Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, July 30, 2019

OEM IT Security News - 28-Jul-2019

Table of Contents

  • 5 best practices to choose the right email security software
  • Proofpoint Drives People-centric Innovation with Two Industry-Firsts: Enhanced URL Isolation Based on User Risk Profiles and New Training Customization
  • Frost & Sullivan Names Luminati the 2019 Global Market Leader in the Enterprise IP Proxy Networks Market
  • WatchGuard Speeds Zero Day Malware Breach Detection from Months to Minutes
  • Bitdefender upgrades to deal with malware, privacy and child safety
  • SonicWall CEO on McAfee IPO rumours and Symantec's possible sale
  • Long-time LogRhythm CEO Grolnick out in favour of new blood
  • Check Point Introduces Record Breaking Security Gateways
  • Mimecast Is Likely To Break Out On The Upside
  • Kaspersky launches its 2020 range with traffic encryption and scanning speed improvements
  • Barracuda Increases Requirements and Benefits for Top-Tier Partners
  • NSS Labs test exposes weaknesses in NGFW products
  • CyberArk enhances its portfolio of SaaS offerings for privileged access security
  • Cisco in talks to acquire security startup Signal Sciences
  • Avnet appoints Max Chan as CIO
  • ESET unveils new version of File Security for Linux
  • ThetaRay 4.0 With IntuitiveAI Gives Banks a Powerful New Weapon Against Financial Cybercrime
  • Global Cyber Security Market Analysis 2019-2026: Market is Expected to Reach $345.42 Billion
  • Bitdefender Browser Isolation defeats attacks by monitoring memory for attack techniques
  • Greenbone Security Feed detects and protects against more than 70,000 vulnerabilities 5 best practices to choose the right email security software
Karen Scarfone
Tech Target - Security
Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise.
How advanced are basic security functions?
organization should look for more advanced antivirus, antispam and antiphishing technologies. 
What other security features do email security gateways offer?
For many organizations, especially larger enterprises, these additional functions are irrelevant, because the organization already has enterprise DLP and email encryption capabilities.
But for organizations without these capabilities, adding DLP and email encryption options to an email security gateway—often for an additional fee—can be a cost-effective and streamlined way to add these capabilities to the enterprise.
How usable and customizable are the management features?
Although organizations may not want to spend significant time customizing their email security gateways, doing so can improve detection capabilities, as well as enhance the management process itself by customizing administrator dashboards, gateway reports and other aspects of the gateway.
What are the typical false positive and negative rates?
Since each email security gateway uses several detection techniques in parallel with each other, it's not generally helpful to report overall false positive and negative rates for the entire gateway.
Instead, vendors provide typical rates for each threat type—spam detection, malware detection and phishing detection, among others.
Are email messages or attachments processed or stored in an external system?
Transferring email to an external server for processing or storage may be an unacceptable risk for some organizations, particularly if gateways are analyzing internal email messages.
This could cause the email security gateway vendor to access sensitive data and inadvertently or intentionally expose it to breach.
Similarly, if the vendor's server is compromised, the sensitive data could be compromised as well.
Link: Proofpoint Drives People-centric Innovation with Two Industry-Firsts: Enhanced URL Isolation Based on User Risk Profiles and New Training Customization
Nasdaq Globe Newswire
EIN News
/EIN News/—SUNNYVALE, Calif., July 22, 2019 (GLOBE NEWSWIRE)—Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced two people-centric innovations that enhance how organizations protect their most attacked people from malicious URLs, while increasing the effectiveness of security awareness training content.
In an industry-first, Proofpoint’s newly announced adaptive security controls can dynamically isolate URL clicks in corporate email and cloud collaboration URLs based on the risk profile of the recipient, as well as the riskiness of the URL itself.
These security controls are integrated with Proofpoint’s award-winning Targeted Attack Protection (TAP) intelligence.
These people-centric innovations are featured in both Proofpoint Email Isolation, which isolates both links in corporate email and personal webmail, and Proofpoint Browser Isolation, which isolates risky browsing behavior on corporate devices for all websites.
Both products leverage Proofpoint Isolation technology, which fetches content and executes it within Proofpoint’s cloud, while allowing the user to view a safely mirrored image of the site, assuming zero trust of all content.
