Table of Contents
- Onapsis Joins IBM Security App Exchange Community
- Above Security and Hitachi Data Systems launch information security service offering across North America to fight cybercrime
- 5nine Software Simplifies Hyper-V Network Configuration Best Practices with New Version of Manager
- Tyco Security Launches Shooter Detection System Integration
- Big Data and Data Analytics in Homeland Security and Public Safety is Forecast to Reach $11B in 2022, according to a New Research Report from Homeland Security Research Corp.
- OT and Australian Fintech Start-up Inamo Have Partnered to Introduce Inamo’s Wearable Devices and Platform into the Australian Market
- OpenVPN will be audited for security flaws
- AWS tries to protect its customers from DDoS attacks with new service
- Chinese giant Tianjin Tianhai closes $6bn Ingram Micro buyout
- Google and Slack deepen partnership in the face of Microsoft Teams
- 4 top disaster recovery packages compared
- Amazon’s Giant Data Transfer Trucks Are an IT Auditor’s Worst Nightmare
- Lisa Ropple joins Jones Day’s Boston Office
- Frost & Sullivan Acclaims FireEye’s Dominance of the Global Advanced Malware Sandbox Market
- OwlDetect scans the Dark Web for stolen data
- Cloud Security Market to Cross $10 Billion by 2021: TechSci Research Report
- Cisco Talos: Zeus spawn “Floki bot” malware gaining use, cyber-underworld notoriety
- Cisco Signs on with Privacy Shield
- Cisco whacks its Secure Access Control System
- Symmetry and Sage Solutions Consulting to Bring World Class Security and Compliance for Mission Critical SAP Environments
- LookingGlass Announces New Program for Managed Security Services Providers (MSSPs)
- Kenna Security Closes $15 Million Series B Funding
- Threat intelligence feeds are, at best, uneven in quality, says Microsoft
- SANS Announces Winners of the 2016 Difference Makers Award
- Cisco ACI Partner Ecosystem Packs a Punch – 65 Partners and Growing
- Network Security Market: Global Industry Analysis and Forecast 2016 – 2026
Onapsis Joins IBM Security App Exchange Community
BOSTON, Dec 07, 2016 (BUSINESS WIRE)—Onapsis, a global expert in business-critical application security, today announced that the Onapsis Security Platform integrates with IBM security intelligence technology to provide customers with improved visibility into their network security.
Utilizing QRadar to consolidate different sources of network security, this integration with the Onapsis Security Platform (OSP) will extend the existing visibility of QRadar, as well as security process and workflows to include results from OSP.
Leveraging QRadar’s new open application programming interfaces (API), the Onapsis Security Platform allows Onapsis and IBM customers to have extended coverage for real-time monitoring and reporting of advanced tacks targeting SAP business systems.
Link: http://www.marketwatch.com/story/onapsis-joins-ibm-security-app-exchange-community-2016-12-07
Above Security and Hitachi Data Systems launch information security service offering across North America to fight cybercrime
Montreal, QC and Santa Clara, CA – December 6, 2016 – Above Security – A Hitachi Group Company and global IT security service provider, and Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., today announced their partnership to deliver information security consulting services in North America.
The joint service is structured around a unified governance, risk and compliance (GRC) framework that reflects a human approach.
Based on their combined security service capabilities, Above Security and Hitachi Data Systems tackle security issues through deeply collaborative partnerships with their customers, rather than quick-fix technology solutions that can overwhelm and confuse corporate IT teams.
Security experts from Above Security and Hitachi Data Systems work with companies to learn how they operate and how much risk they can tolerate.
Using industry-leading control frameworks such as ISO and NIST, the team then assesses control maturity and gaps.
Based on the results, Above Security and Hitachi Data Systems provide services to defend against cybercrime and data theft, including security program reviews and designs, IT security governance consulting, risk and control assessments, PCI compliance consulting, vulnerability and application assessments and penetration testing.
