaborative pen test and vulnerability management platform 
Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time.
It gives CISOs a better overview of their team’s job, tools and results.
You can run it on Windows, Linux and OS X. 
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan. 
Radical changes to the tool – how looks and behaves – are in the works.
One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
Link: https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/



http://finance.yahoo.com/favicon.ico UpGuard Becomes Member of the Center for Internet Security, Develops Solution to Help Businesses Meet CIS Guidelines 
MOUNTAIN VIEW, CA—(Marketwired - Jul 6, 2016) -  UpGuard today announced that it has become a member of the Center for Internet Security (CIS), and will continue to help businesses expand visibility into their cyber risk by providing hardening benchmarks to all customers.
By incorporating these benchmarks, UpGuard's CSTAR solution builds on its lead in providing the most complete assessment of both internal and external cyber risk.
Link: http://finance.yahoo.com/news/upguard-becomes-member-center-internet-160000777.html



http://finance.yahoo.com/favicon.ico Twistlock Secures $10 Million in Series A Funding 
SAN FRANCISCO, CA—(Marketwired - Jul 6, 2016) - Twistlock, the leading provider of security solutions for virtual containers, today announced it has completed a $10 million round of funding led by TenEleven Ventures.
The round was completed with strong support from new investor Rally Ventures and existing backers YL Ventures and a strategic venture firm. 
Twistlock also announced that Alex Doll, founder of TenEleven Ventures, has joined its board of directors.
Alex is a long-time security industry veteran who cofounded PGP Corporation and currently is an investor in and director of several high-growth cybersecurity companies, including CounterTack, Cylance and Ping Identity.
Link: http://finance.yahoo.com/news/twistlock-secures-10-million-series-113000696.html



http://finance.yahoo.com/favicon.ico Ixia Combines Visibility and Test Technology to Speed Network Fault Isolation and Outage Resolution 
Ixia, a leading provider of network testing, visibility, and security solutions, today announced TrafficREWIND™, a new solution that captures traffic patterns from a production network and accurately recreates them in a controlled sand-box environment.
TrafficREWIND, based on new patent pending technology, enables enterprises, service providers, and network equipment manufacturers to dramatically speed fault isolation and outage resolution with real world testing.
Ixia is planning a demonstration of TrafficREWIND at Cisco Live (Booth #3019) in Las Vegas 2016, July 10th – 14th. 
TrafficREWIND leverages the advanced functionality of several of the company’s solutions, including the Vision ONE™ network visibility solution to capture production network traffic profiles, the BreakingPoint™ testing platform to replay the traffic in a controlled environment such as a pre-deployment lab or a staged network, as well as Ixia’s Application and Threat Intelligence (ATI) technology for advanced threat intelligence. 
Ixia’s BreakingPoint validates the stability, accuracy, and quality of networks and network devices.
Adding TrafficREWIND enables customers to review past production traffic conditions and replay them, plan for the future by scaling or changing traffic dynamics, and freeze time to examine a specific incident at the exact moment it happened, for rapid fault analysis.
Link: http://finance.yahoo.com/news/ixia-combines-visibility-test-technology-173700737.html



http://www.crn.com/favicon.ico Report: Here's Who FireEye Could Be Eyeing For An Acquisition 
After making two acquisitions earlier this year, a report by financial services company The Cowen Group speculated that FireEye could be on the acquisition trail again.
- Bromium
- ForeScout Technologies  
- Cato Networks
- Securonix
Cowen report aside, rumors have again emerged that FireEye could be the target of a buyout bid itself.
Link: http://www.crn.com/slide-shows/security/300081243/report-heres-who-fireeye-could-be-eyeing-for-an-acquisition.htm/pgno/0/1



http://www.businesswire.com/favicon.ico Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio 
LONDON—(BUSINESS WIRE)—Technavio analysts forecast the global security intelligence and analytics solutions market to grow at a CAGR of over 10% during the forecast period, according to their latest report. 
The research study covers the present scenario and growth prospects of the global security intelligence and analytics solutions market for 2016-2020.
The report also lists security intelligence and security analytics as the two main product segments, with security intelligence accounting for more than 71% of the market share. 
Most internet service providers have a distributed architecture hence, a security solution at the network level cannot limit the threat of attacks.
Most attacks on systems originate from the web.
For consumers, most threats are sourced from web interactions and peer-to-peer usage.
As these threats target specific systems, they are difficult to detect and prevent at the network level.
Therefore, end-users are increasingly adopting security intelligence and analytics solutions at a rapid pace, as these solutions help in detecting and eliminating the threats. 
According to Amrita Choudhury, a lead analyst at Technavio for IT security research, “Security breaches pose the threat of loss of end-user data and will lead potential customers away from the company as well as erode the brand image and equity of the company.
Thus, investments in threat intelligence security have considerably increased due to increased need for enterprises to preserve their reputation and brand image.” 
The complexity of threats directed toward end-users is increasing.
For instance, threats such as advanced persistent threats are on the rise.
Unlike the traditional threats that were individual in nature and were targeted at a single system, these threats are targeted at a whole setup.
Furthermore, they have the capability to bring down the infrastructure of a whole entity.
Hence, to counter these attacks, which are increasing in both frequency and complexity, end-users are adopting security analytics solutions at a rapid pace. 
Growing use of mobile devices such as laptops, smartphones, and other handheld devices is contributing to the growth of the market.
The increased use of mobile devices leads to the storage of critical information and easy access to this information.
This increases the need to protect these devices.
Link: http://www.businesswire.com/news/home/20160705005292/en/Increased-Complexity-Attacks-Create-Opportunities-Global-Security



https://www.helpnetsecurity.com/favicon.ico Worldwide cloud IT infrastructure revenue grows to $6.6 billion 
Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew by 3.9% year over year to $6.6 billion in the first quarter of 2016 (1Q16) on slowed demand from the hyperscale public cloud sector, according to the IDC. 
Total cloud IT infrastructure revenues climbed to a 32.3% share of overall IT revenues in 1Q16, up from 30.2% a year ago.
Revenue from infrastructure sales to private cloud grew by 6.8% to $2.8 billion, and to public cloud by 1.9% to $3.9 billion. 
Total cloud IT infrastructure revenues climbed to a 32.3% share of overall IT revenues in 1Q16, up from 30.2% a year ago.
Revenue from infrastructure sales to private cloud grew by 6.8% to $2.8 billion, and to public cloud by 1.9% to $3.9 billion.
Link: https://www.helpnetsecurity.com/2016/07/07/worldwide-cloud-it-infrastructure/



http://finance.yahoo.com/favicon.ico Fusion Wins $1.3 Million Contract to Provide Cloud Services to Leading Cybersecurity Company 
NEW YORK, NY—(Marketwired - July 07, 2016) - Fusion (FSNN), a leading provider of cloud services, today announced that it has been selected to provide a fully integrated suite of advanced cloud solutions to an award-winning cybersecurity company.
The company, well recognized for its innovative cybersecurity solutions, has specialized in advanced threat detection, analysis and remediation for more than twenty years.
The cybersecurity leader cited Fusion's fully redundant and diverse cloud network, its secure data centers, and its built-in business continuity and disaster recovery solutions as primary reasons for awarding Fusion the contract, which has a minimum three year term.
The contract is expected to generate more than $1.3 million in cloud-based services revenue. 
In addition to selecting Fusion for its cloud voice services, dedicated Internet access and a powerful managed cloud network solution connecting three of the company's sites, the cybersecurity company trusted Fusion to provide a secure Data Center Service solution, which houses the company's cloud applications, servers and additional business-critical equipment in a fully certified data center.
Further, the cybersecurity company wanted to maintain control over its service environment and was impressed with Fusion's powerful management portals, including a voice portal that allows the company to distribute its calls across multiple sites, lowering costs while guaranteeing that communications can continue to flow during peak periods or unforeseen service interruptions.
The company was looking for a single source cloud solutions provider and found it in Fusion, ensuring that service delivery is seamlessly and securely delivered through one contract and managed through one experienced point of contact.
Link: http://finance.yahoo.com/news/fusion-wins-1-3-million-124625349.html



http://www.computerworld.com/favicon.ico Antivirus merger: Avast to buy AVG for $1.3 billion 
The deal will give Avast access to more than 400 million "endpoints," or devices running its and AVG's software, 160 million of them phones or tablets, the company said Thursday. 
Avast hopes the deal will make the combined company more efficient, as well as allowing it to take advantage of new growth opportunities such as securing the internet of things.
Link: http://www.computerworld.com/article/3092501/security/antivirus-merger-avast-to-buy-avg-for-13-billion.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-07&idg_eid=d5d8326c323742a4ed7bf4fd3d



http://www.forbes.com/favicon.ico Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out 
Stuart McClure, goateed and soft-spoken, is confident and calm as he recites a well-rehearsed pitch on how his company, Cylance, is using artificial intelligence to shake up the antivirus industry. “We block 99.9% of the attacks out there,” he says, sounding like he’s selling a bottle of Purell. “Response to our product has been so overwhelming that we’re almost compelled to accelerate expansion so everyone can get their hands on it.” 
McClure has a lot to be confident about: In June his nearly four-year-old, 420-employee company was valued at $1 billion after raising a $100 million Series D round from Blackstone Tactical Opportunities and Insight Venture Partners.
But mention the name George Kurtz, his former partner and the current CEO of rival unicorn CrowdStrike, and the even-keeled 47-year-old security entrepreneur loses his cool. “George is a major competitor, and he’ll say anything to stop you from writing a story like this,” McClure says in a burst. “We’re beating him constantly in the market because he doesn’t do anything around prevention–they only do detection, and they don’t do it all that well.” 
McClure and Kurtz – once pals, partners and bestselling coauthors – are now fierce competitors. 
The race is on for Cylance and CrowdStrike - as well as other richly-valued security startups like FireEye and Palo Alto Networks – to convince corporate clients that their software will keep out the criminals in the cheapest and most efficient way possible. 
Cylance acts like a border guard, blocking shady actors before they enter the network. 
CrowdStrike, meanwhile, is a digital cop, patrolling networks for suspicious behavior. 
As for their bestselling book, Hacking Exposed, McClure says Kurtz’s name should never have been on it: “He wrote one chapter, but he makes it sound like it’s his book.
I gave him the book cover because I’m a nice guy.” Kurtz responded: “The claim that I wrote one chapter is not true.
I spent six months writing almost a third of the book.”
Link: http://www.forbes.com/sites/thomasbrewster/2016/07/06/duelling-unicorns-crowdstrike-vs-cylance-in-brutal-battle-to-knock-hackers-out/#16c05c4f1211