Each solution also enables isolated use of cloud collaboration tools such as Dropbox and Microsoft SharePoint to help dramatically lower an organization’s attack surface.
Both Proofpoint Browser Isolation and Email Isolation integrate critical Proofpoint Targeted Attack Protection intelligence to help security teams detect, mitigate, and block advanced threats that target users through email.
In addition to blocking attacks that leverage malicious attachments and URLs, TAP also detects threats and risks in cloud applications.
The Proofpoint Attack Index within TAP provides organizations with visibility into their most targeted users based on four factors: threat actor sophistication, spread and focus of attack targeting, type of attack, and overall attack volume.
Link: Frost & Sullivan Names Luminati the 2019 Global Market Leader in the Enterprise IP Proxy Networks Market
OA Online
Luminati, the Israeli company that allows businesses to experience the web through the eyes of individual consumers throughout the world, today announced it has received a Market Leadership Award in the first independent analysis of the sector.
Luminati’s enterprise IP proxy network (IPPN) services for global retailers, brand owners and advertising networks feature strongly in the report by analyst firm Frost & Sullivan.
The report outlines a relatively new, but rapidly growing market and recognizes Luminati’s leading position in the provision of solutions that are increasingly important for businesses to remain competitive and compliant in the digital landscape. [S1]

“ The market for enterprise IP proxy network solutions is in its early growth stages, basically being invented by Luminati only a few years ago.
With the more specialized targeting of customers by demographics and location, companies are finding it more difficult than ever to do competitive analysis and verify advertising, security, and website performance.
Companies not familiar with these website practices or Internet Protocol proxy network (IPPN) solutions are at risk of gathering incorrect data and left behind technology-wise,” noted Robert Cavin, Industry Analyst, Digital Media, Frost & Sullivan.
Frost & Sullivan’s report names Luminati the 2019 global market leader in the Enterprise IP Proxy Network market, and acknowledges how the company has revolutionized the technology through its residential peer-to-peer network.
What’s more, the analysis identifies Luminati’s technical leadership and strict adherence to compliance procedures as factors that will likely cement the company’s leadership position over the coming years.
The top five use cases for enterprise IPPN by revenue (2018) are:
▪ Price comparison
▪ Ad verification
▪ Fraud protection
▪ Data collection
▪ Brand protection
Link: WatchGuard Speeds Zero Day Malware Breach Detection from Months to Minutes
Nasdaq Globe Newswire
EIN News
WatchGuard® Technologies, a global leader in network security and intelligence, secure Wi-Fi and multi-factor authentication, today announced a series of major updates to its threat correlation and response platform, ThreatSync, with latest release of Threat Detection and Response (TDR).
These enhancements include accelerated breach detection, network process correlation and AI-powered threat analysis, enabling managed service providers (MSPs) and the organizations they support to reduce breach detection and containment timeframes from months to minutes, automate the remediation of zero day malware and better defend against targeted, evasive threats both inside and outside the network perimeter.
According to the Ponemon Institute, the mean time to identification (MTTI) for a security breach is 197 days, while the mean time to containment (MTTC) is another 69 days after initial detection.
In Q1 2019 alone, zero day malware capable of escaping traditional antivirus (AV) solutions accounted for a massive 36% of threats, according to WatchGuard’s latest Internet Security Report.
With each passing day a security threat goes unnoticed, its potential to inflict both financial and reputational harm on an organization increases drastically.
Key ThreatSync features now available via TDR include: 
Host Containment and Automated Response
Accelerated Breach Detection
Network Process Correlation  
Artificial Intelligence Analysis
Link: Bitdefender upgrades to deal with malware, privacy and child safety
Sam Varghese
IT Wire
In a statement, the company said the Bitdefender 2020 series of products introduced browser anti-tracking for both Windows and macOS.
This would list all trackers behind any website visited and would allow an user to switch off the trackers and control the information that companies and third parties could compile obtain.
A second new feature, Microphone Monitor, reinforced Bitdefender’s existing Web cam protection, blocking unauthorised access to the user’s microphone.

Also due for launch is the first real-time protection for iOS, to block phishing scams.