Link: http://www.channelpronetwork.com/news/above-security-and-hitachi-data-systems-launch-information-security-service-offering-across
5nine Software Simplifies Hyper-V Network Configuration Best Practices with New Version of Manager
5nine Software, a Microsoft Gold Partner and the leading provider of Hyper-V security and management solutions, today released 5nine Manager v9.3.
5nine Manager is a centralized, GUI-based management and monitoring solution for Microsoft Hyper-V, including Server Core and Nano Server.
Its easy-to-use interface, powerful feature set and lightweight implementation simplify the process of managing and configuring virtualized environments.
The latest version of 5nine Manager introduces the ability to create and manage Hyper-V Converged Fabric from its easy-to-use console, enabling administrators without PowerShell expertise to take advantage of this functionality.
Now administrators can create virtual network interface cards (vNICs), with the ability to configure bandwidth minimums, maximums and weights for Converged Fabric.
They can also see a list of the host’s physical adapters and their status.
Link: http://www.sfgate.com/business/press-releases/article/5nine-Software-Simplifies-Hyper-V-Network-10779844.php
Tyco Security Launches Shooter Detection System Integration
WESTFORD, Mass. — Tyco Security Products announced that Software House C•CURE 9000 now integrates with Guardian Indoor Active Shooter Detection System by Shooter Detection Systems.
The Guardian Indoor Active Shooter Detection System combines an acoustic gunshot identification software with infrared camera gunfire flash detection.
Link: http://www.securitysales.com/article/tyco_security_launches_shooter_detection_system_integration
Big Data and Data Analytics in Homeland Security and Public Safety is Forecast to Reach $11B in 2022, according to a New Research Report from Homeland Security Research Corp.
The use of Big Data and Data Analytics by Homeland Security and Public Safety organizations is on the rise, mostly because the world is becoming more digital and connected.
This trend is creating new opportunities, not only for data collection and storage, but also for intelligence processing, exploitation, dissemination, and analysis.
Big Data and Data Analytics technologies can increase the investigative capabilities of Homeland Security and Public Safety organizations in many relevant aspects, including: war on crime & terror, defense from cyber-attacks, public safety, disaster and mass incident management, and development of predictive capabilities.
Link: http://www.einpresswire.com/article/357065809/big-data-and-data-analytics-in-homeland-security-and-public-safety-is-forecast-to-reach-11b-in-2022-according-to-a-new-research-report-from-homeland
OT and Australian Fintech Start-up Inamo Have Partnered to Introduce Inamo’s Wearable Devices and Platform into the Australian Market
COLOMBES, France, Dec 08, 2016 (BUSINESS WIRE)—OT (Oberthur Technologies), a leading global provider of embedded security software products, services and solutions, has today signed an agreement to provide its digital payment enablement technology to Inamo’s wearable solutions, starting with the CURL which is being launched in Australia today.
The CURL is a multi-functional wearable that will initially enable consumers to make payments by simply tapping their device to any point of sale terminal where Visa payWave is accepted.
The action would be the same as with a credit or debit card.
What makes this different from smart phones, smart watches and other wearables is that the CURL is rugged, waterproof and will not need any power to facilitate payment.
So there would be no fears of bringing it for water sports or of low battery conditions preventing payment when it is most needed.
In addition to contactless payments, over the next 18 months the CURL will also be available to use for payment on public transport, building access, ticketing for festivals, and gym membership.
In effect this can combine the functions of multiple products into one multi-purpose wearable device and continues the trend of device / technology convergence.
Under the terms of the agreement, Inamo will provide a full consumer solution which will leverage its own platform and OT’s next generation digital payment enablement solution.
The CURL will be sold for $19.99, plus an account keeping fee of $5 per month.
An initial, limited allotment of the product will be available in January; pre-orders can be made via Inamo’s website at www.inamo.com.
