Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, December 27, 2018

Security Industry News - 27-Dec-2018

Table of Contents

  • NetSecOPEN announces cybersecurity founding members and appoints board of directors
  • Password-less security arrives on macOS with HYPR
  • Palo Alto Networks expands partnership with Google Cloud
  • Avant Signs Alert Logic for Threat Management Services
  • Channelnomics Recognizes FireEye for Innovation in Machine Learning
  • Top Seven IT Security Trends For 2019
  • RSA Conference Puts Politics, Data Protection In The Spotlight
  • Global Endpoint Security Market Report 2018 Covers Trends, Challenges, Vendors, Growth and Technology Leadership Forecast by 2023
  • Global Threat of Cyber Attacks Is Spurring the Fraud Detection and Prevention Market Growth
  • IntSights Cyber Intelligence Appoints CyberArk's Ron Zoran to Its Board of Directors
  • 3 Security Business Benefits From a 2018 Gartner Magic Quadrant SIEM Leader
  • Webroot Strengthens Leadership in Security and Data Protection with ISO 27001 Certification
  • Pulse Secure and BNT Pro sign Technical Alliance Partnership to deliver identity control
  • Our 2018 Update for “Endpoint Detection and Response Architecture and Operations Practices” Publishes
  • Fortinet FortiMail Receives Top AAA Rating in SE Labs Email Security Test
  • Venafi Launches $12.5M Machine Identity Protection Development Fund

 


https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico
NetSecOPEN announces cybersecurity founding members and appoints board of directors




Help Net Security


NetSecOPEN revealed that 11 security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members.
The organization also appointed its board of directors, who will guide NetSecOPEN toward its goal: making open network security testing standards a reality.
The NetSecOPEN standard is designed to provide metrics that can be used to compare solutions and to understand the impact on network performance of different solutions under the same conditions.
The goal is to examine the performance ramifications of a solution with all of that solution’s security features enabled, conveying the true costs of the solution.
The 11 founding member organizations are: Check Point Software Technologies, Cisco, Fortinet, Palo Alto Networks, SonicWall, Sophos, and WatchGuard; test solution and services vendors Spirent and Ixia/Keysight; and testing labs European Advanced Networking Test Center (EANTC) and the University of New Hampshire InterOperability Lab (UNH-IOL).

Link: https://www.helpnetsecurity.com/2018/12/12/netsecopen-standard/



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Password-less security arrives on macOS with HYPR
Help Net Security
HYPR released its Employee Access solution for macOS.
The addition of macOS marks a milestone in expanding enterprise-wide coverage of HYPR’s Decentralized Authentication Platform, enabling businesses to secure password-less access to corporate resources, eliminate credential reuse and stop phishing attacks while improving workforce productivity on a global scale.
With existing support for Windows 7, 8 and 10, the launch of MacOS rounds off the HYPR Employee Access offering and accelerates HYPR’s continued transformation of enterprise security.
Link: https://www.helpnetsecurity.com/2018/12/12/hypr-employee-access-solution/



https://www.networksasia.net/sites/default/themes/networksasia/bootstrap_networksasia/images/network_favicon.ico Palo Alto Networks expands partnership with Google Cloud
Eleanor Dickinson
Networks Asia
Google and Palo Alto Networks have expanded their cyber security partnership in order to scale the latter’s cloud services.
As part of the new deal, Palo Alto Networks will use the Google Cloud Platform (GCP) to run to run some cloud-delivered services.
In addition, the company will expand its Global Protect cloud service to run on GCP, which is targeted at mobile and branch office end-users.
This follows Palo Alto Networks’ recent acquisition of RedLock in a deal valued at US$173 million.
Link: https://www.networksasia.net/article/palo-alto-networks-expands-partnership-google-cloud.1544584245



https://www.channelpartnersonline.com/files/2018/10/shutterstock_671203651-300x225.jpg Avant Signs Alert Logic for Threat Management Services
James Anderson
Channel Partners
Avant announced Tuesday that its subagents can now sell Alert Logic’s products and services, which include a security platform, threat intelligence and security-operations-center experts.
Link: https://www.channelpartnersonline.com/2018/12/11/avant-signs-alert-logic-for-threat-management-services/



