[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
dit: 1348 (http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=49c4028691&e=20056c7556)
————————————————————
Threat Intelligence Platforms – A short briefing
Threat intelligence is an emerging commercial search that provides a security operations team with the ability to ingest threat feeds from multiple sources.
This is supposed to be “the year of threat intelligence” but many organizations are frustrated that they cannot turn this valuable source of data into trusted actionable intelligence.
Many threat feeds provide limited information as to why they have been marked as potentially dangerous.
Given that one of the key mantras for the security industry is “Trust but verify”, many security teams are worried about blindly trusting that an IP address or URL is bad, just because somebody else thinks it is.
I’m not going to give an assessment of the individual vendors but there have been some early pure threat intelligence platform market place builders.
Others are new and others are trying to evolve their platforms to become a threat intelligence platform.
They include BAE, Palantir, Sqrrl, and Threat Connect, ThreatQuotient, and ThreatStream.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c1c594415c&e=20056c7556
Skycure Report Finds Mobile Threats Lurking Around Every Corner, with Two in Every 100 Devices Already Compromised and More than 40 Percent at Medium to High Risk
Palo Alto, Calif. — October 30, 2015 — On the eve of Halloween,Skycure, the leader in mobile threat defense, announced the results of its first Mobile Threat Intelligence Report, which found an increase in threats to both enterprise and personal mobile devices.
By analyzing worldwide mobile data from Skycure and outside sources, the report found 41 percent of mobile devices are at medium to high risk on the Skycure risk scale.
Nearly two in every hundred are high risk devices–already compromised or were under attack.
Skycure ranks devices according to a proprietary Mobile Threat Risk Score, which takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.
Risks increase over time, according to the study.
In one month, about 22 percent of devices will encounter network threat, with that number jumping to 40 percent over the following three months.
The majority of devices are not equipped to fight these threats.
The report reviewed data from devices with Skycure either installed by enterprises on employees’ mobile devices or by security-aware consumers.
Despite these protections, the report found that the majority (over 52 percent) of all devices do not even have a simple passcode enabled, and 30 percent of devices were running an out of date operating system.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d97eef0233&e=20056c7556
Why software can never replace the human security analyst
As an industry we have at our disposal a plethora of cyber-domain-specific and generic computer science approaches to automate or semi-automate data and information processing.
The purpose of this automation is to aid in the discovery, analysis and ultimate production of threat intelligence.
Systems for the automated collection, processing, and storage of data that is big or small and may be either generic (network traffic collection) or problem-specific (e.g. malware analysis) in nature; basic patterns, such as regular expressions to identify data that is or is not of interest; statistical or probability algorithms, to identify things which are or are not similar; machine learning algorithms, to provide statistical classification around what is or is not normal or expected; and natural language processing of human-produced text, to extract sentiment, intent, purpose, target, or topic.
In threat intelligence there is a confidence scale that goes from the fully qualified (‘this is the threat to your organization because of xyz facts which are supported by def with this level of certainty’) through to the unqualified (‘we cannot say this is a threat or not at this time because of abc unknowns or contradictions’), with varying degrees of confidence, caveats and assertions in between.
Unlike today’s algorithms or childlike artificial intelligence, an adult human has an amazing ability for logical thought, challenging assumptions, explanation, and justification.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d2f8f5f258&e=20056c7556
Three lessons to take away from Intel’s Focus 15 security conference
Intel’s Focus 15 security conference at the beautiful Palazzo Hotel in Las Vegas has come to a close, rounding off two days of keynotes, interviews and breakout sessions (mixed with an obligatory visit to the Blackjack table).
Grey clouds ahead
=================
Cloud computing has been a hugely hyped technology that has the potential to improve business processes for SMBs and enterprises alike in so many ways.
Mix it in with the Internet of Things (that other much publicised trend) and the possibilities are endless, but with these opportunities also come some serious threats.
I predict a riot
================
One of the things Chris Young, Intel’s senior vice president and general manager and Brian Dye, Intel’s head of products, spoke about during Tuesday’s keynote was the key role that analytics can play in predicting cyber attacks before they happen.
Security skills wanted, apply within
====================================
There has been plenty of talk around the growing digital skills gap and, in the security industry specifically, this is now more prevalent than ever.