Link: http://www.marketwatch.com/story/ot-and-australian-fintech-start-up-inamo-have-partnered-to-introduce-inamos-wearable-devices-and-platform-into-the-australian-market-2016-12-08
OpenVPN will be audited for security flaws
Lucian Constantin
The next major version of OpenVPN, one of the most widely used virtual private networking technologies, will be audited by a well-known cryptography expert.
The audit will be fully funded by Private Internet Access (PIA), a popular VPN service provider that uses OpenVPN for its business.
The company has contracted cryptography engineering expert Matthew Green, a professor at Johns Hopkins University in Baltimore, to carry out the evaluation with the goal of identifying any vulnerabilities in the code.
The audit will be fully funded by Private Internet Access (PIA), a popular VPN service provider that uses OpenVPN for its business.
The company has contracted cryptography engineering expert Matthew Green, a professor at Johns Hopkins University in Baltimore, to carry out the evaluation with the goal of identifying any vulnerabilities in the code.
Link: http://www.itnews.com/article/3148316/security/openvpn-will-be-audited-for-security-flaws.html?idg_eid=98c39854eed91988bc1642a456a668a1&token=%23tk.ITN_nlt_ITnews_Daily_2016-12-08&utm_source=Sailthru&
AWS tries to protect its customers from DDoS attacks with new service
Blair Hanley Frank
Amazon Web Services is trying to help protect its customers with a new service aimed at mitigating DDoS impacts.
It’s called Shield, and the free entry-level tier is enabled by default for all web applications running on AWS, starting on Wednesday.
Werner Vogels, the CTO of Amazon.com, unveiled the service at AWS’ re:Invent conference in Las Vegas.
Automatically protecting its customers may help encourage businesses to pick Amazon’s cloud over others, or persuade businesses to migrate their web applications to the cloud.
It’s also a strike against companies like Cloudflare and Akamai, which offer DDoS mitigation services.
Shield Standard is aimed at protecting web apps from the overwhelming majority of common DDoS attacks at no extra cost. (Vogels also said that it would block volumetric attacks like NTP reflection attacks, and many state exhaustion attacks.)
Link: http://www.computerworld.com/article/3145661/cloud-computing/aws-tries-to-protect-its-customers-from-ddos-attacks-with-new-service.html?idg_eid=d5d8326c323742a4ed7bf4fd3dac54c4&token=%23tk.CTWNLE_nlt_
Chinese giant Tianjin Tianhai closes $6bn Ingram Micro buyout
DH Kass
Ingram Micro has completed its $6bn sale to HNA’s Tianjin Tianhai, the companies announced today.
The deal, which amounts to $38.90 per share in an all-cash transaction, produced an executive shuffle and the disbanding of Ingram’s board in favor of an entirely new board, comprised of a mixture of the distributor’s and HNA’s top execs and two independent directors.
According to an 8-K filing, Ingram Micro CFO William Humes, along with general counsel Larry Boyd will exit the distributor on 16 December, following the earlier departure of Paul Read, Ingram Micro’s former president and COO.
Both Humes and Boyd will serve as new board members.
The Ingram execs will be joined on the board by HNA vice chairman and CEO Adam Tan, who will serve as board chair, Alain Monié, Ingram CEO, Bharat Bhise, president and CEO of Bravia Capital, Dale Laurance, former chairman of Ingram’s board, and Jim McGovern, former under secretary and acting secretary of the US Air Force.
Link: http://www.channelnomics.eu/channelnomics-eu/news/3000807/chinese-giant-tianjin-tianhai-closes-usd6bn-ingram-micro-buyout?utm_medium=email&utm_campaign=CRN.Daily_RL.EU.A.U&utm_source=CRN.DCM.Editors_U
Google and Slack deepen partnership in the face of Microsoft Teams
Blair Hanley Frank
Wednesday saw the announcement of several new features aimed at making G Suite, Google’s set of productivity software and services, more useful to people who use Slack.
The functionality resulting from the partnership will make it easier to share and work on files stored in Google Drive using Slack.
In a thoroughly modern turn, Google is building a Drive Bot, which will inform users about changes to a file, and let them approve, reject and settle comments in Slack, rather than opening Google Docs.
