Table of Contents
- Scanning Code for Viruses Is No Longer a Job for Humans
- No More Ransom: Law Enforcement and IT Security Companies Join Forces to Fight Ransomware
- Cybersecurity firm offers users reimbursement for ransomware infections
- DEFCON CYBER™ Joins FireEye Cyber Security Coalition
- How to ensure your A.I. gets good nutrition
- Sydney IT company looking to educate about security
- Australia’s security software spending sees growth spurt
- Juniper Networks reports lower profit
- How predictive analytics discovers a data breach before it happens
- 3 Reasons To Buy FireEye
- Trustwave opens Waterloo office, strengthens ties with Rogers Communications
- Tenable Network Security Names Seasoned Security Leader Dave Cole as Chief Product Officer
- Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
- Former IBM Cloud Chief Sets Sights on Hot Security Market
- Belden Industrial Cyber Security Initiative Builds Momentum
- Imperva Named by Gartner as the Only Leader in the 2016 Magic Quadrant for Web Application Firewalls for the Third Straight Year
- Fortinet to Provide Enterprises With On-Demand Security at Scale With Verizon Virtual Network Services
- RiskVision Teams With Offensive Security to Advance Enterprise Vulnerability Management
- Ingram Micro Named Cisco Asia Pacific Security Distributor of the Year
- Palo Alto Networks clinch 500 customers in India in past 2 years
- Centripetal Networks Joins with Infoblox to Offer Actionable Threat Intelligence
- AlienVault Unveils Latest Edition of Open Threat Exchange
Scanning Code for Viruses Is No Longer a Job for Humans
Alexey Malanov, malware expert at Kaspersky Lab, said 99 percent of the code his firm analyzes is seen only by machines—and it's been that way for five years.
The process keeps improving in terms of speed and efficacy, he said.
Automation works because most malware is an alteration of code already known. “Even if a cybercriminal creates something from scratch, in most cases he’ll integrate previously known malicious functionality,” said Malanov. "Automation will process all this."
Machine learning works along with a wide range of clustering and classifying algorithms, used to identify whether or not the scanned file is malicious or not, said Liviu Arsene, senior e-threat analyst at Bitdefender, another antivirus company that uses machines to process over 99 percent of the malware it receives.
Humans are better at discovering new features hidden within the malware, they have a better intuition and make non-obvious connections.
They are able to tackle a problem from creative angles.
Link: http://motherboard.vice.com/en_uk/read/scanning-code-for-viruses-is-no-longer-a-job-for-humans
No More Ransom: Law Enforcement and IT Security Companies Join Forces to Fight Ransomware
WOBURN, Mass.–(BUSINESS WIRE)–Today, the Dutch National Police, Europol, Intel Security and Kaspersky Lab join forces to launch an initiative called No More Ransom, a new step in the cooperation between law enforcement and the private sector to fight ransomware together.
No More Ransom (www.nomoreransom.org) is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals.
The aim of the online portal www.nomoreransom.org is to provide a helpful online resource for victims of ransomware.
Users can find information on what ransomware is, how it works and, most importantly, how to protect themselves.
Awareness is key as there are no decryption tools for all existing types of malware available to this day.
If you are infected, the chances are high that the data will be lost forever.
Exercising a conscious internet use following a set of simple cyber security tips can help avoid the infection in the first place.
The project provides users with tools that may help them recover their data once it has been locked by criminals.
In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June 2016 for the Shade variant.
The project has been envisioned as a non-commercial initiative aimed at bringing public and private institutions under the same umbrella.
Due to the changing nature of ransomware, with cybercriminals developing new variants on a regular basis, this portal is open to new partners’ cooperation.
Link: http://www.businesswire.com/news/home/20160725005101/en/Ransom-Law-Enforcement-Security-Companies-Join-Forces
Cybersecurity firm offers users reimbursement for ransomware infections
Security firm SentinelOne is confident it can beat any of today’s ransomware — and is willing to put money behind that claim.
The company is offering a new service that will cover up to $1 million in damages for any customers infected by ransomware.
SentinelOne is calling it the “Cyber Threat Guarantee” and treating it like an extended warranty that customers can buy starting Tuesday.
SentinelOne’s guarantee works like this: for individual computers infected with ransomware, the company will pay up to $1,000 to free the system.