http://www.businesswire.com/favicon.ico Cyphort Strengthens Management Team with Two New Executive Hires 
SANTA CLARA, Calif.—(BUSINESS WIRE)—Cyphort, the next generation Advanced Persistent Threat (APT) defense company, today announced it has hired Gord Boyce as Chief Customer Officer and Franklyn Jones as Vice President of Marketing.
Both Boyce and Jones offer decades of experience with technology leadership and will have oversight of the strategic direction and operation of their respective sales and marketing teams.
Boyce and Jones will report to Manoj Leelanivas, president and CEO. 
A high-tech veteran, Gord Boyce brings nearly 25 years of industry experience to Cyphort.
Prior to Cyphort, Boyce was CEO of file security company FinalCode, and CEO of network security and continuous monitoring company ForeScout Technologies.
He joined ForeScout as SVP of Worldwide Sales and Marketing, helping the company to expand its global channel, strategic partner base and market share.
Under his tenure, the company’s enterprise customer base increased from 200 to well over 1500 globally, including some of the world’s largest financial and military organizations.
Prior to ForeScout, Boyce held several senior management positions within the Nokia Internet Communications group and the Enterprise Solutions business group.
As the Chief Customer Officer for Cyphort, Boyce will be responsible for leading worldwide sales and driving customer engagement programs. 
Franklyn Jones has provided marketing leadership for innovative start-ups and established market leaders for more than 25 years.
His experience in cybersecurity includes CMO of Spikes Security, VP of Marketing at Bromium and nearly five years at Palo Alto Networks, which included helping launch and lead the company’s revenue growth in EMEA.
Jones also ran Solutions Marketing at Blue Coat Systems, helping the company accelerate its revenue growth and expand its leadership in the secure web gateway market.
In his role as Vice President of Marketing at Cyphort, Jones will be responsible for all aspects of corporate, product, and channel marketing, with a goal of accelerating Cyphort’s growth in the market.
Link: http://www.businesswire.com/news/home/20160707005166/en/Cyphort-Strengthens-Management-Team-Executive-Hires



http://www.theregister.co.uk/favicon.ico Palo Alto offers $16,000 in looming CTF hack off 
In eight days, Palo Alto is launching a capture the flag competition offering a total of US$16000 (£12340, A$21,245) for the first to complete the six trials. 
The first to solve all six challenges will receive US$5000 (£3866, A$6640), and can score six lots of US$1000 (£773, A$1328) if they are also the first to complete each individual track.
Each track in the CTF dubbed LabyREnth will test competitor's abilities in disciplines including reverse engineering, programming, and threat intelligence. 
The tracks, designed by Palo Alto's @Unit42's Richard Wartell (@wartortell) will become increasingly difficult over time.
Link: http://www.theregister.co.uk/2016/07/07/palo_alto_offers_16000_in_looming_ctf_hack_off/

Posted on 07/07
NewsPermalink

Incident Response Newsalert - 2016-07-07

Table of Contents

  Breach Secure Now!’s New Breach Prevention Platform Provides MSPs with Tools to Minimize the Chance of Client Data Breaches
  Data Breach Digest: Breach trends that will define incident response
  Risk analytics market to experience serious growth
  Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
  Corax Selects Splice Machine’s Dual-Engine RDBMS to Deliver Faster, Real-Time Cyber Security Analytics to its Customers
  Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio

Breach Secure Now!’s New Breach Prevention Platform Provides MSPs with Tools to Minimize the Chance of Client Data Breaches
Breach Secure Now! has released its highly anticipated Breach Prevention Platform, a suite of security tools to help MSPs reduce the likelihood of their clients having a data breach.
MSPs can add these breach prevention tools to their portfolio of IT services, and offer them to clients under their own label.
Breach Prevention Platform sits behind the MSP’s branded security portal and lets clients access a variety of tools, from automated security risk assessments (SRA) and simulated phishing attacks to security policies and ongoing employee security training.
A new addition to the Breach Prevention Platform is the variety of employee security training tools, since the majority of breaches happen due to human error.
The security training starts with an overview of security threats, such as phishing scams, ransomware, social media hoaxes, hackable wifi, etc., and the information is bolstered with ongoing lessons aimed at reinforcing the initial material.
As an option, MSPs can add $100,000 of financial protection and breach response services to the Breach Prevention Platform.
These value-added services can provide the critical help their clients will need to survive and recover if a breach does occur.
The breach response services supplement the services MSPs already provide to their clients.
Unlike the MSP’s typical security offerings of firewalls, anti-virus and security patches that are invisible to clients, Breach Prevention Platform is customer-facing and interactive.
Link: http://www.pressreleaserocket.net/breach-secure-nows-new-breach-prevention-platform-provides-msps-with-tools-to-minimize-the-chance-of-client-data-breaches/467332/

Data Breach Digest: Breach trends that will define incident response
Along with being a great way to make sense of the major security news we see every day, a key part of effective breach response is being able to anticipate the emerging threats and effectively integrate them into the incident response process.
The following reviews a few of our 2015 predictions to see how they fared and some fresh threats for businesses to consider:
EMV Chip and PIN Liability Shift Will Not Stop Payment Breaches
The Healthcare Industry Will Face New Attacks and Stay in the Crosshairs
Cyber Conflicts Between Countries Will Leave Consumers and Businesses as Collateral Damage
The first half of 2016 has also presented several threats that companies must be on the lookout to address:
Phishing for Data (Not Malware)
Username and Password Hacks Are Back in Style
Corporate Extortion
Link: http://www.securityinfowatch.com/article/12228883/data-breach-digest-breach-trends-that-will-define-incident-response

Risk analytics market to experience serious growth
The risk analytics market is estimated to grow from USD 16.55 billion in 2016 to USD 30.18 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 12.8%, according to MarketsandMarkets.
The major vendors in the Risk Analytics Market include IBM, SAP, SAS Institute, Oracle, FIS Global, and Verisk Analytics, along with others.
The GRC software is expected to dominate the market from 2016 to 2021.
This is due to the fact that this software empowers organizations with the ability to identify, manage, monitor, and analyze risk and compliance across the enterprise in a single integrated solution.
Scorecard and visualization tools software is expected to gain traction in the next five years as it enables representation of multi-dimensional data to enhance the quality of analysis and insight by facilitating rapid and accurate observations.
The manufacturing segment is expected to grow at a rapid rate from 2016 to 2021 in the Risk Analytics Market.
The high growth rate can be attributed to the rapidly changing customer expectations, fierce market competition, and stringent regulatory constraints faced by the manufacturing industries.
North America is expected to have the largest market share and dominate the Risk Analytics Market from 2016 to 2021, due to increasing adoption of risk analytics software and services by organizations in order to safeguard their businesses from losses and also because of the stern non-compliance measures adopted by the government and various regulatory bodies in this region.
APAC offers potential growth opportunities due to the rise in technology penetration and presence of large number of SMEs which are under tremendous competitive pressure from large enterprises.
Link: https://www.helpnetsecurity.com/2016/07/06/risk-analytics-market/

Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
Congratulations, you’re the new CISO.
Whether you have served in the role previously or it’s new to you, you’ll be asked to observe your new organization, to develop a 100-day plan, to evaluate people, processes, and technology, and of course you’ll need to tell the CEO where you would attack the organization and how you will protect against that.
It’s a daunting and exciting task to be the new CISO.
Your SOC became sick for several reasons.

The technology you have is antiquated and completely signature-based, best suited for static threats, not advanced threats.
While signature-based solutions have a role, it’s a secondary protection role.
The organization failed to keep up with technology and the evolving threat.
For years, the organization has relied on incremental funding.
This budget strategy has a typical result; a disparate mix of capabilities purchased individually as security silos without consideration for how the capabilities will work together.
The tools don’t work together.
It’s an integration nightmare!
Your goal now is to bring it back to a healthy state.
Here are five strategies to overcome SOC-atrophy.
- Research to understand all SOC investments.
- Perform a SOC-focused assessment.
- Study the threat landscape.
- Resist the urge to fund your tools piecemeal.
- Encourage cross-organizational collaboration.
Link: http://www.darkreading.com/threat-intelligence/diagnosis-soc-atrophy-what-to-do-when-your-security-operation-center-gets-sick/a/d-id/1326118

Corax Selects Splice Machine’s Dual-Engine RDBMS to Deliver Faster, Real-Time Cyber Security Analytics to its Customers
SAN FRANCISCO, July 6, 2016 /PRNewswire/—Splice Machine, the dual-engine RDBMS for mixed operational and analytical workloads, powered by Hadoop and Spark, today announced that Corax, a startup company that provides cloud-based cyber security operations, analysis and reporting software, has selected Splice Machine to manage its risk quantification calculations, store large datasets and meet future scalability requirements.
Leveraging machine learning and a streamlined user interface, Corax will be able to provide faster, meaningful recommendations to its customers about cyber security actions, investment and insurance, helping them make decisions that prevent cyber crime and data loss.
Splice Machine is a dual-engine RDBMS for mixed operational and analytical workloads, powered by Hadoop and Spark.
Instead of having to synchronize data across multiple compute engines like a traditional Lambda architecture, Corax is able to rely on a less complex architecture with a dual-engine RDBMS, enabling its analytical systems to propagate threat data in real-time, while simultaneously performing compute-heavy analytics jobs – all from one data source.
Link: http://finance.yahoo.com/news/corax-selects-splice-machines-dual-120000362.html

Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio
LONDON—(BUSINESS WIRE)—Technavio analysts forecast the global security intelligence and analytics solutions market to grow at a CAGR of over 10% during the forecast period, according to their latest report.
The research study covers the present scenario and growth prospects of the global security intelligence and analytics solutions market for 2016-2020.
The report also lists security intelligence and security analytics as the two main product segments, with security intelligence accounting for more than 71% of the market share.
Most internet service providers have a distributed architecture hence, a security solution at the network level cannot limit the threat of attacks.
Most attacks on systems originate from the web.
For consumers, most threats are sourced from web interactions and peer-to-peer usage.
As these threats target specific systems, they are difficult to detect and prevent at the network level.
Therefore, end-users are increasingly adopting security intelligence and analytics solutions at a rapid pace, as these solutions help in detecting and eliminating the threats.
According to Amrita Choudhury, a lead analyst at Technavio for IT security research, “Security breaches pose the threat of loss of end-user data and will lead potential customers away from the company as well as erode the brand image and equity of the company.
Thus, investments in threat intelligence security have considerably increased due to increased need for enterprises to preserve their reputation and brand image.”
The complexity of threats directed toward end-users is increasing.
For instance, threats such as advanced persistent threats are on the rise.
Unlike the traditional threats that were individual in nature and were targeted at a single system, these threats are targeted at a whole setup.
Furthermore, they have the capability to bring down the infrastructure of a whole entity.
Hence, to counter these attacks, which are increasing in both frequency and complexity, end-users are adopting security analytics solutions at a rapid pace.
Growing use of mobile devices such as laptops, smartphones, and other handheld devices is contributing to the growth of the market.
The increased use of mobile devices leads to the storage of critical information and easy access to this information.
This increases the need to protect these devices.
Link: http://www.businesswire.com/news/home/20160705005292/en/Increased-Complexity-Attacks-Create-Opportunities-Global-Security

Posted on 07/07
NewsOTT VideoPending ReviewPermalink

Friday, April 24, 2015

Newsalert - 2015 Apr 23

Threat intelligence programs maturing despite staffing, tech obstacles
During a Tuesday session at RSA Conference 2015, entitled “Threat Intelligence is Like Three-Day Potty Training,” Forrester Principal Analyst Rick Holland used the analogy to highlight how threat intelligence is increasingly becoming a requirement for enterprises, but building a program and advancing it to the point where it supports an organization’s strategic objectives often takes much longer than anticipated.
Citing data from Forrester’s 2014 global security survey, Holland said that for the past two years more than three-quarters of North American enterprises said establishing or improving threat intelligence was a priority in the next 12 months.
Link: [ http://searchsecurity.techtarget.com/news/4500244809/Threat-intelligence-programs-maturing-despite-staffing-tech-obstacles ] ( http://searchsecurity.techtarget.com/news/4500244809/Threat-intelligence-programs-maturing-despite-staffing-tech-obstacles )