It goes along with Slack’s continuing embrace of bots as a key part of the chat service’s vision of productivity.
Link: http://www.computerworld.com/article/3147881/enterprise-applications/google-and-slack-deepen-partnership-in-the-face-of-microsoft-teams.html?idg_eid=d5d8326c323742a4ed7bf4fd3dac54c4&token=%23tk.CTWNLE
4 top disaster recovery packages compared
Four of the top disaster-recovery (DR) software suites are Veeam Backup, Altaro VM Backup, Zerto Virtual Replication and VMware’s Site Recovery Manager (SRM), according to reviews written by users in the IT Central Station community.
There’s arguably no more important IT task than making sure business systems and data can be restored after a disaster.
So we asked system administrators to identify the best features—and what’s missing—in four leading software suites for disaster recovery.
Link: http://www.computerworld.com/article/3147340/disaster-recovery/4-top-disaster-recovery-packages-compared.html?idg_eid=d5d8326c323742a4ed7bf4fd3dac54c4&token=%23tk.CTWNLE_nlt_computerworld_dailynews_20
Amazon’s Giant Data Transfer Trucks Are an IT Auditor’s Worst Nightmare
Megan Lewczyk
What about when you run out of digital storage space.
Or, on a larger scale, your company decides to ditch the cost and maintenance required for their in-house data center.
Same logic.
Once again, rent a truck and move the crap you can’t bear to (or legally can’t) part with off-site.
I don’t know why the “rent a truck” concept seems so revolutionary.
Maybe it’s the melodramatic music and flashing lights?
As with any precious cargo out for a spin, you worry about its safety.
The suggested internal controls for data transfer still apply.
To refresh your memory, ISACA Journal describes the key control objectives for data transfer:
Security of data being transferred is a critical component of the risk associated with data transfers.
The primary objective here is to ensure that the data intended to be extracted from the originating system are exactly the same data as that recorded/ downloaded in the recipient system, i.e., that the data were protected and secured throughout the transfer process.
The secondary objective is to prevent unauthorized access to the data via interception, malicious activities and other means.
So, what does happen if the truck is commandeered.
It’s still vulnerable even if it isn’t exposed to a network during transport.
A data breach would be a gigantic headache for not only the company with the now compromised data but Amazon too.
Better safe, than sorry.
Snowmobile uses multiple layers of security designed to protect your data including dedicated security personnel, GPS tracking, alarm monitoring, 24/7 video surveillance, and an optional escort security vehicle while in transit.
All data is encrypted with 256-bit encryption keys managed through the AWS Key Management Service (KMS) and designed to ensure both security and full chain-of-custody of your data.
Let’s just hope everything goes according to plan and businesses dodge any run-ins with data theft or cyber extortion.
Link: http://goingconcern.com/post/amazons-giant-data-transfer-trucks-are-it-auditors-worst-nightmare
Lisa Ropple joins Jones Day’s Boston Office
The global law firm Jones Day has announced that Lisa M.
Ropple has joined the Firm’s Boston Office as a partner in its Cybersecurity, Privacy & Data Protection and Government Regulation practices.
At Jones Day, Ms.
Ropple will continue to assist client companies in investigating and responding to data security incidents and addressing the wide range of legal challenges they can present.
Link: http://www.metrocorpcounsel.com/news/34458/lisa-ropple-joins-jones-days-boston-office
Frost & Sullivan Acclaims FireEye’s Dominance of the Global Advanced Malware Sandbox Market
MOUNTAIN VIEW, Calif., Dec. 7, 2016 /PRNewswire/—Based on its recent analysis of the advanced malware sandbox market, Frost & Sullivan recognizes FireEye with its 2016 Global Market Leadership Award.
As a pioneer of the advanced malware sandbox as a critical enterprise security solution, FireEye leveraged its first-mover advantage to claim 56% of global revenue in 2015, propelling the company’s revenue to $623.0 million for 2015, which is a year-on-year increase of 46%.
