Cyber Security Institute

Thursday, July 07, 2016

Security Industry News - 2016-07-07

Table of Contents

  • 10 cutting-edge tools that take endpoint security to a new level
  • mindSHIFT unveils new proactive IT security offerings to protect customers' information
  • Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice
  • Despite Decline, FireEye Is Still Not Cheap
  • Faraday: Collaborative pen test and vulnerability management platform
  • Faraday: Collaborative pen test and vulnerability management platform
  • UpGuard Becomes Member of the Center for Internet Security, Develops Solution to Help Businesses Meet CIS Guidelines
  • Twistlock Secures $10 Million in Series A Funding
  • Ixia Combines Visibility and Test Technology to Speed Network Fault Isolation and Outage Resolution
  • Report: Here's Who FireEye Could Be Eyeing For An Acquisition
  • Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio
  • Worldwide cloud IT infrastructure revenue grows to $6.6 billion
  • Fusion Wins $1.3 Million Contract to Provide Cloud Services to Leading Cybersecurity Company
  • Antivirus merger: Avast to buy AVG for $1.3 billion
  • Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out
  • Cyphort Strengthens Management Team with Two New Executive Hires
  • Palo Alto offers $16,000 in looming CTF hack off



10 cutting-edge tools that take endpoint security to a new level
The 10 products we tested in this review go beyond proactive monitoring and endpoint protection and look more closely at threats.
They evaluate these threats in a larger ecosystem, combining the best aspects from network intrusion detection and examining the individual process level on each computer.
That is a tall order, to be sure. 
Evidence of how important this product category has become is Microsoft's latest entry, called Windows Defender Advanced Threat Protection.
Announced at the RSA show in March, it will be slowly rolled out to all Windows 10 users (whether they want it or not, thanks to Windows Update).
Basically what Microsoft is doing is turning every endpoint into a sensor and sending this information to its cloud-based detection service called Security Graph.
No remediation feature has been announced to work with this yet. 
Besides Microsoft, there are many products to choose from.
We looked at Outlier Security, Cybereason, Sentinel One, Stormshield SES, ForeScout CounterAct, Promisec PEM, CounterTack Sentinel, CrowdStrike Falcon Host, Guidance Software Encase, and Comodo Advanced Endpoint Protection. (BufferZone, Deep Instinct, enSilo, Triumfant, ThreatStop and Ziften declined to participate.) 
The best products combine both hunting and gathering approaches and also look at what happens across your network, tie into various security event feeds produced by both internal systems and external malware collectors, work both online and offline across a wide variety of endpoint operating systems and versions, and examine your endpoints in near real-time. 
As you might suspect, no one product does everything.
You will have to make compromises, depending on what other security tools you already have installed and the skill levels of your staff.
Because of this, we weren't able to score each product numerically or award an overall winner.
Link: http://www.infoworld.com/article/3091100/endpoint-protection/10-cutting-edge-tools-that-take-endpoint-security-to-a-new-level.html



mindSHIFT unveils new proactive IT security offerings to protect customers' information 
STERLING, Va., July 6, 2016 /PRNewswire/—mindSHIFT Technologies, Inc., a Ricoh company, today announced the launch of mindSHIFT IT Security, Risk and Compliance Services.
This latest addition to mindSHIFT's robust IT services portfolio will enable customers to take a proactive approach to information security. 
Available to customers today, mindSHIFT's IT Security, Risk and Compliance Services consist of three distinct services to help organizations identify and mitigate risk from security breaches, cyberattacks, rogue employees and to help organizations achieve compliance with federal, state and industry regulations.
These services include External Vulnerability Assessments, Penetration Testing and Cybersecurity Risk Assessments.
Link: http://finance.yahoo.com/news/mindshift-unveils-proactive-security-offerings-133000140.html



Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice 
Kroll (“the Company”), a global leader in risk mitigation, compliance, security, and incident response solutions, today announced the appointment of J.
Andrew Valentine as an Associate Managing Director in its Cyber Security and Investigations practice.
With a wide range of experiences and skills that bridge the private sector and law enforcement, Valentine is a highly accomplished practitioner as well as a recognized thought leader, author, and speaker on computer crime and cyber security.
He has managed numerous high-profile criminal forensic and data breach investigations in the United States and internationally, where his work proved instrumental in the arrests and successful prosecutions of notorious hackers and criminals. 
Over the course of a 14-year career, Valentine became well-versed in criminal and civil investigative requirements, including computer forensics, evidentiary procedures, and fact-finding techniques, during his service with the Florida Department of Law Enforcement’s Computer Crime Center and with Verizon/Cybertrust.
He has regularly collaborated with government and state/provincial law enforcement agencies worldwide, including the Federal Bureau of Investigation, U.S.
Secret Service, and Department of Homeland Security.
Adept at making a complex and challenging subject matter clear and comprehensible, Valentine has served as an expert witness in criminal and civil trials.
Link: http://finance.yahoo.com/news/kroll-names-j-andrew-valentine-155300383.html



Despite Decline, FireEye Is Still Not Cheap 
FireEye’s economic earnings, the true cash flows of the business, have declined from -$40 million in 2012 to -$587 million over the trailing twelve months.
By removing stock based compensation expense, FEYE is able to report non-GAAP results that, while not positive, are improving year-over-year while the true profits are declining. 
With shares now greatly overvalued plus large profit losses and strong competition, FireEye (NASDAQ:FEYE) is this week's Danger Zone pick. 
The security industry is highly competitive and FEYE faces significant challenges from each of its competitors.
As noted in the company's 10-K, competition comes from Cisco (NASDAQ:CSCO), Juniper (NYSE:JNPR), Intel (NASDAQ:INTC), IBM (NYSE:IBM), and Palo Alto Networks (NYSE:PANW), among others.
Figure 3 makes it clear that FEYE's competition have higher margins and ROICs.
With such negative profitability, FireEye has competitive disadvantages in the form of less capacity to invest in product development and less pricing flexibility. 
More recently, in 1Q16, revenue grew by 34% year-over-year.
However, cost of revenues grew 37%, R&D grew 31%, and general and administrative costs grew 30% year-over-year.
In order to buy into the bull case, one must believe FEYE can significantly cut costs in order to improve margins, while simultaneously growing revenue to maintain the "growth story" initially sold to the market.
Link: http://seekingalpha.com/article/3986664-despite-decline-fireeye-still-cheap?auth_param=137vrm:1bnqfrk:d48164696a98d79d229d4e247763caad&uprof=45&dr=1



Faraday: Collaborative pen test and vulnerability management platform 
Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time.
It gives CISOs a better overview of their team’s job, tools and results.
You can run it on Windows, Linux and OS X. 
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan. 
Radical changes to the tool – how looks and behaves – are in the works.
One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
Link: https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/



Faraday: Collaborative pen test and vulnerability management platform 
Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time.
It gives CISOs a better overview of their team’s job, tools and results.
You can run it on Windows, Linux and OS X. 
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan. 
Radical changes to the tool – how looks and behaves – are in the works.
One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
Link: https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/



UpGuard Becomes Member of the Center for Internet Security, Develops Solution to Help Businesses Meet CIS Guidelines 
MOUNTAIN VIEW, CA—(Marketwired - Jul 6, 2016) -  UpGuard today announced that it has become a member of the Center for Internet Security (CIS), and will continue to help businesses expand visibility into their cyber risk by providing hardening benchmarks to all customers.
By incorporating these benchmarks, UpGuard's CSTAR solution builds on its lead in providing the most complete assessment of both internal and external cyber risk.
Link: http://finance.yahoo.com/news/upguard-becomes-member-center-internet-160000777.html