No matter the browser, this feature will block transmission of any personal information such as credit card details or social security numbers.
Link:,-privacy-and-child-safety.html SonicWall CEO on McAfee IPO rumours and Symantec's possible sale
Nima Green
Conner was speaking as rumours of a Broadcom's possible takeover of Symantec continue to swirl, while McAfee is reportedly eyeing up an IPO.

CrowdStrike, meanwhile, recently exceeded analyst expectations when its valuation soared after going public.
"I think security is hot," Conner said. "There's a lot of money at play.
And look at the data: the threat landscape is getting very, very real.
On McAfee, he added: "McAfee is the latest example of change in the market: they were private, they went public, they got bought up strategically, they went private, and now they're going to IPO.
"So, IPOs now are the whole way to monetise yourself if you've got a stable business.
"The question is whether it will consummate as a true IPO, or whether they'll get bought at the last minute by private equity.
That's a financial play that's playing out, because to maximise the value they get, a lot of PEs don't want to buy right now because security is becoming a premium in the market.
Since Dell divested SonicWall by selling up to PE firms Francisco Partners and Elliott Management in 2016, Conner says it has built its partner base from zero to 18,700.
He said that as the vendor is increasingly turning its eye to the public sector and enterprise customers, some of its partners are specialising to match that focus.
Link: Long-time LogRhythm CEO Grolnick out in favour of new blood
Marian Mchugh
LogRhythm has appointed Mark Logan as its new CEO, replacing  Andy Grolnick.
In its announcement of the news, the security information and event management (SIEM) vendor made no mention of Grolnick or why he was leaving the 16-year-old company he has headed since 2005.

Logan (pictured) comes to LogRhythm from his role as president of data management solutions at vendor Attunity.
He has also served as CEO of WealthEngine, a data-driven consumer analytics business; and Rivermine, a business analytics company.
His appointment seems to be effective immediately as he is billed as CEO on the company's website, though Grolnick's own LinkedIn account still has him listed as chief exec.
The recent shuffle has seen Sue Buck appointed senior vice president of engineering and Barry Capoot installed as chief financial officer.
Link: Check Point Introduces Record Breaking Security Gateways
Nasdaq Globe Newswire
EIN News
/EIN News/—SAN CARLOS, Calif., July 24, 2019 (GLOBE NEWSWIRE)—Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, today announced two new high-end appliances optimized for data center and Telco environments. 
Check Point announces three new security gateway appliance models: 16000 Base, 16000 Plus and the record breaking 26000 Turbo are extensions of Check Point’s new gateway appliance series 16000 and 26000 which were introduced in June, presenting a complete line of high-end appliances with up to 64 networking interface, 16 100 GbE (Giga-bit-Ethernet) or 40 GbE.
Powered by the Check Point Infinity architecture, the 16000 and 26000 Security Gateways incorporate Check Point’s ThreatCloud and award-winning SandBlast™ Zero-Day Protection.
These modular gateways come in base, plus and turbo models, delivering up to 30 Gbps of Gen V Threat Prevention security throughput.
Link: Mimecast Is Likely To Break Out On The Upside
Seeking Alpha
The company's platform is increasingly sophisticated and sticky, opening new revenue streams, so we expect growth to continue to be brisk.
The figures are plagued by currency headwinds but underlying growth is good and operational leverage is kicking in.
The company generates considerable cash flows and the shares are not exorbitantly valued.
Link: Kaspersky launches its 2020 range with traffic encryption and scanning speed improvements
Chris Wiles
Beta News
Kaspersky has officially launched its 2020 edition, but only in certain territories.
Localized builds such as the English GB or German edition will follow in August (but there’s nothing stopping you installing the worldwide edition available in 'US English').
What’s new in 2020.
Expect to find 'enhanced security' (which we’d expect to find by default, to be fair) which now includes protection against the latest threats, including EternalBlue.
RATs support is now included.
This is protection against remote access tools which are used by support companies but often used by fraudsters to obtain access to your computer.
With the 2020 edition, RATs are now blocked by default and you can only choose whether to grant access by switching off the RATs module.
This could become rather confusing for a novice user who requires genuine remote access support.