https://mms.businesswire.com/media/20181212005067/en/581832/23/FireEye_logo_RGB.jpg Channelnomics Recognizes FireEye for Innovation in Machine Learning
Business Wire
MILPITAS, Calif.—(BUSINESS WIRE)—FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, has been named a Channelnomics Innovation Award winner for FireEye® Endpoint Security with MalwareGuard™.
Link: https://www.businesswire.com/news/home/20181212005067/en/Channelnomics-Recognizes-FireEye-Innovation-Machine-Learning



https://cdn.facilityexecutive.com/wp-content/uploads/2016/09/apple-icon-152x152-2.png Top Seven IT Security Trends For 2019
Facility Executive
A team of security analysts from Netwrix reveal the top IT security trends that will influence businesses in 2019.
Compliance will get broader and stricter. 
Security will become more data-centric. 
Cloud adoption will accelerate. 
AI and advanced analytics will be more sought after. 
Blockchain will be used for IT security. 
IoT devices will continue to be at risk. 
Personal data breaches will have more ramifications.
Link: https://facilityexecutive.com/2018/12/top-seven-it-security-trends-2019/



https://www.silicon.co.uk/wp-content/uploads/2017/01/cropped-silicon-UK-Facebook-Profile-180x180-192x192.jpg RSA Conference Puts Politics, Data Protection In The Spotlight
Silicon [UK]
Politics and data security, two of the hot-button issues of this year, are set to feature in the keynote lineup of RSA Conference 2019 next March.
Speakers from a variety of high-powered tech and security companies are set to appear, but also figures such as Megan Smith, who served as the US’ chief technology officer from 2014 to 2017, and Donna Brazile, a veteran political strategist and former presidential advisor.
Meanwhile, the head of global privacy for LinkedIn, Kalinda Raina, and Uber chief privacy officer Ruby Zefo, are set to headline a panel discussion on the ways the tech industry is adapting to new privacy imperatives brought in by stricter data protection laws.
The conference is also set to include a panel on cryptography and another featuring experts from the SANS Institute.
Link: https://www.silicon.co.uk/workspace/rsa-conference-puts-politics-data-protection-in-the-spotlight-239667?inf_by=5a1213f9671db8f27c8b4a0f



Global Endpoint Security Market Report 2018 Covers Trends, Challenges, Vendors, Growth and Technology Leadership Forecast by 2023
Security Market Research
Industry Professionals forecast Endpoint Security market is predicted to grow at 9.88% CAGR during the period 2018-2023.
Key Developments in the Endpoint Security Market:
October 2017 – McAfee announced the integration of advanced analytics to increase the efficiency of security operation center and protect endpoints and cloud. 
December 2017 – VMware partnered with Carbon Black, to offer a new joint data center security solution that combines VMware AppDefense and CB Defense, to offer a unique solution for stopping threats concentrated on applications inside a data center. 
Key Manufacturers: Cardon Black Technology Inc., Cisco Systems,Cylance Inc.,McAfee Inc.,CrowdStrike Inc.,Trend Micro Inc.,Symantec Corporation,Palo Alto Networks Inc. ,RSA Security LLC,FireEye Inc. ,SentinelOne Inc. ,Sophos Group Plc ,IBM Corporation ,Kaspersky Lab Inc. ,Panda Security S.L,Eset LLC,Fortinet Inc. ,Bitdefender LLC,Avast Software Inc., And many more…
Link: https://securitymarketresearch.com/39632/global-endpoint-security-market-report-2018-covers-trends-challenges-vendors-growth-and-technology-leadership-forecast-by-2023/