The number of computers it will cover is up to 1,000 systems.
The policy has been designed this way because most ransomware attackers ask for around $250 or more to decrypt any data held hostage, Grossman said.
Customers who opt-in to the guarantee will pay an additional $5 fee for each Windows PC or server protected on top of their existing service.
The coverage will last a year before it can be renewed again.
Grossman joined SentinelOne last month after designing a similar guarantee program for his previous company, Whitehat Security.
Under that program, WhiteHat would refund customers if their websites ever got hacked with a vulnerability that the company failed to detect.
Link: http://www.computerworld.com/article/3099999/security/cybersecurity-firm-offers-users-reimbursement-for-ransomware-infections.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&idg_eid=d5d
DEFCON CYBER™ Joins FireEye Cyber Security Coalition
MANASSAS, Va., July 25, 2016 /PRNewswire/ — DEFCON CYBER™ offers a proactive cybersecurity solution cloud service that prioritizes incidents, automates the response workflow process, and measures activity responses across operations to produce a cybersecurity risk posture score.
DEFCON CYBER™ operationalizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework to be the business risk driver for incident prioritization and mitigation.
DEFCON CYBER™ enables an organization and its supply chain to significantly reduce priority incident response times and measure the cybersecurity risk posture through the successful execution of their respective cybersecurity risk management strategies.
DEFCON CYBER™ is offered as a hosted cloud service, on-premise cloud service (VMWare and Hyper-V), or an application plug-in to an existing Microsoft SharePoint enterprise platform.
Rofori Corporation today announced its partnership with FireEye, as a member of the FireEye® Cyber Security Coalition — an ecosystem designed to simplify customers' complex security environments via the intelligence-led FireEye Global Threat Management Platform.
Joint customers will benefit from enhanced threat detection and faster, more efficient correlation and response.
Rofori Corporation has applied its patented collaboration technology to the application of cybersecurity best practice outcomes to precisely manage the incident prioritization, automated initialization and tracking the response activity, and closing mitigated incidents.
DEFCON CYBER™ continuously measures the activities across asset management, threat intelligence, and operations to calculate the organization's cybersecurity posture.
DEFCON CYBER™ makes full use of the output of FireEye's leading iSight Intelligence to provide instant correlation between actionable threat intelligence and indicators. "In today's environment, resources are limited to analyze and correlate vast amounts of information," said Chuck O'Dell, Rofori Corporation CEO. "The combination of DEFCON CYBER™ and FireEye's iSIGHT Intelligence enables automated and continuous correlation of threat intelligence data to priority incidents."
Link: http://www.marketwatch.com/story/defcon-cybertm-joins-fireeye-cyber-security-coalition-2016-07-25
How to ensure your A.I. gets good nutrition
A.I. shouldn’t be allowed to drink wildly from a data lake where data has not been cleansed, packaged and structured for easy consumption.According to the Compliance, Governance and Oversight Counsel (CGOC), nearly 70% of the data that companies produce and collect has no business, legal or compliance value, so you must develop a way to understand and specify the scope and criteria of the data to be fed to A.I.
Which data stores and what file types.
What connections exist between the data.
Who is responsible for making the determination and for final approval?
You need to tag and classify the data to ensure that it can be properly digested.
Depending on the A.I. task, some metadata has more value than others.
If you are looking for marketing insights, you will likely value metadata drawn from EXIF files associated with images on social media sites, including geolocation, timestamps, camera type and serial numbers.
In medical settings, metadata elements including patient ID-date of birth, provenance-timestamp, and privacy-content are essential.
Finally, you must have governance capabilities built into the system to track responses to the information used and adjust the diet accordingly.
Link: http://www.cio.com/article/3098428/artificial-intelligence/how-to-ensure-your-a-i-gets-good-nutrition.html?token=%23tk.CIONLE_nlt_cio_insider_2016-07-26&idg_eid=e87b17913ba9d312d52f2efa84a73904&utm_so
Sydney IT company looking to educate about security
SYDNEY — A Sydney-based information technology company that relaunched this spring is looking to solve the data and security breaches some small- and medium-sized companies face as business grows.
Devantec IT surfaced again in April after about a three-year hiatus due to president and CEO James Mackinnon’s work on other projects.
Devantec recently announced it is offering free network assessments to companies this summer.