IDC Analysts Identify IT Security Trends at RSA
in the world of cyber-fraud (or “consumer cyber security”), intelligence has not significantly advanced in recent years. While in the world of enterprise security, advanced threat intelligence identifies IOCs, TTPs, and causes pain to the threat actor, in the world of fraud, intelligence has remained superficial – here’s a compromised credit card number, or here’s a ZeuS hash. No depth or insight. In the world of fraud, we receive disconnected data points for the most part.
Link: [ http://pulseblog.emc.com/2015/04/22/the-need-for-advanced-fraud-intelligence/ ] ( http://pulseblog.emc.com/2015/04/22/the-need-for-advanced-fraud-intelligence/ )

IRC Botnets alive, effective & evolving
In this era of sophisticated Botnets with multiple C&C communication channels, custom protocols, and encrypted communication; we continue to see a steady number of new IRC based Botnet payloads being pushed out in the wild on a regular basis. As we saw in our analysis, IRC based Botnet families continue to evolve in terms of sophisticated features incorporated in the bots.
Link: [ http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html?m=1 ] ( http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html?m=1 )

5 Overlooked IT Risk Management Issues That Can Bite You In The Budget
The cold, stark reality of IT budgeting is that there are plenty of IT risk management issues that can easily be overlooked … and end up biting you in the budget. Here are five to put on the agenda for your next IT staff meeting so that you don’t find yourself footing an unexpected (and nasty) bill later in the fiscal year.
Link: [ http://www.forbes.com/sites/sungardas/2015/04/22/5-overlooked-it-risk-management-issues-that-can-bite-you-in-the-budget/ ] ( http://www.forbes.com/sites/sungardas/2015/04/22/5-overlooked-it-risk-management-issues-that-can-bite-you-in-the-budget/ )

New F-Secure Report Warns of Growth in Extortion Malware
New research from cyber security firm F-Secure points to an increase in the amount of malware designed to extort money from unsuspecting mobile phone and PC users. New F-Secure Report Warns of Growth in Extortion Malware According to the new Threat Report, malware such as premium SMS message sending trojans and ransomware continue to spread, making them a notable presence in today’s digital threat landscape.
Link: [ http://www.reuters.com/article/2015/04/23/idUSnMKWHJ1bYa+1f2+MKW20150423 ] ( http://www.reuters.com/article/2015/04/23/idUSnMKWHJ1bYa+1f2+MKW20150423 )

Conficker remains top of the threats as existing malware for Windows dominates
Android is still the main target for mobile malware, with 61 new families discovered compared to only three for iOS. The fastest growth has been in malware that sends premium SMS messages. Ransomware is still growing too, the Koler and Slocker trojans being the largest ransomware families on Android.
Looked at geographically, most threats reported by F-Secure users in the second half of 2014 originated from Europe and Asia, but in the last six months the company saw more activity reported in South America.
Link: [ http://betanews.com/2015/04/23/conficker-remains-top-of-the-threats-as-existing-malware-for-windows-dominates/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN ] ( http://betanews.com/2015/04/23/conficker-remains-top-of-the-threats-as-existing-malware-for-windows-dominates/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN )

Mobile malware infections may be overhyped
Mobile users in the US are 1.3 times more likely to be struck by lightning than malware, new research has found.
Atlanta-based security firm, Damballa, has released data at the RSA conference in San Francisco that suggests the problem of mobile malware has been overemphasised.
Link: [ http://www.arnnet.com.au/article/573309/mobile-malware-infections-may-overhyped/?fp=2&fpid=1 ] ( http://www.arnnet.com.au/article/573309/mobile-malware-infections-may-overhyped/?fp=2&fpid=1 )

Kaspersky Lab Finds “Darwin Nuke” Vulnerability in OS X and iOS
The “Darwin Nuke” vulnerability is exploited while processing an IP packet of specific size and with invalid IP options. Remote attackers can initiate a DoS (denial of service) attack on a device with OS X 10.10 or iOS 8, sending an incorrect network packet to the target. After processing the invalid network packet, the system will crash. Kaspersky Lab’s researchers discovered that the system will crash only if the IP packet meets the following conditions:
Link: [ http://www.equitybulls.com/admin/news2006/news_det.asp?id=158598 ] ( http://www.equitybulls.com/admin/news2006/news_det.asp?id=158598 )

Posted on 04/24
NewsPermalink

Wednesday, April 22, 2015

Newsalert - 2015 Apr 22

**RSA Conference: ThreatStream Announces First Apple Watch App for Managing Threat Intelligence On-the-Go** 
SAN FRANCISCO AND REDWOOD CITY, Calif., April 21, 2015 /PRNewswire/—ThreatStream® (RSA booth #S2727), the leading provider of an enterprise-class threat intelligence platform, today announced the first iOS threat intelligence app for the Apple Watch. The app, which is also available for the iPhone and iPad, provides full access to the ThreatStream Optic threat intelligence platform dashboard and displays, and enables users to take action with a simple tap of the screen or voice command. The new Apple Watch app will be demonstrated in the ThreatStream booth during the RSA Conference (@rsaconference) this week. ThreatStream will also be giving away one Apple Watch a day to visitors who come by their booth. 
**Link:** [  http://www.wkrg.com/story/28856933/rsa-conference-threatstream-announces-first-apple-watch-app-for-managing-threat-intelligence-on-the-go  ] (  http://www.wkrg.com/story/28856933/rsa-conference-threatstream-announces-first-apple-watch-app-for-managing-threat-intelligence-on-the-go  ) 

**Corporate privacy policies are out of step with protecting sensitive data** 
Data protection specialist Druva has released the results of a new study conducted by Dimensional Research which examines companies’ efforts to protect sensitive data, the challenges they face ensuring data privacy and gathers respondent views on protecting data privacy in the cloud. 
Among the findings are that 99 percent of respondents reported having some for of sensitive data, including personal financial, healthcare and authentication-related data, they needed to manage. 84 percent reported plans to boost their efforts to protect the privacy of sensitive data. There are problems with enforcement, however, with almost 84 percent of respondents reporting that employees don’t follow data privacy policies. 
**Link:** [  http://betanews.com/2015/04/22/corporate-privacy-policies-are-out-of-step-with-protecting-sensitive-data/  ] (  http://betanews.com/2015/04/22/corporate-privacy-policies-are-out-of-step-with-protecting-sensitive-data/  ) 

**Corporate privacy becoming a top business concern in 2015** 
(BPT) – As many as 43 percent of companies experienced a data breach in the past year – a 10 percent increase from last year, according to an annual study conducted by the Ponemon Institute. As companies scramble to keep their names out of the headlines by bolstering up security practices and protocols, it’s important to take a deeper look into the little things you can do to better manage privacy and security within your own company. 
**Link:** [  http://www.mymotherlode.com/news/technology/ask-tech/corporate-privacy-business-concern-2015  ] (  http://www.mymotherlode.com/news/technology/ask-tech/corporate-privacy-business-concern-2015  ) 

**Governor Terry McAuliffe announced today that the Commonwealth of Virginia is establishing the Nation’s first state-level Information Sharing and Analysis Organization (ISAO). ** 
“As Governor McAuliffe’s homeland security advisor, I’m excited that Virginia is leading the ISAO movement and look forward to working alongside our DHS, state, and other cybersecurity partners to help develop standards and best practices for information sharing with the private sector,” said Secretary of Public Safety and Homeland Security Brian Moran. 
**Link:** [  https://governor.virginia.gov/newsroom/newsarticle?articleId=8210  ] (  https://governor.virginia.gov/newsroom/newsarticle?articleId=8210  ) 

**This month’s second Patch Tuesday brings 34 Windows updates, all optional** 
Today’s list is much larger than normal, with 34 patches all rated Optional, meaning they will not be installed automatically. You have to open Windows Update and manually select one or more updates to install them. 
**Link:** [  http://www.zdnet.com/article/this-months-second-patch-tuesday-brings-34-updates-all-optional/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61  ] (  http://www.zdnet.com/article/this-months-second-patch-tuesday-brings-34-updates-all-optional/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61  ) 

**CIO-CSO tension makes businesses stronger** 
“There’s a natural tension between these roles because they have what appear to be different priorities, and because in many larger organizations, the CSO role, and security in general, becomes a higher priority,” says Justin Cerilli, managing director, financial services technology and operations, Russell Reynolds and Associates. 
One of the struggles in achieving this balance and laying the foundation for a good working relationship between CIOs and CSOs is the potential for personality clashes, says Cerilli. Human Resources can and should play a major role in finding leaders who can work well together and put the business’ needs ahead of any personal need for career advancement or recognition, he says. 
**Link:** [  http://www.cio.com/article/2912625/leadership-management/cio-cso-tension-makes-businesses-stronger.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-22&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ] (  http://www.cio.com/article/2912625/leadership-management/cio-cso-tension-makes-businesses-stronger.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-22&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ) 

**Report: Need better breach crisis? IT manager may not be best bet** 
Companies must have a strategy in place when a data breach occurs, and it looks like IT managers may not be best to handle a breach crisis, according to a new report by Booz Allen Hamilton. Instead, a business savvy leader at the company is better prepared to handle the problem, as they will be prepared to address crisis communications, legal issues, disaster recovery, and other strategic decisions that must be made. 
**Link:** [  http://www.tweaktown.com/news/44710/report-need-better-breach-crisis-manager-best-bet/index.html  ] (  http://www.tweaktown.com/news/44710/report-need-better-breach-crisis-manager-best-bet/index.html  ) 

**Webroot 2015 Threat Brief Reveals Smarter Threats and Rising Complexity of Cybercrime** 
The data shows that organizations need to bolster their security posture with real-time, highly accurate threat intelligence to protect themselves from cybercriminal activity. This enables them to set proactive policies to automatically protect networks, endpoints, and users as part of a defense-in-depth strategy. This is crucial when security teams consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting them. Individuals also need to be more vigilant than ever about the websites they visit, the URLs they follow from emails, and the applications and mobile apps that they use. 
**Link:** [  http://www.reuters.com/article/2015/04/22/webroot15threatbrief-idUSnPnbjZ3xq+88+PRN20150422  ] (  http://www.reuters.com/article/2015/04/22/webroot15threatbrief-idUSnPnbjZ3xq+88+PRN20150422  ) 

**Standard Chartered hires former UK surveillance chief to combat cybercrime** 
The Asia-focused bank said Iain Lobban would become a member and senior advisor to the committee responsible for matters including anti-money laundering, sanctions compliance and prevention of corruption. 
**Link:** [  http://ca.reuters.com/article/technologyNews/idCAKBN0ND0U020150422  ] (  http://ca.reuters.com/article/technologyNews/idCAKBN0ND0U020150422  ) 

**NATO cybersecurity drill to focus on hackers** 
TALLINN, Estonia — About 400 computer experts will participate in a major cybersecurity drill in Estonia this week as part of NATO’s efforts to upgrade its capability to counter potentially debilitating hacker attacks, organizers said Tuesday. 
**Link:** [  http://www.sfgate.com/world/article/NATO-cybersecurity-drill-to-focus-on-hackers-6214619.php  ] (  http://www.sfgate.com/world/article/NATO-cybersecurity-drill-to-focus-on-hackers-6214619.php  ) 