https://www.prnewswire.com/content/dam/prnewswire/icons/favicon.png Global Threat of Cyber Attacks Is Spurring the Fraud Detection and Prevention Market Growth
Financialbuzz.Com
Cision PR Newswire
According to data compiled by Marketsand Markets research, the global fraud detection and prevention (FDP) market is projected to grow from USD 19.5 Billion in 2018 to USD 63.5 Billion 2023.
Additionally, the market is projected to register a CAGR of 26.6%.
The FDP market will be accelerated by the growth of electronic transactions and companies' increasingly losing revenue due to cyber-attacks.
Glance Technologies Inc. (OTC: GLNNF), Cisco Systems, Inc. (NASDAQ: CSCO), Oracle Corporation (NYSE: ORCL), Proofpoint, Inc. (NASDAQ: PFPT), Juniper Networks, Inc. (NYSE: JNPR) 
The retail segment is expected to witness the highest CAGR during the forecast period due to the large amount of fraudulent incidents.
Link: https://www.prnewswire.com/news-releases/global-threat-of-cyber-attacks-is-spurring-the-fraud-detection-and-prevention-market-growth-815814026.html



https://www.prnewswire.com/content/dam/prnewswire/icons/favicon.png IntSights Cyber Intelligence Appoints CyberArk's Ron Zoran to Its Board of Directors
Cision PR Newswire
IntSights Cyber Intelligence, the leading provider of surface, deep and dark web cyber threat intelligence and digital risk protection solutions, announced today the addition of Ron Zoran, chief revenue officer of CyberArk to the company's Board.
Link: https://www.prnewswire.com/news-releases/intsights-cyber-intelligence-appoints-cyberark-s-ron-zoran-to-its-board-of-directors-817164461.html



https://securityintelligence.com/wp-content/uploads/2018/12/3-security-business-benefits-from-an-innovative-siem-leader-1024x538.jpg 3 Security Business Benefits From a 2018 Gartner Magic Quadrant SIEM Leader
John Burnham
Security Intelligence, IBM
Last week Gartner published its 2018 Magic Quadrant for Security Information and Event Management (SIEM).
As in past years, the report supports the steady evolution of SIEM technology and the growing demand from customers for simple SIEM functionality with an architecture built to scale that meets both current and future use cases.
What Separates a SIEM Leader From the Rest of the Market? 
The first element, early detection via analytics — more clearly stated as efficacy in threat detection and response — remains the centerpiece of any effective SIEM solution. 
The second element of Gartner’s definition of a leader, rapid adaptation to customer environments, is becoming a core factor in how much return on investment (ROI) customers realize and how quickly they realize it.
Ad hoc content, add-on applications and flexibility in upgrading the platform are all required to mature a SIEM system in an affordable way once it’s installed. 
Also included in this element is the ability to scale the platform in terms of both network coverage and security capabilities. 
The third element of a leading SIEM is strong market presence and easy access to services.
Link: https://securityintelligence.com/3-security-business-benefits-from-a-2018-gartner-magic-quadrant-siem-leader/



http://support.sys-con.com/404/ Webroot Strengthens Leadership in Security and Data Protection with ISO 27001 Certification
PR Newswire
Sys.Con Media
BROOMFIELD, Colo., Dec. 13, 2018 /PRNewswire/—Webroot, the Smarter Cybersecurity® company, announced it received ISO 27001 certification, one of the highest internationally recognized standards for information security management systems.
This achievement highlights Webroot's ongoing commitment to providing the highest standard in security protection.
Link: http://www.sys-con.com/node/4357981



https://www.helpnetsecurity.com/wp-content/themes/hns/favicon.ico Pulse Secure and BNT Pro sign Technical Alliance Partnership to deliver identity control
Help Net Security
Pulse Secure revealed a Technical Alliance Partnership with BNT Pro to jointly sell and support a solution that offers SecTrail, an Identity Control and Management Platform developed by BNT Pro, as part of an integrated solution with Pulse Secure Connect Secure VPN appliances.
The agreement will ensure that joint customers benefit from compatibility, enhanced features and simplified support and upgrades.
Link: https://www.helpnetsecurity.com/2018/12/14/pulse-secure-bnt-pro-technical-alliance-partnership/