The company is looking to educate local businesses in the dos and don’ts of IT best practices.
Local businesses should consider their IT strategy from the outset and how it can work as efficiently as possible to ensure growth over the long-term, he said.
It could be as straight forward as a company setting a goal to grow to 50 employees and expanding to a second location, said Danielle Patterson, Devantec’s chief marketing officer.
“We want people to stop feeling scared of technology.”
Link: http://www.capebretonpost.com/News/Local/2016-07-25/article-4597848/Sydney-IT-company-looking-to-educate-about-security/1
Australia’s security software spending sees growth spurt
According to Gartner, the global security software market rose by 3.7% in 2015, while Australia recorded a 19.4% leap in spending.
Australia’s national focus on computer security should increase after the appointment of the country’s first cyber security minister.
Former diplomat Dan Tehan was announced in mid-July as minister assisting the prime minister for cyber security.
Australian organisations are also being urged to be more vigilant about information governance – so that even if cyber attackers get past the padlocks and cameras, the information available to them is tightly managed and controlled.
A new organisation, Information Governance ANZ, will be launched formally in August as a forum for Australian and New Zealand governance professionals.
Co-founder and director Susan Bennett said Australia is lagging behind the US in information governance, despite there being significant risks for organisations that choose to store every piece of computer-generated data just because it is technically possible.
Link: http://www.computerweekly.com/news/450300891/Australia-security-software-spending-growth-spurt
Juniper Networks reports lower profit
Juniper Networks Inc. on Tuesday reported an 11% decline in second quarter profit and warned challenging market conditions would continue to pressure margins.
The Sunnyvale, Calif., company said it expects operating margins to decline slightly from the 18.8% it reported last year.
Shares, down 12% this year, fell 0.9% to $24 in after-hours trading.
Over all, Juniper reported a profit of $140 million, or 36 cents a share, down from $158 million, or 40 cents a share, a year earlier.
Excluding stock-based compensation and other items, profit was 50 cents a share, compared with 53 cents a year earlier and analysts' projections of 47 cents a share.
The most recent results are based on 2.7% fewer shares outstanding.
Link: http://www.marketwatch.com/story/juniper-networks-reports-lower-profit-2016-07-26-17485198
How predictive analytics discovers a data breach before it happens
]The traditional approach to fighting cyberattacks involves gathering data about malware, data breaches, phishing campaigns, etc., and extracting relevant data into signatures, i.e. the digital fingerprint of the attack.
These signatures will then be compared against files, network traffic and emails that flow in and out of a corporate network in order to detect potential threats.
Though a very promising trend, predictive analytics has some hefty requirements when applied to cybersecurity use cases.
For one thing, the variety and volume of data involved in identifying and predicting security threats are overwhelming.
This necessitates the use of analytics solutions that can scale to the huge storage, memory and computation requirements.
“The challenges are the same, yet amplified, as those encountered when applying analytics in general,” says Lucas McLane (CISSP), Director of Security Technology at machine learning startup SparkCognition. “This is because predictive analytic processing requires a lot more computing resources (i.e.
CPU, memory, disk I/O throughput, etc.).
This is especially true when the algorithms are operating on large-scale data sets.
Predictive analytics engines need to be paired with computing resources that are designed to scale with the volume of data targeted for analysis.”
Forging alliances across industries certainly has its benefits.
As Orad explains, advanced analytics platforms such as Sisense enable cybersecurity firms to obtain “an end-to-end solution for modeling, analyzing and visualizing data, without investing vast resources into building a data warehouse as traditional tools would necessitate.”
“Predictive analytics in security provide a forecast for potential attacks — but no guarantees,” says McLane from SparkCognition.
That’s why he believes it has to be coupled with the right machine learning solution in order to be able to harness its full potential.
SparkCognition’s platform, SparkSecure, uses “cognitive pipelining,” a technique that involves the combination of machine-learning-based predictive analytics with the company’s own patented and proprietary static and dynamic natural language processing engine, called DeepNLP.
Not everyone believes that predictive analytics is the ultimate solution to deal with advanced threats.
Arijit Sengupta, CEO of business analysis company BeyondCore, suggests that we look at the problem from a different perspective.
According to Sengupta, cybersecurity challenges stem from two factors.