**Honeywell : Technology First To Proactively Manage Cyber Security Risk For Industrial Sites; Honeywell’s Cyber Security Risk Manager Gives Industrial Users Real-Time Visibility** 
The Honeywell Industrial Cyber Security Risk Manager, is designed to simplify the task of identifying areas of cyber security risk, providing real-time visibility, understanding and decision support required for action. It monitors and measures cyber security risk in multi-vendor industrial environments. 
**Link:** [  http://www.4-traders.com/HONEYWELL-INTERNATIONAL-I-4827/news/Honeywell—Technology-First-To-Proactively-Manage-Cyber-Security-Risk-For-Industrial-Sites-Honeywe-20234050/  ] (  http://www.4-traders.com/HONEYWELL-INTERNATIONAL-I-4827/news/Honeywell—Technology-First-To-Proactively-Manage-Cyber-Security-Risk-For-Industrial-Sites-Honeywe-20234050/  ) 

**Nation’s First Incident Management Center for Utilities Launched** 
A new training center to support incident management for the utility industry was announced today at the Western Energy Institute (WEI) Spring Operations Conference in Las Vegas. 
**Link:** [  http://www.reuters.com/article/2015/04/21/or-concordia-university-idUSnBw216455a+100+BSW20150421  ] (  http://www.reuters.com/article/2015/04/21/or-concordia-university-idUSnBw216455a+100+BSW20150421  ) 

**Google, Microsoft serve up security treats for productivity suites** 
Microsoft announced a trio of Office 365 security features, including a new API to feed data into SIEM systems and finer grain encryption for email, while Google has announced new a way for Drive admins to manage two-factor authentication keys for Google Apps at work. 
**Link:** [  http://www.cso.com.au/article/573188/google-microsoft-serve-up-security-treats-productivity-suites/  ] (  http://www.cso.com.au/article/573188/google-microsoft-serve-up-security-treats-productivity-suites/  ) 

Posted on 04/22
NewsPermalink

Tuesday, April 21, 2015

Newsalert - 2015 Apr 21

**Pushdo spamming botnet gains strength again** 
Computers in more than 50 countries are infected with a new version of Pushdo, a spamming botnet that has been around since 2007 and survived several attempts to shut it down. 
The latest version has been pushing Fareit, which is malware that steals login credentials, and Cutwail, a spam engine module. It has also been used to distribute online banking menaces such as Dyre and Zeus. 
Using an elaborate algorithm, the secondary system generates 30 domains names a day that an infected computer can try to contact, according to an advisory on Fidelis’s blog. Fidelis reverse-engineered the algorithm that generates those domain names, allowing it to register some of the domains. 
**Link:** [  http://www.itworld.com/article/2912535/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_news  ] (  http://www.itworld.com/article/2912535/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_news  ) 

**Study Uncovers Fears of Potential Domino Effect from Cyberattacks** 
RedSeal (redseal.co) unveiled its comprehensive survey of high-ranking executives that vividly illustrates widespread concern regarding the potential effects of cyberattacks in corporate America. Most of the C-level professionals surveyed readily acknowledge that a coordinated assault launched by sophisticated cybercriminals would wreak ongoing havoc on business operations, cause considerable harm to a brand, and potentially affect related companies, even entire industries. In addition, many also point out that in the networked economy, containing the problems caused by a sustained network attack will be very difficult. In fact, a major network disruption at a single company or network can easily disrupt or even wreak havoc on a local, state, national and even global level.
The vast majority of the executives surveyed, 74%, acknowledge that cyberattacks on networks of U.S. organizations can cause “serious damage or disruption,” and most of the rest, 21%, admit to fears of “significant damage or disruption.” More specifically, almost 80% admit that such attacks can inflict “serious impacts to business profitability and growth,” and bring about “serious brand damage.” A large number, 45%, also related personnel concerns, saying such events will lead to a “big hit on employee productivity.” More than 43% also predict business downtime, while more than 41% fear “internal/organizational disruption or chaos.” 
In fact, the idea of a domino effect—one successful attack on one network leading directly to attacks on different networks in diverse but connected sectors of the economy—clearly resonated strongly with the executives surveyed. More than half the respondents, 52%, singled out “defense systems” as being potentially affected by a cyber-criminal incident or data breach, while 45% cited “border security.” And taking a big picture approach, a significant 59% said such attacks will take their toll on “economic security.” 
Link:  [ http://www.darkreading.com/attacks-breaches/study-uncovers-fears-of-potential-domino-effect-from-cyberattacks/d/d-id/1320053 ] (http://www.darkreading.com/attacks-breaches/study-uncovers-fears-of-potential-domino-effect-from-cyberattacks/d/d-id/1320053 )

**Investment Advisers: Six Areas of Focus for SEC Cybersecurity Exams** 
The U.S. Securities and Exchange Commission (SEC), in an effort to consistently reinforce its expectations in the area of cyber risk management, last year issued a cybersecurity-dedicated Risk Alert, as well as other communications to address the growing number and complexity of cybersecurity risks facing investment advisers (IAs). The alert, issued by the Office of Compliance Inspections and Examinations (OCIE)¹, highlights the SEC’s cybersecurity initiative, including a sweep of more than 50 registered IAs and broker-dealers focusing on cybersecurity.² 
he alert also provides a sample document request that lists six primary areas that the OCIE plans to evaluate during cybersecurity exams and the processes and controls examiners expect IAs to have in place to address threats, including those related to networks and information, remote customer access and vendors and other third parties.   
**Link:** [  http://deloitte.wsj.com/riskandcompliance/2015/04/21/investment-advisers-six-areas-of-focus-for-sec-cybersecurity-exams-3/  ] (  http://deloitte.wsj.com/riskandcompliance/2015/04/21/investment-advisers-six-areas-of-focus-for-sec-cybersecurity-exams-3/  ) 

**U.S. plans a cybersecurity center in Silicon Valley** 
The center will function as a satellite office of the National Cybersecurity and Communications Integration Center (NCCIC), a day-and-night operation that acts as an information and threat clearing house for government and private entities. 
**Link:** [  http://www.computerworld.com/article/2912468/cybercrime-hacking/us-plans-a-cybersecurity-center-in-silicon-valley.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-21&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ] (  http://www.computerworld.com/article/2912468/cybercrime-hacking/us-plans-a-cybersecurity-center-in-silicon-valley.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-21&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ) 

**New fileless malware found in the wild** 
Since the discovery of the Poweliks fileless Trojan in August 2014, researchers have been expecting other similar malware to pop up. 
The wait over: Phasebot malware, which also has fileless infection as part of its routine, is being sold online. 
Phasebot seems to be a direct successor of Solarbot. 
Its detection evasion tactics include rootkit capabilities, encryption of communications with its C&C server by using random passwords, virtual machine detection. 
**Link:** [  http://www.net-security.org/malware_news.php?id=3021  ] (  http://www.net-security.org/malware_news.php?id=3021  ) 

**“Buhtrap” Malware Targeting Russian Banks And Businesses** 
ESET has discovered a malware campaign targeting Russian banks and the accounting departments of Russian businesses, nicknamed Operation Buhtrap. Apparently, the malware has been active for more than a year, and 88 percent of the attacks have been in Russia and 10 percent in the Ukraine. 
Analysts at ESET uncovered CVE-2012-0158 late in 2014, which is a buffer overflow vulnerability in the ListView/TreeView Active X controls found in the MSCOMCTL.OCX library. The malicious code can be activated using a specially modified DOC or RTF file for MS Office 2003, 2007, or 2010, according to Security Affairs. 
**Link:** [  http://www.bsminfo.com/doc/buhtrap-malware-targeting-russian-banks-businesses-0001  ] (  http://www.bsminfo.com/doc/buhtrap-malware-targeting-russian-banks-businesses-0001  ) 

**Lieberman Software’s Security Double-Tap(TM) Defeats Golden Ticket Cyber Attacks** 
LOS ANGELES, CA—(Marketwired - April 21, 2015) - Lieberman Software Corporation today announced Security Double-Tap, a solution to block the destructive Golden Ticket cyber attack. This new feature is included in Enterprise Random Password Manager™ (ERPM)—the company’s privilege management platform—and is being exhibited for the first time at RSA Conference 2015 in San Francisco, CA.
Today’s enterprises are under assault from sophisticated cyber attacks like pass-the-hash (PTH) and pass-the-ticket (PTT). These advanced persistent threats—at the core of some of the most notorious recent data breaches—operate at nearly a 100% success rate.  While PTH is a more widely known threat, the related PTT attack is just as dangerous. PTT attacks target Kerberos, the default authentication protocol in Windows domains. 
ERPM now provides an automated double password reset specifically designed to combat the Golden Ticket attack. The two password resets—a Security Double-Tap—force rapid replication of the changed credentials throughout the domain, to block the use of compromised accounts. In conjunction with this process, ERPM can also force an automatic chained reboot of target system to clear memory of hashes and passwords, and prevent memory scraping. 
**Link:** [  http://www.reuters.com/article/2015/04/21/idUSnMKWDwJzFa+1ea+MKW20150421  ] (  http://www.reuters.com/article/2015/04/21/idUSnMKWDwJzFa+1ea+MKW20150421  ) 

**RSA supremo rips ‘failed’ security industry a new backdoor, warns of ‘super-mega hack’** 
RSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year’s RSA computer security conference that they have failed. 
He said security bods should drop “legacy approaches” that have led to a false sense of security. Such approaches are akin to building “higher walls” and “deeper moats,” which will not help address the shortcomings in security. 
**Link:** [  http://www.theregister.co.uk/2015/04/21/rsa_boss_rips_failed_security_industry/  ] (  http://www.theregister.co.uk/2015/04/21/rsa_boss_rips_failed_security_industry/  ) 

Posted on 04/21
NewsPermalink

Monday, April 20, 2015

Newsalert - 2015 Apr 20

INSIGHT: When it comes to threat detection and incident response, context matters
This new generation of security analytics tools will undoubtedly make analysts more efficient and accurate in their analysis, but it will also mean that the analyst is reaching conclusions faster, contributing to the operational outcomes of security rather than “after action reporting” on incidents they have detected.
Ultimately the organisations that are moving beyond SIEM systems and are striving to understanding the extent and impact of attacks through Security Analytics, rather than just the mere presence of those threats are leading the way.
Link: [ http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/ ] ( http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/ )

(ISC)² STUDY: WORKFORCE SHORTFALL DUE TO HIRING DIFFICULTIES DESPITE RISING SALARIES, INCREASED BUDGETS AND HIGH JOB SATISFACTION RATE
The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world. - See more at: http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html#sthash.ZiGva4cy.dpuf 45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals.
Link: [ http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html ] ( http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html )

Use of multiple contractors could leave oil, gas operators open to hackers Read more: http://triblive.com/news/editorspicks/8084464-74/gas-oil-energy#ixzz3XodTt7wG Follow us: @triblive on Twitter | triblive on Facebook
“The more third parties you work with, in general, they could then become a target to pivot into your network,” said Bob Marx, a cybersecurity and industrial automation consultant with Cimation, an energy consulting company from Houston, Texas, with offices in Pittsburgh.
60 percent of energy companies in an international survey this year by Oil & Gas IQ, an industry news site, said they do not have a cyber attack response plan.
Link: [ http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba ] ( http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba )

ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage
ISACA introduced a portfolio of new cyber security certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers.
Link: [ http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610 ] ( http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610 )