Twistlock Secures $10 Million in Series A Funding 
SAN FRANCISCO, CA—(Marketwired - Jul 6, 2016) - Twistlock, the leading provider of security solutions for virtual containers, today announced it has completed a $10 million round of funding led by TenEleven Ventures.
The round was completed with strong support from new investor Rally Ventures and existing backers YL Ventures and a strategic venture firm. 
Twistlock also announced that Alex Doll, founder of TenEleven Ventures, has joined its board of directors.
Alex is a long-time security industry veteran who cofounded PGP Corporation and currently is an investor in and director of several high-growth cybersecurity companies, including CounterTack, Cylance and Ping Identity.
Link: http://finance.yahoo.com/news/twistlock-secures-10-million-series-113000696.html



Ixia Combines Visibility and Test Technology to Speed Network Fault Isolation and Outage Resolution 
Ixia, a leading provider of network testing, visibility, and security solutions, today announced TrafficREWIND™, a new solution that captures traffic patterns from a production network and accurately recreates them in a controlled sand-box environment.
TrafficREWIND, based on new patent pending technology, enables enterprises, service providers, and network equipment manufacturers to dramatically speed fault isolation and outage resolution with real world testing.
Ixia is planning a demonstration of TrafficREWIND at Cisco Live (Booth #3019) in Las Vegas 2016, July 10th – 14th. 
TrafficREWIND leverages the advanced functionality of several of the company’s solutions, including the Vision ONE™ network visibility solution to capture production network traffic profiles, the BreakingPoint™ testing platform to replay the traffic in a controlled environment such as a pre-deployment lab or a staged network, as well as Ixia’s Application and Threat Intelligence (ATI) technology for advanced threat intelligence. 
Ixia’s BreakingPoint validates the stability, accuracy, and quality of networks and network devices.
Adding TrafficREWIND enables customers to review past production traffic conditions and replay them, plan for the future by scaling or changing traffic dynamics, and freeze time to examine a specific incident at the exact moment it happened, for rapid fault analysis.
Link: http://finance.yahoo.com/news/ixia-combines-visibility-test-technology-173700737.html



Report: Here's Who FireEye Could Be Eyeing For An Acquisition 
After making two acquisitions earlier this year, a report by financial services company The Cowen Group speculated that FireEye could be on the acquisition trail again.
- Bromium
- ForeScout Technologies  
- Cato Networks
- Securonix
Cowen report aside, rumors have again emerged that FireEye could be the target of a buyout bid itself.
Link: http://www.crn.com/slide-shows/security/300081243/report-heres-who-fireeye-could-be-eyeing-for-an-acquisition.htm/pgno/0/1



Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio 
LONDON—(BUSINESS WIRE)—Technavio analysts forecast the global security intelligence and analytics solutions market to grow at a CAGR of over 10% during the forecast period, according to their latest report. 
The research study covers the present scenario and growth prospects of the global security intelligence and analytics solutions market for 2016-2020.
The report also lists security intelligence and security analytics as the two main product segments, with security intelligence accounting for more than 71% of the market share. 
Most internet service providers have a distributed architecture hence, a security solution at the network level cannot limit the threat of attacks.
Most attacks on systems originate from the web.
For consumers, most threats are sourced from web interactions and peer-to-peer usage.
As these threats target specific systems, they are difficult to detect and prevent at the network level.
Therefore, end-users are increasingly adopting security intelligence and analytics solutions at a rapid pace, as these solutions help in detecting and eliminating the threats. 
According to Amrita Choudhury, a lead analyst at Technavio for IT security research, “Security breaches pose the threat of loss of end-user data and will lead potential customers away from the company as well as erode the brand image and equity of the company.
Thus, investments in threat intelligence security have considerably increased due to increased need for enterprises to preserve their reputation and brand image.” 
The complexity of threats directed toward end-users is increasing.
For instance, threats such as advanced persistent threats are on the rise.
Unlike the traditional threats that were individual in nature and were targeted at a single system, these threats are targeted at a whole setup.
Furthermore, they have the capability to bring down the infrastructure of a whole entity.
Hence, to counter these attacks, which are increasing in both frequency and complexity, end-users are adopting security analytics solutions at a rapid pace. 
Growing use of mobile devices such as laptops, smartphones, and other handheld devices is contributing to the growth of the market.
The increased use of mobile devices leads to the storage of critical information and easy access to this information.
This increases the need to protect these devices.
Link: http://www.businesswire.com/news/home/20160705005292/en/Increased-Complexity-Attacks-Create-Opportunities-Global-Security