If you’re a Mac user, Kaspersky for Mac 2020 now includes a dark theme (but we’re confused why the Windows version doesn’t include a dark mode), while Safe Money will check external drives once they are connected to your Mac.
Lastly, Kaspersky states the entire 2020 range sees significant performance enhancements, where users can expect to see a speed increase of 15 percent across platforms.
Mac application scanning has improved by 50 percent.
Link: Barracuda Increases Requirements and Benefits for Top-Tier Partners
Rich Freeman
Channel Pro Network
Barracuda Networks has revamped its partner program to deliver more benefits to top-tier partners while simultaneously raising the requirements to qualify for those rewards.
The changes, which have been rolled out to Barracuda’s channel in recent days, come in response to rapid cloud computing adoption among businesses of all sizes.
Securing cloud-based systems calls for capabilities that many traditional resellers lack at present, according to Ezra Hookano, Barracuda’s vice president of channels.
Under the new tiering scheme, partners will have to clear a higher sales revenue bar to qualify for top-level status.
They will also have to earn a competency in email security, public cloud security, or data and network application security.
Partners who meet those heightened prerequisites will receive extra benefits in return.
Most top-tier partners will see margins rise 10 to 30%, predicts Hookano, who expects roughly 200 Barracuda partners to retain top-level status in the program, versus approximately 1,200 before.
The new rules and requirements do not apply to managed service providers who partner with Barracuda through its Barracuda MSP division. “Our current MSP program is working fine,” Hookano says. “MSPs are already providing the correct service levels, so that program will not change.”
Link: NSS Labs test exposes weaknesses in NGFW products
Help Net Security
NSS Labs announced the results of its 2019 NGFW Group Test.
Twelve of the industry’s NGFW products were tested to compare NGFW product capabilities across multiple use cases.
Products were assessed for security effectiveness, total cost of ownership (TCO), and performance.
Test results showed that block rates for simple clear-text attacks remain strong (over 96%) for nine out of twelve products.
However, while known/published exploits were frequently blocked, test engineers were able to bypass protection in all devices with minor modifications to known and blocked exploits.
Key takeaways
• Enterprises expect when they purchase products that they will remain viable over multiple years.
• While it is tempting to draw conclusions from one test, NSS Labs recommends enterprises favor vendors that consistently engage and improve over time.
• Scripting evasions are challenging for NGFWs since they require real-time code analysis in order to determine whether a function is legitimate or obfuscating an attack.
• Vendor claims to protect vulnerabilities (regardless of the exploit specifics) are largely dependent on the nature of the vulnerability and whether it lends itself to such protection.
Test results found all products had room for improvement when confronted with unknown variants of known exploits.
• Research indicates that over 70% of Internet traffic is encrypted using TLS/SSL.
NSS Labs recommends measuring the performance of devices both with and without TLS/SSL enabled.
Failure to do so could result in unexpected performance bottlenecks.
Link: CyberArk enhances its portfolio of SaaS offerings for privileged access security
Help Net Security
CyberArk announced groundbreaking new services and enhancements to the industry’s most complete portfolio of Software-as-a-Service (SaaS) offerings for privileged access security.
CyberArk Alero is a dynamic solution for mitigating risks associated with remote vendors accessing critical systems through CyberArk.
CyberArk Alero also improves operational efficiencies and productivity by making it simple and easy for organizations to provision and manage remote vendor access. 
This new SaaS-based offering provides Zero Trust access for remote vendors connecting to the CyberArk Privileged Access Security Solution for complete visibility and control of privileged activities.
Just-in-time elevation and access with CyberArk Endpoint Privilege Manager – CyberArk Endpoint Privilege Manager is an industry leading SaaS-based solution that reduces the risk of unmanaged administrative access on Windows and Mac endpoints.
With Endpoint Privilege Manager’s new just-in-time capabilities, organizations can mitigate risk and reduce operational friction by allowing admin-level access to Windows and Mac endpoints on-demand for a specific period of time with a full audit log and the ability to revoke access as necessary.
Link: Cisco in talks to acquire security startup Signal Sciences
Gina Narcisi
Five-year-old Signal Sciences is a web application security company that develops software to protect applications running in private data centres and in the cloud.
The startup has raised a total of US$61.7 million in funding over four rounds, according to Crunchbase.