UN conference weighs efforts to combat cybercrime
Efforts to tame the fast-growing cybercrime threat took center stage at the United Nations Crime Congress under way in Doha, Qatar, as a diverse group of experts in the field urged strong partnerships between the public and private sectors to create a safer digital landscape.
For the past two years, UNODC, under its programme for cybercrime, has been delivering technical assistance to law enforcement authorities, prosecutors, and the judiciary, in three regions of the world, in Eastern Africa, South-East Asia, and Central America.
Link: [ http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime ] ( http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime )

Predictive Replaces Reactive Security at RSA 2015
More than 30,000 expected to attend. The larger the turnout at a security conference, the more it indicates that the bad actors are winning most of the battles.
The armored-car approach certainly remains an integral part of any security strategy, but the added dimension of anticipitory security using advanced data analytics to predict and deflect data breaches from the outside and inside is where it’s at now. This is what topmost on the minds of vendors, thought leaders and entrepreneurs. At least it should be, and if it isn’t, vendors not thinking about this are going to be left behind by the market.
Link: [ http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html ] ( http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html )

Banks the target for hackers not customers, Europol chief Rob Wainwright says
Banks, rather than their customers, are increasingly the main target of online thieves, the head of the European Union’s law enforcement agency says.
Link: [ http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722 ] ( http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722 )

Posted on 04/20
NewsPermalink

Sunday, April 19, 2015

Newsalert - 2015 Apr 19

**INSIGHT: When it comes to threat detection and incident response, context matters** 
This new generation of security analytics tools will undoubtedly make analysts more efficient and accurate in their analysis, but it will also mean that the analyst is reaching conclusions faster, contributing to the operational outcomes of security rather than “after action reporting” on incidents they have detected. 
Ultimately the organisations that are moving beyond SIEM systems and are striving to understanding the extent and impact of attacks through Security Analytics, rather than just the mere presence of those threats are leading the way. 
**Link:** [  http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/  ] (  http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/  ) 

**(ISC)² STUDY: WORKFORCE SHORTFALL DUE TO HIRING DIFFICULTIES DESPITE RISING SALARIES, INCREASED BUDGETS AND HIGH JOB SATISFACTION RATE** 
The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world.  - See more at: http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html#sthash.ZiGva4cy.dpuf
45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals. 
**Link:** [  http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html  ] (  http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html  ) 

**Use of multiple contractors could leave oil, gas operators open to hackers   Read more: http://triblive.com/news/editorspicks/8084464-74/gas-oil-energy#ixzz3XodTt7wG  Follow us: @triblive on Twitter | triblive on Facebook** 
“The more third parties you work with, in general, they could then become a target to pivot into your network,” said Bob Marx, a cybersecurity and industrial automation consultant with Cimation, an energy consulting company from Houston, Texas, with offices in Pittsburgh. 
60 percent of energy companies in an international survey this year by Oil & Gas IQ, an industry news site, said they do not have a cyber attack response plan. 
**Link:** [  http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba  ] (  http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba  ) 

**ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage** 
ISACA introduced a portfolio of new cyber security certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers. 
**Link:** [  http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610  ] (  http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610  ) 

**UN conference weighs efforts to combat cybercrime** 
Efforts to tame the fast-growing cybercrime threat took center stage at the United Nations Crime Congress under way in Doha, Qatar, as a diverse group of experts in the field urged strong partnerships between the public and private sectors to create a safer digital landscape. 
For the past two years, UNODC, under its programme for cybercrime, has been delivering technical assistance to law enforcement authorities, prosecutors, and the judiciary, in three regions of the world, in Eastern Africa, South-East Asia, and Central America. 
**Link:** [  http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime  ] (  http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime  ) 

**Predictive Replaces Reactive Security at RSA 2015** 
More than 30,000 expected to attend. The larger the turnout at a security conference, the more it indicates that the bad actors are winning most of the battles. 
The armored-car approach certainly remains an integral part of any security strategy, but the added dimension of anticipitory security using advanced data analytics to predict and deflect data breaches from the outside and inside is where it’s at now. This is what topmost on the minds of vendors, thought leaders and entrepreneurs. At least it should be, and if it isn’t, vendors not thinking about this are going to be left behind by the market. 
**Link:** [  http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html  ] (  http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html  ) 

**Banks the target for hackers not customers, Europol chief Rob Wainwright says** 
Banks, rather than their customers, are increasingly the main target of online thieves, the head of the European Union’s law enforcement agency says. 
**Link:** [  http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722  ] (  http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722  ) 

Posted on 04/19
NewsPermalink

Tuesday, April 14, 2015

Newsalert - 2015 Apr 14

DNS Zone Transfer AXFR Requests May Leak Domain Information
A remote unauthenticated user may request a DNS zone transfer

from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.

Link: https://www.us-cert.gov/ncas/alerts/TA15-103A
 
Better Together: Network Operations & Infosec
For an enterprise, the key takeaway is its critical need to be able to detect activities on the network that can lead to a data breach. That capability is diminished by the fact that security operations and network operations typically work in silos. That means security vulnerabilities have to be handled twice

: first by the SOC, which has evidence of malicious activity but often no mechanism for actively stopping it, and then again by the NOC, which needs to wait for specific instructions from the SOC. Any time delay here creates advantages for an attacker.

Threats are getting increasingly harder to discover, and attackers are more brazen than ever. Getting network operations and information security teams together

in the same room for the first time will be a critical step for organizations that want to build a continuous information security improvement culture capable of defending against those threats.

Link: http://www.darkreading.com/attacks-breaches/better-together-network-operations-and-infosec-/a/d-id/1319898?ngAction=register
 
The critical 48 hours: how to mitigate the damage from a cyber-attack
The days of in-house security teams being capable of preparing and responding to incidents has long gone. Professionally qualified, experienced teams of staff are necessary

to respond to and prevent an incident from impacting the business. These people are few and far between and need continuous on-the-job and up-to-date experience and training. By using professional service providers brings greater value including cyber threat intelligence, up-to-the minute advice and guidance and impartial and high quality assessments. In-house is simply no longer an option.

Link: http://www.itproportal.com/2015/04/12/critical-48-hours-how-to-mitigate-damage-cyber-attack/
 
Dell Threat Report Finds POS, SSL, SCADA attacks on the Rise
The company released its 2015 Dell Security Annual Threat Report this week, which found that both businesses and individuals increasingly are falling victim to malicious attacks from several key areas, including POS malware variants and attacks from SSL/TLS encrypted protocols. Dell also found a 100 percent increase in attacks against industrial control systems

during this year’s analysis.

Dell also reported a surge in malware being encrypted through SSL and TSL traffic

, which usually are associated with secure HTTPS websites. With the number of websites using secure encryption rising by more than 100 percent last year, Dell discovered hackers have begun encrypting their malware to avoid detection from corporate firewalls.

Link: http://thevarguy.com/var-guy/041315/dell-threat-report-finds-pos-ssl-scada-attacks-rise
 
Files encrypted by CoinVault ransomware? New free tool may decrypt them

Victims of the CoinVault ransomware might be able to decrypt their files with a free tool released by Kaspersky Lab together with the Dutch police.

The tool can be found at https://noransom.kaspersky.com. The application uses decryption keys

found by the Dutch police as part of an investigation.

Link: http://www.cio.com/article/2909294/files-encrypted-by-coinvault-ransomware-new-free-tool-may-decrypt-them.html
 
Cyber security firm uncovers decade-long malware attack on ASEAN governments and businesses

Today FireEye, the California-based security software firm, issued a lengthy report alleging that a single entity has been carrying out malware attacks towards businesses and governments in India, the USA, and Southeast Asia.

FireEye claims that the entity, which it calls APT 30

, has been self-registering DNS domains with malware command and control since 2004. Its malware attacks appear to be targeted towards organizations with information generally relevant to state security and diplomatic agencies – in particular, the Communist Party of China. FireEye adds that APT 30 appears to have been working in a systematic, collaborative manner, using tools designed for longevity, which indicates the attacks constitute part of a long-term campaign.

Link: https://www.techinasia.com/cyber-security-firm-uncovers-decade-long-malware-attack-on-asean-governments-and-businesses/
 
New report: Cyber Security and Critical Infrastructure in the Americas
According to the General Secretariat of the Organization of American States (OAS) and the Trend Micro report, 44 percent of respondents were aware of different types of destructive attacks, while 40 percent said they had experienced attempts to shutdown cybernetic systems

. The report also presents specific cases related to cyber security in each OAS country and analysis of cyber attacks and their methodologies, while detailing the current cyber security measures and policies in place.

Link: http://continuitycentral.com/news07594.html

Subscribe to this list: http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a

Posted on 04/14
NewsPermalink

Friday, April 10, 2015

Newsalert - 2015 Apr 10

iOS 8.3 fixes dozens of security vulnerabilities
Apple has issued more than three-dozen security fixes in its latest mobile operating system update, released Wednesday.
Link: http://www.zdnet.com/article/ios-8-3-fixes-dozens-of-security-issues/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f

Malware-as-a-Service enabling novice threat actors to attack
According to the Websense Security Labs 2015 Threat Report, MaaS (Malware-as-a-Service) is enabling even entry level threat actors to successfully create and launch data theft.
One of the oldest vectors of attack, email, is still a potent attack launcher in spite of the evolution of the web.
Link: http://www.cbronline.com/news/cybersecurity/data/malware-as-a-service-enabling-novice-threat-actors-to-attack-4549833

Proactive Security Strategies Dramatically Improve Security Effectiveness
A new study from Accenture and the Ponemon Institute confirms that companies that employ proactive security strategies realized a greater return on security investments than companies who depend on more traditional approaches to securing their networks,
“Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent,” the report found.
“Live threat intelligence is the key to surviving the new digital siege. But in order to be useful, threat intelligence needs to be as complete and relevant as possible. New offerings like the Norse Appliance 10g are becoming must-have tools for defending modern organizations on the Internet.”
Link: http://blog.norsecorp.com/2015/04/08/proactive-security-strategies-dramatically-improve-security-effectiveness/#prettyPhoto

Cybercrime fighting group takes down Beebone botnet
LONDON (AP) - A new group of international cybercrime fighters claimed one of its first kills Thursday, pulling the plug on malicious servers that hijacked at least 12,000 machines, most of them in the United States.
Beebone was modest by botnet standards, but Samani - the chief technology officer of Intel Security’s Europe, Middle East and Africa division - said it was state-of-the-art. Beebone relied on a pair of malicious programs that re-downloaded each other, an insurance policy should one of them be removed. Regular tweaks to the software’s code made it difficult for experts to blacklist the programs.
Link: http://www.vcstar.com/news/world/new-cybercrime-group-takes-down-beebone-botnet_70421421

Botnet activity inside organisations predicts likelihood of future data breach
Organisations showing evidence of botnets inside their networks are not only more likely to suffer a data breach, the level of botnet activity correlates directly to increased risk, security analytics firm BitSight has suggested after analysing incidents at more than 6,000 companies.
Breaking this down by sector showed that education was the poorest performer, perhaps not a surprise. This sector had the smallest number of grade A networks (the best) and the highest number of grade F networks (the worst).
Utilities was the next worst performer, ahead of data breach hotspot healthcare, retail, in that order. Finance was the best performing sector, differences BitSight has commented on before.
Link: http://www.techworld.com/news/security/botnet-activity-inside-organisations-predicts-likelihood-of-future-data-breach-3607112/

