[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
I had a request to change the format of the date in the Subject line to make it easier to sort. So I made the change.
* Meet The Woman Powering The Fight Against Cybercrime
* DHS Hacker Warnings Will Soon Carry Reputation Scores
* 68% of Nifty 50 companies are vulnerable to cyber attacks:Study
* 6 steps to creating a hybrid integration strategy
* Cloud SLAs Can Overlook Security. Don’t Let Them.
* Four Out Of Five Enterprise Networks Show Evidence Of Malicious DNS Activity
* Vormetric: U.S. Retailers Spending Security Funds on Wrong Solutions
* Top 10 technologies for information security and their implications
Meet The Woman Powering The Fight Against Cybercrime
Having served previously as chief information security officer (CISO) of two giant US companies in Time Warner Cable and Home Depot HD -0.17%, Tammy Moskites is exceptionally well-placed to take a leading role in the fight for cyber security.
Now, as CISO of Venafi, Moskites oversees the development of systems that help organizations learn more about who they can and cannot trust in online environments.
Moskites explains that our internet-enabled world today has an identity tagging architecture similar in many ways to that used within the human body as part of our immune systems.
“In the wrong hands, keys and certs can enable bad guys to appear trusted, hide in encrypted traffic, exfiltrate data and even take control of your devices – it’s like giving them an invisibility cloak and magic key that opens all your doors,” she explains.
Things have sometimes been extremely challenging as a woman in a male-dominated profession.
Moskites suggests that negative experiences early on in her career actually helped spur her on to greater successes and eventually to the position she’s in today.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9cdd03487b&e=20056c7556
DHS Hacker Warnings Will Soon Carry Reputation Scores
The Homeland Security Department will soon rate the trustworthiness of tip-offs about hacking groups it receives from outside sources before sharing them with other agencies and industry.
Essentially, the ranking would tell companies and agencies, with a certain degree of confidence, the reliability of a threat warning.
To derive a score, DHS will analyze the indicator it receives from an outsider with intelligence it already has from federal partners and other materials involving the reputation of that notifier.
Roughly 30 organizations nationwide are receiving the Automated Indicator Sharing feeds.
About 100 have signed up to do so at some point, according to testimony heard by the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies on June 15.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=aebde10ef3&e=20056c7556
68% of Nifty 50 companies are vulnerable to cyber attacks:Study
The PwC survey about transgressions in Indian cyberspace of these companies further said, 525 email addresses belonging to the 34 companies were compromised, meaning hackers had access to those email addresses.
“Cybersecurity is no more restricted to Chief Information Officers (CIOs) or Chief Security Officers (CSOs) but needs serious attention of the higher management,” Sivarama Krishnan, Leader, Cyber Security – PwC India said.
Furthermore, 200 Internet Protocol (IP) addresses belonging to the 34 companies were blacklisted by various Internet Service Providers (ISPs), implying that the ISPs found these IPs to be involved in spreading malicious traffic on the Internet, sending spam emails, or acting as a botnet in large cyber attacks, the report noted.
According to the report, transgressions in Indian cyberspace have more than doubled over the past year to 6,284 incidents/respondent.
The average number of attacks in India is catching up with the global average of 6,853 incidents/respondent.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d1769eb72c&e=20056c7556
6 steps to creating a hybrid integration strategy
Agencies are adopting cloud-based software-as-a-service (SaaS) applications at increasing rates.
Many are simultaneously moving existing applications and systems to public and/or private cloud infrastructures, making hybrid IT environments the new standard.
Below are six essential steps for creating a successful hybrid integration strategy:
1- Understand your integration “center of gravity.”
2- Determine how much control and responsibility you want or need.
3- Know your users.
4- Plan how to keep up with project demands.
5- Use a flexible approach for different types of projects.
6- Consider how you will ensure data quality for your systems of record.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c14c600d09&e=20056c7556
Cloud SLAs Can Overlook Security. Don’t Let Them.
Cloud service level agreements (SLAs) are common – but how well do they protect you, the customer.
SLAs typically focus on performance, offering assurances of 99.9% or higher cloud service availability.
But they often fall short in detailing how cloud service providers will secure and protect the data you place into the cloud.
In essence, cloud SLAs are as much marketing tools designed to protect the cloud provider as they are guarantees for their customers.
First, a reality check.
Just as it’s impossible for cloud providers to guarantee 100% uptime, it’s also impossible to guarantee 100% secure operations.
As such, your goal should be to make sure the provider has a comprehensive security and privacy regime that provides protections that match the value and sensitivity of the data you’ll place in the cloud.
It’s also important to determine how you and the cloud provider may share responsibilities to safeguard your data, and to make those respective responsibilities clear in any contract you sign.
The questions you need to pose to a prospective cloud services provider should explore every aspect of data security and privacy as well as general operational information
These questions are just a sample of the full list of topics you should explore.
Many questions will relate to the specific characteristics and needs of the operations and data you will place in the cloud.
One final caution when it comes to evaluating the security controls and assurances your cloud providers may offer: Don’t forget about performance.