Worldwide cloud IT infrastructure revenue grows to $6.6 billion 
Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew by 3.9% year over year to $6.6 billion in the first quarter of 2016 (1Q16) on slowed demand from the hyperscale public cloud sector, according to the IDC. 
Total cloud IT infrastructure revenues climbed to a 32.3% share of overall IT revenues in 1Q16, up from 30.2% a year ago.
Revenue from infrastructure sales to private cloud grew by 6.8% to $2.8 billion, and to public cloud by 1.9% to $3.9 billion. 
Total cloud IT infrastructure revenues climbed to a 32.3% share of overall IT revenues in 1Q16, up from 30.2% a year ago.
Revenue from infrastructure sales to private cloud grew by 6.8% to $2.8 billion, and to public cloud by 1.9% to $3.9 billion.
Link: https://www.helpnetsecurity.com/2016/07/07/worldwide-cloud-it-infrastructure/



Fusion Wins $1.3 Million Contract to Provide Cloud Services to Leading Cybersecurity Company 
NEW YORK, NY—(Marketwired - July 07, 2016) - Fusion (FSNN), a leading provider of cloud services, today announced that it has been selected to provide a fully integrated suite of advanced cloud solutions to an award-winning cybersecurity company.
The company, well recognized for its innovative cybersecurity solutions, has specialized in advanced threat detection, analysis and remediation for more than twenty years.
The cybersecurity leader cited Fusion's fully redundant and diverse cloud network, its secure data centers, and its built-in business continuity and disaster recovery solutions as primary reasons for awarding Fusion the contract, which has a minimum three year term.
The contract is expected to generate more than $1.3 million in cloud-based services revenue. 
In addition to selecting Fusion for its cloud voice services, dedicated Internet access and a powerful managed cloud network solution connecting three of the company's sites, the cybersecurity company trusted Fusion to provide a secure Data Center Service solution, which houses the company's cloud applications, servers and additional business-critical equipment in a fully certified data center.
Further, the cybersecurity company wanted to maintain control over its service environment and was impressed with Fusion's powerful management portals, including a voice portal that allows the company to distribute its calls across multiple sites, lowering costs while guaranteeing that communications can continue to flow during peak periods or unforeseen service interruptions.
The company was looking for a single source cloud solutions provider and found it in Fusion, ensuring that service delivery is seamlessly and securely delivered through one contract and managed through one experienced point of contact.
Link: http://finance.yahoo.com/news/fusion-wins-1-3-million-124625349.html



Antivirus merger: Avast to buy AVG for $1.3 billion 
The deal will give Avast access to more than 400 million "endpoints," or devices running its and AVG's software, 160 million of them phones or tablets, the company said Thursday. 
Avast hopes the deal will make the combined company more efficient, as well as allowing it to take advantage of new growth opportunities such as securing the internet of things.
Link: http://www.computerworld.com/article/3092501/security/antivirus-merger-avast-to-buy-avg-for-13-billion.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-07&idg_eid=d5d8326c323742a4ed7bf4fd3d



Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out 
Stuart McClure, goateed and soft-spoken, is confident and calm as he recites a well-rehearsed pitch on how his company, Cylance, is using artificial intelligence to shake up the antivirus industry. “We block 99.9% of the attacks out there,” he says, sounding like he’s selling a bottle of Purell. “Response to our product has been so overwhelming that we’re almost compelled to accelerate expansion so everyone can get their hands on it.” 
McClure has a lot to be confident about: In June his nearly four-year-old, 420-employee company was valued at $1 billion after raising a $100 million Series D round from Blackstone Tactical Opportunities and Insight Venture Partners.
But mention the name George Kurtz, his former partner and the current CEO of rival unicorn CrowdStrike, and the even-keeled 47-year-old security entrepreneur loses his cool. “George is a major competitor, and he’ll say anything to stop you from writing a story like this,” McClure says in a burst. “We’re beating him constantly in the market because he doesn’t do anything around prevention–they only do detection, and they don’t do it all that well.” 
McClure and Kurtz – once pals, partners and bestselling coauthors – are now fierce competitors. 
The race is on for Cylance and CrowdStrike - as well as other richly-valued security startups like FireEye and Palo Alto Networks – to convince corporate clients that their software will keep out the criminals in the cheapest and most efficient way possible. 
Cylance acts like a border guard, blocking shady actors before they enter the network. 
CrowdStrike, meanwhile, is a digital cop, patrolling networks for suspicious behavior. 
As for their bestselling book, Hacking Exposed, McClure says Kurtz’s name should never have been on it: “He wrote one chapter, but he makes it sound like it’s his book.
I gave him the book cover because I’m a nice guy.” Kurtz responded: “The claim that I wrote one chapter is not true.
I spent six months writing almost a third of the book.”
Link: http://www.forbes.com/sites/thomasbrewster/2016/07/06/duelling-unicorns-crowdstrike-vs-cylance-in-brutal-battle-to-knock-hackers-out/#16c05c4f1211



Cyphort Strengthens Management Team with Two New Executive Hires 
SANTA CLARA, Calif.—(BUSINESS WIRE)—Cyphort, the next generation Advanced Persistent Threat (APT) defense company, today announced it has hired Gord Boyce as Chief Customer Officer and Franklyn Jones as Vice President of Marketing.
Both Boyce and Jones offer decades of experience with technology leadership and will have oversight of the strategic direction and operation of their respective sales and marketing teams.
Boyce and Jones will report to Manoj Leelanivas, president and CEO. 
A high-tech veteran, Gord Boyce brings nearly 25 years of industry experience to Cyphort.
Prior to Cyphort, Boyce was CEO of file security company FinalCode, and CEO of network security and continuous monitoring company ForeScout Technologies.
He joined ForeScout as SVP of Worldwide Sales and Marketing, helping the company to expand its global channel, strategic partner base and market share.
Under his tenure, the company’s enterprise customer base increased from 200 to well over 1500 globally, including some of the world’s largest financial and military organizations.
Prior to ForeScout, Boyce held several senior management positions within the Nokia Internet Communications group and the Enterprise Solutions business group.
As the Chief Customer Officer for Cyphort, Boyce will be responsible for leading worldwide sales and driving customer engagement programs. 
Franklyn Jones has provided marketing leadership for innovative start-ups and established market leaders for more than 25 years.
His experience in cybersecurity includes CMO of Spikes Security, VP of Marketing at Bromium and nearly five years at Palo Alto Networks, which included helping launch and lead the company’s revenue growth in EMEA.
Jones also ran Solutions Marketing at Blue Coat Systems, helping the company accelerate its revenue growth and expand its leadership in the secure web gateway market.
In his role as Vice President of Marketing at Cyphort, Jones will be responsible for all aspects of corporate, product, and channel marketing, with a goal of accelerating Cyphort’s growth in the market.
Link: http://www.businesswire.com/news/home/20160707005166/en/Cyphort-Strengthens-Management-Team-Executive-Hires



Palo Alto offers $16,000 in looming CTF hack off 
In eight days, Palo Alto is launching a capture the flag competition offering a total of US$16000 (£12340, A$21,245) for the first to complete the six trials. 
The first to solve all six challenges will receive US$5000 (£3866, A$6640), and can score six lots of US$1000 (£773, A$1328) if they are also the first to complete each individual track.
Each track in the CTF dubbed LabyREnth will test competitor's abilities in disciplines including reverse engineering, programming, and threat intelligence. 
The tracks, designed by Palo Alto's @Unit42's Richard Wartell (@wartortell) will become increasingly difficult over time.
Link: http://www.theregister.co.uk/2016/07/07/palo_alto_offers_16000_in_looming_ctf_hack_off/