Wall Street Needs Better Safeguards Against Hackers, Says Regulator
Financial regulators are raising concerns about weaknesses in the networks of outside vendors that serve Wall Street’s biggest banks, security lapses that might allow hackers to gain access to sensitive financial data.
In a survey of 40 banks, New York state’s top bank cop, Benjamin Lawsky, found that fewer than half regularly inspected the security systems of their outisde vendors. About two-thirds of the firms surveyed had no policy in place requiring partners to give notice when their networks have been compromised, the New York Times reports.
Link: http://www.ibtimes.com/wall-street-needs-better-safeguards-against-hackers-says-regulator-1875823

Infosecurity Europe 2015: Escalating Cyber-Threats Driving Business Response Strategies – Report
The results of Infosecurity Europe’s 2015 survey are now in – and the research indicates that the key driver of businesses’ security and response strategies is the escalating number of high-profile, headline-grabbing threats and breaches.
According to 67% of respondents, well-publicized incidents such as Target, Sony and JP Morgan, along with vulnerabilities like Heartbleed and Shellshock, are having a positive impact on businesses’ understanding of potential threats.
A corresponding number (62%) reported that reputational damage was the worst possible outcome their organizations could face in the wake of an incident. It would appear that industry horror stories from 2014 and early 2015 are resonating.
In addition, 44% of professionals surveyed believe that the key driver of security strategy and investment in their organization is the complex and evolving threat landscape.
Link: http://www.infosecurity-magazine.com/news/infosecurity-europe-escalating/

Posted on 04/10
NewsPermalink

Thursday, April 09, 2015

Newsalert - 2015 Apr 8

Cyber War Games: Top 3 Lessons Learned About Incident Response
Deloitte leads client organizations in war game exercises like these to “stress test” their incident response plans, and identify the strengths and weaknesses of their communications, protocols, and cyber disaster preparedness.
• Designate a Crisis Officer
• Be Skeptical About The Information You’re Receiving
• Resist Finger Pointing In Any Direction
Don’t forget about your employees. While the media, the regulators, and the customers are usually top of mind, many companies tend to forget about how they need to communicate about a security incident to their own employees. In the simulation, the chief operating officer was the one who brought it up first.
Link: http://www.darkreading.com/risk/cyber-war-games-top-3-lessons-learned-about-incident-response/d/d-id/1319813

WHAT ARE NATION STATE INFORMATION SECURITY ATTACKS REALLY TELLING US?
It is rarely considered that for most nation-state sponsored attackers, targeting foreign companies is a day job: it is more economically feasible to steal $500,000 of research rather than spending $2,000,000 and two years to conduct the research themselves.
Malware is one for the easiest ways in for attackers. The game is stacked in their favour for several reasons..
There needs to be a fundamental transformation from seeing attacks as unusual events brought about by people out to do us direct harm, where our emotions and reflex actions overtake reasoned and rational thinking, to one where these attacks are viewed as a part and parcel of doing business.
Link: http://continuitycentral.com/feature1302.html

iSIGHT Partners Acquires Critical Intelligence
iSIGHT Partners, Inc., the leading provider of cyber threat intelligence for global enterprises, today announced the acquisition of Idaho-based Critical Intelligence, the leader in cyber situational awareness and threat intelligence for Industrial Control Systems (ICS) owners and operators. Under the terms of the agreement, iSIGHT Partners has acquired 100% of Critical Intelligence, a 6-year-old company and pioneer in identifying vulnerabilities and threats to critical infrastructure systems, including supervisory control and data acquisition (SCADA) and other process control systems (PCS).
The move comes on the heels of iSIGHT Partners’ announcement of a $30m investment by Bessemer Ventures Partners and the company’s expansion of operations in the EMEA region. iSIGHT experienced significant growth in 2014 and finished the year with record revenues and strong client acquisition across numerous vertical and geographic segments, including energy, oil and gas and manufacturing. Growth continues to accelerate and iSIGHT Partners experienced over 100% year-over-year bookings growth in the first quarter of 2015.
Link: http://www.power-eng.com/marketwired/2015/04/7/isight-partners-acquires-critical-intelligence.html

Malicious, large-scale Google ad campaign slams users with malware
A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users’ computers.
Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.
Link: http://www.pcworld.com/article/2907492/largescale-google-malvertising-campaign-hits-users-with-exploits.html

Two NTP Key Authentication Vulnerabilities Patched
The Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mellon University on Tuesday issued an advisory warning of the two vulnerabilities, which were patched in ntp-4.2 8p2.
Link: https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067

Microsoft closes acquisition of R software and services provider
Microsoft acquires Revolution Analytics, a commercial provider of services for the open source R programming language for statistical computing and predictive analytics.
“Revolution has made R enterprise-ready with speed and scalability for the largest data warehouses and Hadoop systems,” he adds.
Link: http://www.cio.com/article/2906456/data-analytics/microsoft-closes-acquisition-of-r-software-and-services-provider.html?phint=newt%3Dcio_insider&phint=idg_eid%3De87b17913ba9d312d52f2efa84a73904#tk.CIONLE_nlt_insider_2015-04-08

HP warns cybersecurity customers to focus on people and processes
To protect themselves against cyberattacks, organizations should focus more on training their employees and improving their internal processes instead of buying new technology, according to one tech vendor.
Yet, businesses and government agencies often focus on the next “silver bullet” product, unaware that most cybersecurity problems stem from flawed procedures and human error, said Art Gilliland, senior vice president and general manager for Hewlett-Packard’s software enterprise security products.
Link: http://www.computerworld.com/article/2907058/hp-warns-cybersecurity-customers-to-focus-on-people-and-processes.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_dailyam_2015-04-08&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4

Malware writers take a page from the spam industry to evade detection
While the volume of cyberthreats declined slightly last year, their sophistication increased, according to a new report from Websense Security Labs. One indicator that attackers are reusing pre-existing tools and infrastructure was in the form of botnet usage.
According to Websense, the average price of an exploit kit is now between $800 and $1,500 a month, and the number of these kits tripled last year, keeping prices low.
The total number of C&Cs has doubled last year, from 1.1 billion to 2.2 billion, he added.
Link: http://www.csoonline.com/article/2907124/cyber-attacks-espionage/malware-writers-take-a-page-from-the-spam-industry-to-evade-detection.html

AlienSpy A More Sophisticated Version Of The Same Old RATs
… AlienSpy is distributed via phishing emails with subject headers that are designed to fool recipients into opening them. Many of the emails purport to contain information related to financial transactions of some sort. Systems that are infected could end up having additional botnet and data-stealing malware loaded on them.
Fidelis researchers have observed AlienSpy being sold in the cyber underground via a subscription model, with prices starting at $9.90 for 15-day use to $219.90 for an annual subscription. The subscription provides users with access to the malware’s complete range of capabilities, including some newer techniques like sandbox detection, antivirus tool disablement, and Transport Layer Security (TLS) encryption-protected command-and-control capabilities.
AlienSpy is currently detected by only a limited set of antivirus products and incorporates features like multi-platform support. Fidelis described the capabilities of the malware tool as far beyond what used to typically be available with previous generation remote access malware tools.
Link: http://www.darkreading.com/attacks-breaches/alienspy-a-more-sophisticated-version-of-the-same-old-rats/d/d-id/1319842

FSS [Korea] dedicates itself to fighting ‘five financial evils’
The Financial Supervisory Service (FSS) is branding voice phishing, insurance fraud, illegal loan sharks, illegal bond collections and overly aggressive sales of products by financial institutions as “five financial evils” that it will endeavor to fight.
The financial watchdog announced a special task force led by Senior Deputy Governor Seo Tae-jong on Wednesday to combat those financial crimes, which are getting more clever and complex and therefore pose more of a risk than in the past.
Link: http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=3002878

Posted on 04/09
NewsPermalink

Tuesday, April 07, 2015

Newsalert - 2015 Apr 7

Cisco Launches New Advanced Malware Protection Capabilities and Incident Response Services, Giving Customers Powerful Tools for Faster Time to Detection and Resolution
SAN JOSE, CA, Apr 07, 2015 (Marketwired via COMTEX)—Cisco CSCO, -0.32% today unveiled a host of new capabilities and services that give security professionals extensive intelligence and analysis on potential compromises and solutions to protect against, respond to and recover from attacks.
Link: http://www.marketwatch.com/story/cisco-launches-new-advanced-malware-protection-capabilities-and-incident-response-services-giving-customers-powerful-tools-for-faster-time-to-detection-and-resolution-2015-04-07?reflink=MW_news_stmp

Heartbleed still a risk for most large UK firms, study shows
More than two-thirds of Forbes Global 2000 companies in the UK remain vulnerable to attacks that exploit incomplete remediation of the Heartbleed vulnerability in OpenSSL, a study shows.
Link: http://www.computerweekly.com/news/4500243837/Heartbleed-still-a-risk-for-most-large-UK-firms-study-shows?asrc=EM_EDA_41521413&utm_medium=EM&utm_source=EDA&utm_campaign=20150407_Heartbleed%20still%20a%20risk%20for%20most%20large%20UK%20firms,%20study%20shows_

NIST calls for final comments on draft covering sensitive information protection
NIST composed the draft with the National Archives and Records Administration (NARA) in accordance with Executive Order 13556, which established the CUI program and designated NARA as the main entity to implement it, a NISA press release states. The deadline to comment is May 12, after which NIST will review the thoughts and put together its final document with an anticipated June release.
Link: http://www.scmagazine.com/nist-and-nara-collaborate-to-release-final-draft/article/407586/

A new experiment tracks credit card data as it travels through the criminal web
Earlier this year, security firm BitGlass decided to test the underground marketplace with a little experiment. The company created an Excel file with 1,568 fake profiles, complete with names, phone numbers, addresses, social security numbers, and credit card numbers. Along with the phony data, the file had a hidden watermark that would report back to BitGlass every time the file was opened, operating like a homing beacon. Then the company dropped the file onto a public Dropbox account and posted it to a few cybercrime forums and waited for the beacon to phone home.
Link: http://www.theverge.com/2015/4/7/8356953/dark-web-data-breach-credit-card-tracking

A guide to monetizing risks for security spending decisions
You have a finite amount of cash to spend on people and technologies to keep your business’ risk to an acceptable level, so you have to make your decisions wisely. As Curt Dalton points out in this step-by-step guide, monetizing key risks helps you convey impact in a more meaningful way
• Measure the impact
• Monetize your key risks
• Risk decision making
By monetizing key risks, you will be able to convey impact in a more meaningful way. By providing consistent and methodical risk guidance, executives will be able to more effectively collaborate with you to improve alignment between business objectives and security.
Link: http://www.csoonline.com/article/2903740/metrics-budgets/a-guide-to-monetizing-risks-for-security-spending-decisions.html

Firefox issues brand new update to fix HTTPS security hole in new update
Mozilla recently published its scheduled release of Firefox 37.0.
Firefox 37.0 introduced support for HTTP/2, the not-quite-finalised-yet update to the venerable HTTP protocol.
Link: http://news360.com/digestarticle/5zHJpMCjAUC_9dY_guR-rg