https://securityboulevard.com/wp-content/uploads/2018/03/cropped-SB3x4-270x270.jpg Our 2018 Update for “Endpoint Detection and Response Architecture and Operations Practices” Publishes
Anton Chuvakin
Security Boulevard
Our main EDR document (“Endpoint Detection and Response Architecture and Operations Practices”) was just updated by Jon Amato, and it looks much better now.
The abstract states “’Increasing complexity and frequency of attacks elevate the need for detection of attacks and incident response, all at enterprise scale.
Technical professionals can use endpoint detection and response tools to speedily investigate security incidents and detect malicious activities and behaviors.”
A few of my favorite quotes are:
▪ “Extracting the full value of EDR tools demands mature security operations and IR processes.
Organizations not prepared to handle the large volume of alerts produced by EDR tools may wish to consider a managed EDR service.” [reminder: a managed EDR is a type of MDR, while not every MDR uses EDR]
▪ “EDR tools are also not malware-centric; they reflect a broader focus on all threats affecting endpoints, rather than the more narrow coverage of malware detection and prevention, as is the case for traditional anti-malware tools.” [this is obvious to many, but a useful reminder to some]
▪ “This combination of EDR and advanced anti-malware [from one vendor] is so pervasive that many Gartner clients conflate the two tools, treating EDR as synonymous with advanced machine learning-type anti-malware.
This is incorrect.
EDR and EPP (including advanced anti-malware) are still two separate pieces of technology that happen to be found very commonly in the same product and platform.”
▪ “Most EDR business cases seen by Gartner for Technical Professionals were focused on: Saving on IR costs | Detecting threats faster and better | Enabling wider and deeper endpoint visibility”
▪ “EDR users need not assume that all data coming from the compromised endpoints is wrong, only that it needs to be verified through other means (such as network monitoring) and cross-referenced by different types of information (such as verification of the list of running processes by means of direct memory read)”
Link: https://securityboulevard.com/2018/12/our-2018-update-for-endpoint-detection-and-response-architecture-and-operations-practices-publishes/



http://globenewswire.com/Attachment/LogoDisplay/424790?filename=424790.jpg&size=1 Fortinet FortiMail Receives Top AAA Rating in SE Labs Email Security Test
Nasdaq Globe Newswire
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced that its FortiMail Secure Email Gateway solution earned SE Labs’ top AAA rating in the 2018 Email Security Services (ESS) group test, while maintaining a perfect score in legitimate accuracy.
Email continues to be the primary attack vector for cybercriminals, with 92.4 percent of all malware and over 90 percent of all reported security incidents starting with phishing emails, with malicious attachments or links being sent to and opened by company employees.
Such attacks may lead to sensitive information and data getting into the hands of cybercriminals as well as costing organizations large sums of money.
Link: https://globenewswire.com/news-release/2018/12/13/1666687/0/en/Fortinet-FortiMail-Receives-Top-AAA-Rating-in-SE-Labs-Email-Security-Test.html



https://www.businesswire.com/news/home/20181213005089/en/favicon.ico Venafi Launches $12.5M Machine Identity Protection Development Fund
Business Wire
SALT LAKE CITY—(BUSINESS WIRE)—Venafi®, the inventor and leading provider of machine identity protection, today announced the launch of the Machine Identity Protection Development Fund at Machine Identity Protection Live.
The first $12.5 million tranche of the fund provides developers with direct sponsorship from Venafi to help accelerate the delivery of comprehensive protection for all machine identities.
Venafi will use the Machine Identity Protection Development Fund to sponsor a range of developers, including consultants, systems integrators, fast-moving startups, open-source developers and other cybersecurity vendors.
Funded developers will create integrations that ensure every new machine identity is automatically updated in the Venafi Platform.
Venafi also named the first three developers to receive sponsorships:
Jetstack
OpenCredo
Cygnacom
Link: https://www.businesswire.com/news/home/20181213005089/en/Venafi-Launches-12.5M-Machine-Identity-Protection-Development

Posted on 12/27
NewsPermalink