Security measures must be strong enough to provide adequate protections, but not so onerous and sluggish that they grind your service performance to a snail’s pace.
One common problem to consider, for example, will antivirus solutions introduce long delays during scans because they aren’t designed for use in highly virtualized cloud environments?
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c97a098277&e=20056c7556
Four Out Of Five Enterprise Networks Show Evidence Of Malicious DNS Activity
Infoblox Inc. (NYSE:BLOX), the network control company, today announced results of the Infoblox Security Assessment Report for the first quarter of 2016, which finds that 83 percent—more than four out of five—of enterprise networks tested by Infoblox show evidence of malicious DNS activity.
Among the specific threats found in files during the first quarter, by percentage, are:
– Botnets – 54%
– Protocol anomalies – 54%
– DNS tunnelling – 18%
– ZeuS malware – 17%
– Distributed denial of service (DDoS) traffic – 15%
– CryptoLocker ransomware – 13%
– Amplification and reflection traffic – 12%
– Heartbleed – 11%
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9670504db6&e=20056c7556
Vormetric: U.S. Retailers Spending Security Funds on Wrong Solutions
U.S. retailers are spending more money than ever on data protection, but a general lack of understanding as to which areas require the most attention is still a major issue, according to a new report from Vormetric and 452 Research.
A majority of retailers surveyed said they spend most of their security budget on network defenses, end point solutions and mobile device solutions, despite the fact that data-at-rest defenses and data-in-motion defenses are more effective means of protection.
Furthermore, protecting a company’s brand and reputation were seen as the top data protection drivers for retail, with data breach prevention ranking as the least concern, despite the fact that the two issues are deeply intertwined.
Despite the general lack of concern for protecting their most critical assets, there is hope that more retailers are beginning to understand that data protection and brand protection go hand in hand.
Vormetric reported that 44 percent of respondents plan to invest in data-at-rest defenses this year.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b72c247a72&e=20056c7556
Top 10 technologies for information security and their implications
Cloud access security brokers (CASBs) provide information security professionals with a critical control point for the secure and compliant use of cloud services across multiple cloud providers.
Many SaaS apps have limited visibility and control options; however, SaaS adoption is becoming pervasive in enterprises, which exacerbates the frustration of security teams looking for visibility and control.
The market for endpoint detection and response (EDR) solutions is expanding quickly in response to the need for more effective endpoint protection and the emerging imperative to detect potential breaches and react faster.
EDR tools typically record numerous endpoint and network events, and store this information either locally on the endpoint or in a centralized database.
Databases of known indicators of compromise (IOC), behavior analytics and machine-learning techniques are then used to continuously search the data for the early identification of breaches (including insider threats), and to rapidly respond to those attacks.
Purely signature-based approaches for malware prevention are ineffective against advanced and targeted attacks.
Multiple techniques are emerging that augment traditional signature-based approaches, including memory protection and exploit prevention that prevent the common ways that malware gets onto systems, and machine learning-based malware prevention using mathematical models as an alternative to signatures for malware identification and blocking.
User and entity behavioral analytics (UEBA) enables broad-scope security analytics, much like security information and event management (SIEM) enables broad-scope security monitoring.
UEBA provides user-centric analytics around user behavior, but also around other entities such as endpoints, networks and applications.
The correlation of the analyses across various entities makes the analytics’ results more accurate and threat detection more effective.
Once attackers have gained a foothold in enterprise systems, they typically can move unimpeded to other systems.
To address this, there is an emerging requirement for “microsegmentation” (more granular segmentation) of east/west traffic in enterprise networks.
In addition, several of the solutions provide visibility and monitoring of the communication flows.
Security needs to become an integral part of DevOps style workflows — DevSecOps.
DevSecOps operating models are emerging that use scripts, “recipes,” blueprints and templates to drive the underlying configuration of security infrastructure — including security policies such as application testing during development or network connectivity at runtime.
An intelligence-driven security operations center (SOC) goes beyond preventative technologies and the perimeter, and events-based monitoring.
An intelligence-driven SOC has to be built for intelligence, and used to inform every aspect of security operations.
To meet the challenges of the new “detection and response” paradigm, an intelligence-driven SOC also needs to move beyond traditional defenses, with an adaptive architecture and context-aware components.
Most attacks start by targeting end-users with malware delivered via email, URLs or malicious websites.
An emerging approach to address this risk is to remotely present the browser session from a “browser server” (typically Linux based) running on-premises or delivered as a cloud-based service.
Deception technologies are defined by the use of deceits and/or tricks designed to thwart, or throw off, an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression.
For example, deception capabilities create fake vulnerabilities, systems, shares and cookies.
If an attacker tries to attack these fake resources, it is a strong indicator that an attack is in progress, as a legitimate user should not see or try to access these resources.
As enterprise security departments are asked to extend their protection capabilities to operational technology and the Internet of Things, new security models must emerge to provision and manage trust at scale.
Trust services are designed to scale and support the needs of billions of devices, many with limited processing capability.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d99ed78164&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=47356b7d27)
Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)