Black Duck Software Announces Industry’s Most Comprehensive Security Solution to Identify and Remediate Vulnerabilities
BURLINGTON, Mass.—(BUSINESS WIRE)—Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the industry’s most comprehensive open source security solution that helps security and development teams find and remediate open source vulnerabilities, the Black Duck Hub. The Black Duck Hub helps customers identify open source used within their code, identify known security vulnerabilities, and triage, schedule, and track remediation.
On average, more than 30 percent of software deployed in most enterprises is open source software (OSS); however, few organizations have visibility into what open source is used and where. With more than 4,000 new open source vulnerabilities reported each year, understanding what open source is used within an organization is critical. Thousands of unknown open source vulnerabilities go unnoticed within a typical enterprise. The Black Duck Hub identifies open source usage, maps known open source vulnerabilities, and tracks remediation efforts. The Black Duck Hub leverages Black Duck’s KnowledgeBase of license and vulnerability data, the most comprehensive source of language coverage in the industry.
Link: http://www.businesswire.com/news/home/20150407005252/en/Black-Duck-Software-Announces-Industry%E2%80%99s-Comprehensive-Security#.VSSAWRPF-OU

New RSA Breach Readiness Survey Finds Majority Not Prepared
SBIC serves as Best Practices Benchmark while 57% of industry at large never update or review Incident Response plans
Content Intelligence in the survey measured awareness gained from tools, technology and processes in place to identify and monitor critical assets. While all SBIC members have a capability to gather data and provide centralized alerting, 55% of the general survey population lacks this capability rendering them blind to many threats. Identifying false positives still proves a difficult task.  Only 50% of the general respondents have a formal plan in place for identifying false positives while over 90% of SBIC members have automated cyber-security technologies and a process to update information to reduce the chances of future incidents.
Link: http://www.reuters.com/article/2015/04/07/rsa-globalreachresult-idUSnPnTxWN4+56+PRN20150407

XL Launches Security Insight Platform to Identify Global Business Risks
XL Group’s kidnap & ransom underwriting team has announced the launch of its new Global Security Insight (GSI) platform.
Created and frequently updated by Salamanca Group, the merchant banking and operational risk management business, the global platform provides XL Group’s clients with detailed information about security risks in over 200 territories. Access is included as part of XL Group’s pre-incident response service and provides clients and their staff with vital information for those traveling or conducting business throughout the world.
Link: http://www.insurancejournal.com/news/international/2015/04/07/363481.htm

Posted on 04/07
NewsPermalink

Newsalert - 2015 Apr 06

Wyoming broadens definition of personal information in amended data breach notification law
The amendment expands the definition of personal information to now include an individual’s first name or first initial and last name in combination with any of the following: (1) Social Security number, (2) driver’s license number, (3) account number, credit card number or debit card number in combination with any security code, access code or password that would allow access to a financial account of the person, (4) tribal identification card, (5) federal or state government issued identification card, (6) shared (login) secrets or security tokens known to be used for data based authentication purposes, (7) a username or email address when combined with a password or security question and answer that would permit access to an online account, (8) a birth or marriage certificate, (9) medical information, meaning a person’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional, (10) health insurance information, meaning a person’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the person or information related to a person’s application and claim’s history, (11) unique biometric data, or (12) an individual taxpayer identification number.
Link: http://www.lexology.com/library/detail.aspx?g=5a82bdde-187f-458d-907f-7bb8e010b149

How to Build a Successful IT Security Awareness Program
The first step towards creating a successful security awareness program is to recognize that this is not a project with a defined timeline and an expected completion date, but is instead a development of organizational culture.
Similarly, the measurements of success are not just found in reduced counts of accidents or exposures but in the base line attitudes and practices of employees as they perform their business functions.
Link: http://www.tripwire.com/state-of-security/security-awareness/how-to-build-a-successful-it-security-awareness-program/?utm_source=Threat+Brief&utm_campaign=b08684f8ae-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-b08684f8ae-388769721

Should security providers be held liable for data breaches?
Black Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to “secure”. The recent number of hacking incidents everywhere have made this a widespread issue and security professionals worldwide have voiced their opinions.
A managed security service provider (MSSP), where an information security company such as Paladion is managing the security posture of the enterprise, is involved in maintaining the security products of the organization or uses their own to protect the organization. An MSSP can be held liable if there is a breach if it was an oversight or error by their security analysts that caused the breach. Liability would depend on the service contract that was drawn between the company and the service provider. An outcome based contract will have SLAs and liabilities that commensurate to the value, but a normal manpower based contract will not have this.Paladion provides outcome based information security services and has such contracts with several companies where penalties are defined in case of breaches.” added Rajat
Link: http://www.dnaindia.com/scitech/report-should-security-providers-be-held-liable-for-data-breaches-2075017

8 Steps to Stronger Information Risk Management
Your compliance and security teams may be approaching you, as the CFO, to be their advocate in obtaining the funds needed to set up or strengthen your information security or compliance programs.  CFOs have historically been risk-averse by nature, focusing on protection of the business and the bottom line. But in the world we are now facing, CFOs will be expected to bring innovative ideas to the table to help their companies remain competitive.
As CFO, you know the risk appetite of the C-suite and the limitations of the budgets. Make sure the investments being recommended are in line with your organization’s strategy and operational needs. It’s important to either establish or strengthen an internal risk management governance council to guide decision-making.
Link: http://ww2.cfo.com/data-security/2015/04/8-steps-stronger-information-risk-management/

Principles of Malware Sinkholing
With malware dependency on domain name systems (DNS) and the use of domain generation algorithms (DGAs) on the rise, we’ve also seen an increase in the use of sinkholing as a defense and intelligence-gathering technique.
Although sinkholing is simple to execute, complex risks can be involved. First, some obvious legal issues may crop up with external sinkholing; for example, victim machines are now contacting a server you control. If, for instance, you use external sinkholing to control victim machines that do not belong to your organization—even if it’s for benefit—it’s a criminal act in most jurisdictions. This holds true even if there is a “self-destruct” feature in the malware that will uninstall itself when given the command to do so.
Ultimately, sinkholing is an important tool to have in your arsenal when dealing with emerging threats.
Link: http://www.darkreading.com/partner-perspectives/general-dynamics-fidelis/principles-of-malware-sinkholing/a/d-id/1319769

Brazil top for Android smartphones infected by malware
Brazil was last year among the countries most affected by malicious apps and spies for Android, according to a report released by Google, reports Teletime. In the ranking of infections by Potentially Hazardous Applications (PHA), looking at sites outside of Google Play and including unlocked devices (with root), Japan had the lowest rate of all in 2014, with 0.0702 percent. The global average was 0.7891 percent, and Brazil ranked above with 0.9996 percent. Brazil was only ahead of India, the UAE and Russia, which had highest percentage at 3.8548 percent. When it comes to spyware, the global average was 0.2035 percent and Brazil was again above this figure, placing penultimate with 0.4218 percent. Again, the lowest annual average was Japan, with 0.0141 percent.
Link: http://www.telecompaper.com/news/brazil-top-for-android-smartphones-infected-by-malware—1075037

Posted on 04/07
NewsPermalink

Thursday, April 02, 2015

Newsalert - 2015 April 02

Wake up! What are you doing to battle breach fatigue?
On the surface, there is a silver lining to the fatigue phenomenon: Since the public has been hammered with nonstop news about breaches, it isn’t necessarily perceived to be as severe. This can translate to a quicker recovery for a business whose reputation takes a breach-related hit.
Ultimately, however, this silver lining acts as a false sense of security. A cyber threat that isn’t considered severe is unlikely to be treated as a priority issue.
Apply the three Es:
• Enforce
• Educate
• Evaluate
Link: http://www.scmagazine.com/wake-up-what-are-you-doing-to-battle-breach-fatigue/article/404946/

Admin rights to blame for 97 percent of critical Microsoft flaws - Report
The figures are from the 2014 Microsoft Vulnerabilities Report by UK-based security firm Avecto, in which the company pulled data from every patch issued by Microsoft in 2014—240 in total.
In 2013, the same report found that 92 percent of 147 total vulnerabilities with a critical rating could have been prevented via the same admin rights removal—indicating a 63 percent year-over-year increase in the total number of critical vulnerabilities.
Link: http://www.zdnet.com/article/admin-rights-to-blame-for-97-percent-of-critical-microsoft-flaws-report/?utm_source=Threat+Brief&utm_campaign=5a80b96ab6-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-5a80b96ab6-388769721

Orgs need to share info, crave more board oversight, study says
The “Third Annual Information Security Survey,” conducted by Blue Lava Consulting and sponsored by vArmour, found that while 36 percent of respondents share information with industry groups, while 50 percent of respondents don’t share any information.
The study also found that legacy security systems that guard the perimeter have lost their luster with the majority (75 percent) of information security professionals surveyed who are stepping away from traditional security approaches, and now will likely allocate their budget dollars on new vendors for “agile security solutions” to protect their data centers.
Link: http://www.scmagazine.com/survey-finds-that-11-of-security-pros-report-to-board-of-directors/article/406878/?utm_source=Threat+Brief&utm_campaign=5a80b96ab6-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-5a80b96ab6-388769721

Meet the Top 50 Most Popular Voices in U.S. Hospital Security
SCOTTSDALE, AZ—(Marketwired - Apr 1, 2015) - Guardian 8 Corporation, a wholly-owned subsidiary of Guardian 8 Holdings (OTCQB: GRDH) and the developer and manufacturer of an enhanced non-lethal device called the Pro V2, today announced the results of a research project identifying the 50 most popular voices in U.S. hospital security. The voices belong to a broad range of security pros—from board certified protection professionals and security directors to security consultants, online community leaders, and officers past and present. Collectively, they drive, join or facilitate discussions about how to mitigate risk and de-escalate violence in hospitals.
Link: http://www.reuters.com/article/2015/04/01/idUSnMKWlmflxa+1c0+MKW20150401

Application of Threat Indicators: A Temporal View
To put some definitions in place, I refer to the application of indicators (IP addresses, URLs, domains, MD5 hashes) to future activity as the prospective application of threat indicators. Correspondingly, the application of indicators to historical data such as log management and SIEMs is known as the retrospective application of threat indicators. Both of these techniques have value but occasionally in strikingly different ways, and this distinction is worthy of examination.
As you venture into the world of threat intelligence and indicator sharing, you’ll want to consider optimizations. This is true across the spectrum, whether you happen to be a producer, distributor, or consumer of threat intelligence, or even the provider of the technology that enables the operationalization of data. Enterprises should be evaluating their providers with these objectives in mind—for example, demanding the ability to apply rich indicators to historical events.
Link: http://www.darkreading.com/partner-perspectives/general-dynamics-fidelis/application-of-threat-indicators-a-temporal-view/a/d-id/1319724

CIO - Why you should be spending more on security
Many CIOs endanger their companies simply by not spending enough on security.
That may seem odd to posit, given that a recent Pricewaterhouse Coopers survey found that businesses now spend a higher percentage of their IT budgets on security than ever before. According to the survey, large organizations spend an average of 11 percent of their IT budgets on security while small businesses spend nearly 15 percent.
The good news is that there is new security technology on the horizon, and some of it looks like it will be a worthwhile investment. “Cutting-edge technologies show genuine promise and are already being used by enlightened companies,” Chuvakin says. “Analytics may give a huge boost to defenders, as well as machine learning and threat intelligence. It’s too early to say ‘buy this and you’ll win, but there is definitely light at the end of the tunnel.”
Link: http://www.cio.com/article/2904364/security0/why-you-should-be-spending-more-on-security.html