The talent shortage was mentioned on multiple occasions during the keynote by several different Intel executives, as well as Docusign chief information security officer Vanessa Pegueros, which is a real worry seeing as the hackers don’t appear to be slowing down
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=372f558512&e=20056c7556
Bank of England and US authorities to simulate cyber-attack
The biggest banks in the UK and US will face a simulated major cyber-attack from the Bank of England and its US counterparts this month, as officials probe the industry’s ability to withstand assaults from hackers looking to steal data or cripple the financial sector.
The simulation, dubbed Operation Resilient Shield, is the most sophisticated test of communications and co-ordination yet, following the Waking Shark series of trials run in recent years.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2a191acb43&e=20056c7556
Machine Learning Is Cybersecurity’s Latest Pipe Dream
Can machine learning help.
Can an algorithm reliably find the needles and give us the confidence to discard the haystack of data that represents normal activity.
It’s an appealing idea.
We’ve all experienced the power of ML systems in Google search, the recommendation engines of Amazon and Netflix, and the powerful spam-filtering capabilities of Web mail providers.
Former Symantec CTO Amit Mital once said that ML offers of the “few beacons of hope in this mess.”
t’s important to remember there is no silver bullet in security, and there’s no evidence at all that these tools help.
ML is good at finding similarities between things (such as spam emails), but it’s not so good at finding anomalies.
In fact, any discussion of anomalous behavior presumes that it is possible to describe normal behavior.
Unfortunately, decades of research confirm that human activity, application behavior, and network traffic are all heavily auto-correlated, making it hard to understand what activity is normal.
This gives malicious actors plenty of opportunity to “hide in plain sight” and even an opportunity to train the system that malicious activity is normal.
Cybersecurity is a domain where human expertise will always be needed to pick through the subtle differences between anomalies.
Rather than waste money on the unproven promises of ML and AI-based security technologies, I recommend that you invest in your experts, and in tools that enhance their ability to quickly search for and identify components of a new attack.
In the context of endpoint security, an emerging category of tools that Gartner calls “Endpoint Detection & Response” plays an important role in equipping the security team with real-time insight into indicators of compromise on the endpoint.
Here, both continuous monitoring and real-time search are key.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=62ea39155b&e=20056c7556
7 Tips for Conducting Effective Cybersecurity Due Diligence in M&A Transactions
1. Start Early
2. Tailor Diligence
3. Assess Awareness
4. Ask the Experts
5. Ensure Payment Card Industry Compliance
6. Consider Other Risks
7. Consider Cyber Insurance
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=342ca692ce&e=20056c7556
Hacking Team offers encryption breaking tools to law enforcement
Mere months after having more than 400 GB of confidential information stolen from its servers, spyware vendor Hacking Team has announced that it has resumed operations with a suite of digital tools to help law enforcement agencies get around pesky device encryption technology.
In an email pitch sent to existing and potential new customers earlier this month, Hacking Team CEO David Vincenzetti, touted the company’s “brand new and totally unprecedented cyber investigation solutions.” The company has also been reportedly working on a revamped 10th edition of its proprietary Remote Control System, which constitutes the core of its software suite.
There is no word, however, as to when RCS 10 will be made available.
It also remains to be seen as to which, if any, law enforcement agencies will take Hacking Team up on its offer, given the company’s recent security debacle.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7d6589109c&e=20056c7556
Cyber Security Vulnerability: New Report Shows Only a Tiny Fraction of Bank CEOs Have Tech Experience
A new report by the Coin Telegraph exposed a bothersome reality: only 3% of global bank CEOs have tech experience.
A mere 6% of board directors also have previous experience in this industry.
Also, 43% or about two fifths of global banks have zero board members.
The percentages were taken from a survey that included 109 major banks across the world.
A new report by the Coin Telegraph exposed a bothersome reality: only 3% of global bank CEOs have tech experience.
A mere 6% of board directors also have previous experience in this industry.
Also, 43% or about two fifths of global banks have zero board members.
The percentages were taken from a survey that included 109 major banks across the world.
If banks are to survive all the technological changes happening around them, some innovation must be implemented.
The world is quickly moving to a future where cash will cease to exist and IT solutions will be the standard.
Lumb advises that banks quickly adopt tech committees that have a board member in them.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b8ec7938c6&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=41f1ed922f)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)