Firstly, the value and volume of online assets are exploding at and exponential rate.
Secondly, hackers are increasingly growing in sophistication due to their easy and inexpensive access to large compute resources through cloud computing.
Invincea’s Ghosh believes it is inevitable the security industry will need to re-tool to address an ever-changing threat. “We are making our bet on artificial intelligence is the solution to predict our adversaries’ next moves,” he says.
Link: https://techcrunch.com/2016/07/25/how-predictive-analytics-discovers-a-data-breach-before-it-happens/
3 Reasons To Buy FireEye
Though FireEye shares have gained momentum on the back of buyout speculation, investors should not ignore the company's robust long-term prospects.
The cost of data breaches is set to increase to over $2.1 trillion by 2019, representing a four-fold increase compared to the estimated cost of breaches in 2015.
The company is well-prepared to tap this opportunity by shifting its business to an "as-a-service" model, since this will help it enjoy economies of scale and enhance margins.
By enhancing economies of scale, FireEye expects product gross margin in the high-60% range and service margin in the mid-70% range for the full year.
The company is also enhancing operational efficiency by shifting toward lower-cost locations, consolidating support and SoC operations, improving purchasing efficiencies, and reducing discretionary spending.
Link: http://seekingalpha.com/article/3990991-fireeye-3-reasons-buy?auth_param=137vrm:1bpb0s2:868907aba33eb11dad51e4eed0db6dbf&uprof=45&dr=1#alt2
Trustwave opens Waterloo office, strengthens ties with Rogers Communications
Global security firm Trustwave has opened a new office in Waterloo, Ontario, announced a new wave of hiring, and added a new country manager, Michael Sims, to oversee the company’s Canadian operations.
Trustwave had previously leased an approximately 850 square metre space in Cambridge, Ontario.
Sims joined Trustwave in April 2016, after serving as Canadian Country Manager for Optiv Security, where he oversaw that company’s go-to-market strategy for managed security services and other offerings.
Link: http://www.cantechletter.com/2016/07/trustwave-opens-waterloo-office-strengthens-ties-rogers-communications/
Tenable Network Security Names Seasoned Security Leader Dave Cole as Chief Product Officer
COLUMBIA, Md.–(BUSINESS WIRE)–Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, announced today that it has hired security industry veteran Dave Cole as chief product officer, responsible for leading continued technology innovation and product excellence.
Before joining Tenable, Cole served as chief product officer at CrowdStrike, where he drove the design, development and support of the company’s cloud-based endpoint security product.
Prior to that, he led product management for Norton at Symantec.
As a seasoned product leader, Cole also held senior product positions at Foundstone and Internet Security Systems.
Link: http://www.businesswire.com/news/home/20160725005027/en/Tenable-Network-Security-Names-Seasoned-Security-Leader
Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
FREMONT, CA–(Marketwired – Jul 25, 2016) – Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced that the Attivo ThreatMatrix™ Deception and Response Platform has been enhanced to provide an organization's visibility and assessment of vulnerable attack paths that a cyber attacker would take to reach critical assets.
Attivo is empowering organizations with insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure.
Additionally, the company announced that its next generation software has enhanced its deception technology to misdirect and detect attackers seeking to begin their attack by targeting Microsoft Active Directory, which is a favored target for attackers seeking credentials for attack escalation.
The new release will also include an expansion of the ThreatMatrix Platform to support routed networks, for micro-segmented datacenters and enterprises networked across multiple locations and branch offices.
The ThreatMatrix Deception and Response Platform provides real-time threat detection and attack forensic analysis for accelerated incident response and remediation.
The platform is designed to provide early detection of cyberattacks from all threat vectors including zero-day, stolen credential, ransomware and phishing attacks that are renowned for bypassing traditional prevention systems.
The platform is aligned to Gartner's Adaptive Security Architecture of Predict, Block/Prevent, Detect and Respond (Gartner, February 2016)* and is designed for early Detection of threats, accelerated incident Response and strengthening of Prevention systems based on attack information gathered while deceiving and engaging attackers.
The company's announcement expands the ThreatMatrix Platform into the pillar of Prediction and enhances its Detection capabilities.
ThreatPath™: Provides an attack path vulnerability assessment based on likely attack paths that an attacker would have traversed through misconfigured systems or credential misuse.