Three ways a CSO can stop being the bad guy
Are you the Dr. No of your company, always with security-related reasons for stopping or slowing down projects?
But some security executives are redefining their roles to become people who say “yes,” and restructuring their departments around becoming enablers of business.
Meyer urged very CSO and CISO to begin building working relationships with other business leaders in their company, and to stay positive.
Link: http://www.csoonline.com/article/2904027/security-leadership/three-ways-a-cso-can-stop-being-the-bad-guy.html?phint=newt%3Dcso_update&phint=idg_eid%3D3ed717ef9867f793024f9cb8f4bb3860#tk.CSONLE_nlt_update_2015-04-02&siteid=&phint=tpcs%3D&phint=idg_eid%3D3ed717ef9867f793024f9cb8f4bb3860

Do Threat Exchanges Work?
The big question is, do these threat exchanges work? Sharing information about threats is one thing, but does this sharing result in reducing your security risk by preventing your organization falling victim to viruses and other malware infections or more concerted attacks by hackers?
Question of Trust
Does Size Matter?
It’s impossible to know in advance which exchange offers the right combination of these traits to be helpful for your organization. All that can be said is that you’ll recognize it if and when the threat information you receive starts to help you ward off viruses, malware and hacker attacks.
Link: http://www.esecurityplanet.com/network-security/do-threat-exchanges-work.html

Reduce Breach Liability [Infographic]
Customer identity data is a highly valuable asset not only to you as a business, but also to criminals intent on exploiting the data for personal gain. Thieves can make an estimated $50 million from just one data breach, and brands have lost as much as $125 million in breach associated costs*.
While most of us are aware of the dangers, it can be difficult to know what to do to prevent a data breach. However, there are questions that you can ask to understand your areas of vulnerability and ward off an insider security breach later..
Link: http://www.business2community.com/infographics/infographic-reduce-breach-liability-01195068

Google bans Chinese websites, cites security breach
BEIJING, April 2 (UPI)—Google’s tense relationship with Chinese authorities took another turn when the search engine announced its web browser and other applications will not recognize security certificates from the China Internet Network Information Center, or CNNIC.
Google announced the move in a blog post on March 23, saying the CNNIC had farmed out its certification authority to Egypt-based MCS Holdings, an organization Google described as “not fit to hold (authority).”
Link: http://www.upi.com/Top_News/World-News/2015/04/02/Google-bans-Chinese-websites-cites-security-breach/6011427986032/

Google’s Android security scans over 200 million devices a day
Google’s data suggests that the percentage of Android phones that didn’t have any PHAs stood at around 99.5 percent at its lowest in October 2014, although this figure excludes anyone that rooted the phone and, er, freed up the security system built into the mobile OS. Notably, this figure is from before both Android 4.4 and its successor. The company counts that it’s got one billion devices protected by its Android security services: its Verify Apps service now scans over 200 million devices a day in the background, aimed at improving device security. Google is quick to add that none of your pics, location data or personal information is accessed. Phew.
Link: http://www.engadget.com/2015/04/02/google-security-android-2014/

iOS Security Reports Say No iPhone Is Safe
According to the GFI report, Apple took the top vulnerability spots, with its Mac OSX at No. 1 with 147 vulnerabilities, followed by Apple iOS with 127 vulnerabilities. The Linux kernel was a close third, followed very distantly by Ubuntu and Windows. Android, meanwhile, had only six reported vulnerabilities for 2014 (although GFI took care to note that this number did not include certain Linux vulnerabilities that also apply to Android).
Link: http://www.informationweek.com/ios-security-reports-say-no-iphone-is-safe/a/d-id/1319750

Posted on 04/02
NewsPermalink

Wednesday, April 01, 2015

Newsalert - 2015 April 01

Why Data Breaches Don’t Hurt Stock Prices
[The] mismatch between the stock price and the medium and long-term impact on companies’ profitability should be addressed through better data. Shareholders still don’t have good metrics, tools, and approaches to measure the impact of cyber attacks on businesses and translate that into a dollar value. In most cases, at the time a security breach is disclosed, it is almost impossible for shareholders to assess its full implications. Shareholders should look beyond short-term effects and examine the impact on other factors, such as overall security plans, profitability, cash flow, cost of capital, legal fees associated with the breach, and potential changes in management.
Now that major security breaches have become an inevitability in doing business, companies should put strong data security systems in place, just as they protect against other types of business and operational risks. However, companies whose assets are primarily non-digital have less incentive to invest in prevention if they know their stock price will survive — and that takes a toll on the overall economy and consumer privacy.
Link: https://hbr.org/2015/03/why-data-breaches-dont-hurt-stock-prices

Updated – Security Alert: Vawtrak aka Neverquest Trojan Targeting Canadian Banks
Our malware analysts have detected an ongoing malware campaign, where Vawtrak (or Neverquest), a classic Trojan-banker targets credentials from banks in Canada to steal financial information.
This high versatility offers Vawtrak the ability to collect credentials and sensitive information from FTP servers, email clients and finally from all spheres of the online.
Number and location of victims: the size of the BOTnet depends on the campaign, but we have already identified approximately 15.000 BOTs in the Canadian targeted attack, and 90% of these are located in Canada based on geoIP.
Link: https://heimdalsecurity.com/blog/vawtrak-financial-malware/

Targeted controls key to effective information security, says Protiviti
The firm’s managing director and global lead of the IT governance and risk management practice, Jonathan Wyatt, said too often businesses focus only on keeping intruders out.
The first thing businesses need to accept is that it is impossible to protect everything to the highest level all the time, he said, but also that they do have valuable data and that keeping it safe is achievable. Businesses must take control of their IT landscape
Link: http://www.computerweekly.com/news/4500243458/Targeted-controls-key-to-effective-information-security-says-Protiviti?asrc=EM_ERU_41330668&utm_medium=EM&utm_source=ERU&utm_campaign=20150401_ERU%20Transmission%20for%2004/01/2015%20(UserUniverse:%201449016)_myka-reports@techtarget.com&src=5375580

Social engineering techniques are becoming harder to stop, experts say
As social engineering techniques get more sophisticated and attacks appear more like authentic messages, experts say that training methods need to evolve as well. Baker said that the trick to educating employees has always been to make people suspicious of these requests, but that is getting more difficult because it often isn’t enough to simply have users keep an eye out for improper use of language or odd typos.
As more data moves online, social engineering techniques are becoming increasingly advanced and traditional training methods may not be enough to keep enterprises safe.
Link: http://searchsecurity.techtarget.com/news/4500243233/Social-engineering-techniques-are-becoming-harder-to-stop-experts-say?utm_medium=EM&asrc=EM_ERU_41331086&utm_campaign=20150401_ERU%20Transmission%20for%2004/01/2015%20(UserUniverse:%201449016)_myka-reports@techtarget.com&utm_source=ERU&src=5375580

Corporate Security Checklist – a CEO’s Guide to Cyber Security
You may not know the figures yet, but data breaches are currently among the most common and most costly security problems for organizations of all sizes. The 2014 Cyber Security Intelligence Index by IBM shows that companies are attacked around 16,856 times a year, and data breaches are one of the preeminent causes for these attacks.
Ensuring your company’s cyber security is a complex job and you need a trustworthy CTO or CIO to keep things up to date and working well. As a manager or CEO, you couldn’t possibly have the time to dedicate to understanding or coordinating all of this by yourself.
What we’re trying to help you is understand why cyber security is a necessity and a fundamental factor that influences your company’s stability and success.
Link: https://heimdalsecurity.com/blog/corporate-security-checklist-a-ceos-guide-to-cyber-security/

Sinkholing Volatile Cedar DGA Infrastructure
There is currently some buzz about the Volatile Cedar APT activity in the Middle East, a group that deploys not only custom built RATs, but USB propagation components, as reported by Check Point [pdf]. If you are interested in learning more about this APT, we recommend checking their paper first.
One interesting feature of the backdoors used by this group is their ability to first connect to a set of static updater command and control (C2) servers, which then redirect to other C2. When they cannot connect to their hardcoded static C2, they fall back to a DGA algorithm, and cycle through other domains to connect with.
Link: https://securelist.com/blog/research/69421/sinkholing-volatile-cedar-dga-infrastructure/

PCI DSS 3.1 set for April 2015 release, will cover SSL vulnerabilities
The governing body behind the Payment Card Industry Data Security Standard has confirmed that the next version of the mandate will be released in just a few weeks, which could spark a scramble by merchants trying to implement the surprise update.
According to the SSC, the changes in PCI 3.1 will affect all requirements that reference SSL as an example of what it calls “strong cryptography,” which in its glossary of terms is defined as “cryptography based on industry-tested and accepted algorithms, along with strong key lengths (minimum 112-bits of effective key strength) and proper key-management practices.”
Link: http://searchsecurity.techtarget.com/news/4500243398/PCI-DSS-31-set-for-April-2015-release-will-cover-SSL-vulnerabilities?utm_medium=EM&asrc=EM_NLN_41362368&utm_campaign=20150401_Fire%20drill:%20Surprise%20PCI%20DSS%20update%20may%20be%20days%20away_mtamarov&utm_source=NLN&track=NL-1820&ad=899837

Cisco buys virtual appliance software vendor
Cisco (CSCO -1%) is buying Embrane, a provider of virtual (software-based) firewall and load balancer appliances, and (perhaps more importantly for Cisco) a software platform for deploying and managing virtual appliances (whether Embrane’s or a third party’s). Terms are undisclosed.
Embrane’s team is joining Cisco’s Insieme SDN/switching unit; the networking giant argues Embrane’s offerings will strengthen the feature set of its Nexus data center switch line and ACI SDN/networking virtualization platform (seeing healthy growth, in pitched battle with VMware’s NSX).
Link: http://seekingalpha.com/news/2405416-cisco-buys-virtual-appliance-software-vendor?auth_param=137vrm:1aho75g:69ceee3ad86c2affa033f48c8b0df37e&uprof=45

Anonymous proxies used to carry out shotgun DDoS attacks
… new research from website security company Incapsula has uncovered a darker side to the use of anonymizers as a source of DDoS attacks.
According to the findings DDoS attacks from anonymous proxies accounted for 20 percent of all application layer attacks. On average, perpetrators were directing traffic from 1,800 different IPs. This is what Incapsula calls a “Shotgun” attack.
Link: http://betanews.com/2015/03/31/anonymous-proxies-used-to-carry-out-shotgun-ddos-attacks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN

Google kills 200 ad-injecting Chrome extensions, says many are malware
More than a third of Chrome extensions that inject ads were recently classified as malware in a study that Google researchers carried out with colleagues from the University of California at Berkeley. The Researchers uncovered 192 deceptive Chrome extensions that affected 14 million users. Google officials have since killed those extensions and incorporated new techniques to catch any new or updated extensions that carry out similar abuses.
Link: http://arstechnica.com/security/2015/04/google-kills-200-ad-injecting-chrome-extensions-says-many-are-malware/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

F5 opens new Security Operations Center in Seattle to help companies defeat ...
GeekWire
F5 Networks marked the opening of a new Security Operations Center at its Seattle headquarters this afternoon — complete with one of its engineers in a black hoodie playing the role of a hacker launching a mock online attack, to show how the company’s ...
Link: http://www.geekwire.com/2015/f5-opens-new-security-operations-center-in-seattle-to-help-companies-defeat-online-attacks/

Posted on 04/01
NewsPermalink