In February, the company raised US$35 million in funding led by growth equity firm Lead Edge Capital with participation from previous investors including CRV, Index Ventures, Harrison Metal, and OATV.
Link: Avnet appoints Max Chan as CIO
Help Net Security
Avnet, a leading global technology solutions provider, announced the promotion of Max Chan to Chief Information Officer (CIO), reporting to MaryAnn Miller, Chief Administrative Officer.
Chan has been serving as the head of global information solutions (GIS) within Avnet since November 2018.
Link: ESET unveils new version of File Security for Linux
Help Net Security
ESET File Security for Linux is powered by the latest ESET LiveGrid technology and eliminates all types of threats, including viruses, rootkits, worms and spyware.
Version 7.0 offers a host of advanced features, including real-time file system protection, tighter security and a real-time web graphical user interface (GUI).
Additionally, ESET File Security is fully compatible with the ESET Security Management Center and allows you to manage the software through a web interface, giving you the option to schedule on-demand scans, actions and security tasks.
Link: ThetaRay 4.0 With IntuitiveAI Gives Banks a Powerful New Weapon Against Financial Cybercrime
Cision PR Newswire
Yahoo - Finance
NEW YORK, July 23, 2019 /PRNewswire/—ThetaRay, a leading provider of AI-based Big Data analytics, today announced Version 4.0 of the company's namesake advanced analytics platform.
The update includes major capability upgrades to help global banks detect and prevent financial cybercrime.
ThetaRay's IntuitiveAI solutions replicate the powerful decision-making capabilities of human intuition to detect "unknown unknowns" that cannot be identified by first-generation AI or legacy products.
Version 4.0 provides a new hybrid learning approach.
The hybrid supervised/unsupervised learning capability integrates the two learning styles and applies the most effective one based on use case.
This approach finds significantly more potential threats through a single process and delivers a holistic view of a bank's threat landscape.
The new release also provides an additional method for anomaly clustering, which is a critical enabler to accurately detect more true positives while dramatically decreasing the number of false positive alerts.
In version 4.0, customers can now cluster identified anomalies by pattern, in addition to a density-clustering approach.
This clustering method ensures that AML and fraud teams have the right approach to analyze anomalous events with the method most applicable to a particular use case.
The addition of pattern-based clustering also enhances the built-in transparency and explainability of ThetaRay's "white box" AI applications.
Link: Global Cyber Security Market Analysis 2019-2026: Market is Expected to Reach $345.42 Billion
Nasdaq Globe Newswire
Dublin, July 24, 2019 (GLOBE NEWSWIRE)—The "Global Cyber Security Market Analysis 2019" report has been added to's offering.
The Global Cyber Security market is expected to reach $345.42 billion by 2026 growing at a CAGR of 12.3% during 2018 to 2026
Factors such as rise in malware and phishing threats, and growth in adoption of IoT and BYOD trend among organizations, are driving the cyber security industry growth.
However, the Limited security budget among SMEs is restraining the market.
Link: Bitdefender Browser Isolation defeats attacks by monitoring memory for attack techniques
Help Net Security
The security employed by Bitdefender Browser Isolation leverages unique capabilities of Citrix Hypervisor.
Only Bitdefender takes advantage of this security approach, known as Bitdefender Hypervisor Introspection, to monitor the raw memory of running Citrix Virtual Apps servers, including web browsers hosted on the servers.
The security requires no footprint in protected Virtual Apps servers to identify attack techniques used to exploit both known and unknown vulnerabilities in web browsers and their associated plugins.
Link: Greenbone Security Feed detects and protects against more than 70,000 vulnerabilities
Help Net Security
Greenbone Networks, a leading provider of vulnerability management, announced that it now detects and protects against more than 70,000 vulnerabilities through its Greenbone Security Feed.
The daily feed now contains 70,343 vulnerabilities, up from 50,000 in 2016, and organisations can cross-reference this information against their own IT networks to check for vulnerabilities.
The Greenbone Security Feed includes details of all the latest vulnerabilities identified by security experts from around the globe and Greenbone develops targeted Network Vulnerability Tests (NVT) so customers can identify and plug any gaps in their defences.

Posted on 07/30