Active Directory Deception and Detection: Organizations running the Microsoft Windows Server platform are susceptible to attacks where attackers exploit and gain un-authorized access to Active Directory.
Routed Network Support: ThreatMatrix BOTsink engagement servers can now engage with deceptive IP addresses and networks on routers over Layer 3 GRE tunnels, which is ideal for micro-segmented datacenters, enterprises networked across multiple locations and branch offices.
Link: http://www.marketwired.com/press-release/attivo-networks-launches-attack-path-vulnerability-assessments-continuous-threat-management-2144878.htm
Former IBM Cloud Chief Sets Sights on Hot Security Market
Lance Crosby, who co-founded SoftLayer, the cloud computing company IBM bought three years ago for about $2 billion, is finally ready to talk about StackPath, his cybersecurity startup.
It’s a well-funded effort; StackPath has $150 million in backing from Boston-based private equity fund ABRY Partners, and another $30 million from what Crosby calls “friends and family.”
– MaxCDN built a content delivery network (CDN) with 19 global points of presence, which monitor and speed up delivery of content for some 16,000 customers.
– Fireblade offers a web application firewall, to protect against malignant content.
– Staminus works to stop distributed denial of service (DDoS) attacks.
– Cloak is a virtual private network that brings secure Wi-Fi for iOS and Mac applications.
This is an ambitious undertaking.
StackPath will compete with Akamai in CDNs, Prolexic, and others in DDOS—CloudFlare, which offers CDN, DDOS and firewall capabilities, for example.
Link: http://fortune.com/2016/07/25/stackpath-ceo-on-his-startup/
Belden Industrial Cyber Security Initiative Builds Momentum
ST.
LOUIS–(BUSINESS WIRE)–Belden Inc. (NYSE: BDC), a global leader in high quality, end-to-end signal transmission solutions for mission-critical applications, today announced the achievement of four strategic milestones of its industrial cyber security initiative over the first half of 2016.
Together, these milestones demonstrate Belden’s commitment to the emerging industrial cyber security market and realization of its strategic vision for this market segment.
Key cyber security milestones include:
he Tofino Xenon Industrial Security Appliance now solves many of the most specialized energy-specific cyber and physical security challenges.
The easy-to-deploy appliance protects against malicious and unauthorized access due to system vulnerabilities, improves supervisory control and data acquisition (SCADA) system reliability, provides greater security control for industrial control system (ICS) devices, and supports more industrial protocols than any other device available, including DNP3 and IEC 104.
In response to customers’ requests for a pragmatic solution to the complexities of industrial cyber security, Belden has developed a practical three-step approach to industrial cyber security strategies.
The Belden 1-2-3 model provides industrial organizations with practical advice on developing a cyber security program that reduces risks while supporting and enhancing availability, reliability and safety.
Belden’s partnership with FireEye brings together advanced detection, targeted threat intelligence and specialized Mandiant ICS services from FireEye with an industrial cyber security portfolio that includes deep visibility; endpoint intelligence and change detection from Tripwire; secure noninvasive network segmentation from Tofino; and ruggedized industrial networking solutions from GarrettCom.
Tripwire® Configuration Compliance Manager (CCM) now monitors industrial automation environments.
It allows customers to measure the configuration security of industrial environments against ANSI/ISA-62443, a global standard for securing industrial automation systems, controllers and associated networking equipment configurations.
Tripwire CCM can now reduce cyber security risks from external attacks, as well as malicious insiders and human error.
It does this while protecting critical infrastructure reliability, uptime and safety in industrial automation and manufacturing environments.
Link: http://www.businesswire.com/news/home/20160725005741/en/Belden-Industrial-Cyber-Security-Initiative-Builds-Momentum
Imperva Named by Gartner as the Only Leader in the 2016 Magic Quadrant for Web Application Firewalls for the Third Straight Year
REDWOOD SHORES, Calif., July 25, 2016 (GLOBE NEWSWIRE) — Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today announced that it has been named the sole leader in the Gartner Magic Quadrant for Web Application Firewalls (WAF).
Imperva is unique in that it is the only vendor that has been the sole leader in a Gartner Magic Quadrant for the past three years.
Link: http://globenewswire.com/news-release/2016/07/25/858649/0/en/Imperva-Named-by-Gartner-as-the-Only