Its market dominance is largely due to the quality of its Threat Management Platform, which is a complete portfolio of advanced threat protection products.
Link: http://www.prnewswire.com/news-releases/frost—sullivan-acclaims-fireeyes-dominance-of-the-global-advanced-malware-sandbox-market-300374111.html
OwlDetect scans the Dark Web for stolen data
OwlDetect gives you the power to scan the ‘Dark Web’ – the anonymous collection of encrypted websites most commonly used for illegal trading – for almost any piece of personal data that might have been leaked or stolen during a cyber-attack.
This includes email addresses, debit or credit cards, bank details and even passport numbers.
Available as a subscription service, OwlDetect costs just £3.50 per month.
First-time users will be provided with a backdated check for their information, followed by ongoing alerts if any of their personal details are found to be compromised online.
The service will also offer vital advice on the steps users should take to resolve any issues found, and how to be better protected in future.
Link: https://www.finextra.com/pressarticle/67355/owldetect-scans-the-dark-web-for-stolen-data
Cloud Security Market to Cross $10 Billion by 2021: TechSci Research Report
According to TechSci Research report, “Global Cloud Security Market By Service Type, By Deployment Mode, By End User, By Region, Competition Forecast and Opportunities, 2011 – 2021”, global cloud security market is projected to cross $10 Billion by 2021, on account of increasing adoption of cloud computing, rising demand for managed security services, increasing smartphone user base and growing number of data breach incidents.
Further, number of internet users across the globe stood at 3.14 billion in 2015 and this is estimated to reach 3.29 billion by 2016.
This has fueled need for virtual storage infrastructure such as cloud.
Moreover, in 2015, number of smartphone users across the globe stood at 1.89 billion and is estimated to reach 2.12 billion by 2016.
IT & telecom witnessed an increase in the number of cyber attacks and data breaches incidents aimed at gaining access to financial data, identity theft, etc.
Due to such instances IT & telecom companies across the globe are focusing on adoption of cloud security services.
Additionally, growing e-commerce industry, emergence of various e-commerce mobile applications and growing tie-ups of various advertising companies, etc., is increasing data security breaches.
Further, growth in ecommerce sector is generating large volumes of data and this is fueling use of cloud infrastructure for storage of this data.
Thus, retail companies are adopting cloud security solutions to safeguard data from hackers and this is projected to propel demand for cloud security solutions from various end user industries across the globe during the forecast period.
Link: http://www.prnewswire.com/news-releases/cloud-security-market-to-cross-10-billion-by-2021-techsci-research-report-605231166.html
Cisco Talos: Zeus spawn “Floki bot” malware gaining use, cyber-underworld notoriety
Michael Cooney
Cisco’s Talos security group this week warned that a variant of trojan monster Zeus has begun to garner a following in the cyber-underworld as a hard-to-detect attack mechanism.
“[Floki bot] is based on the same codebase that was used by the infamous Zeus trojan, the source code of which was leaked in 2011.
Rather than simply copying the features that were present within the Zeus trojan ‘as-is’, Floki Bot claims to feature several new capabilities making it an attractive tool for criminals,” Talos wrote.
Link: http://www.networkworld.com/article/3148785/security/cisco-talos-zeus-spawn-floki-bot-malware-gaining-use-cyber-underworld-notoriety.html
Cisco Signs on with Privacy Shield
Michelle Dennedy
Cisco supports protecting and enabling the international flow of personal data that furthers a progressive economy.
To that end, we received official word that we are loud, proud, and on the list for the Privacy Shield – the voluntary, self-certification framework for EU-US data transfer.
Why is Cisco participating.
Isn’t Privacy Shield being challenged along with the rest of the data transfer mechanisms.
Although there have been challenges testing the effectiveness of our transatlantic partnership, we have seen that data privacy matters to Cisco employees and customers.
Privacy is the authorized processing of personally identifiable information according to moral, legal, ethical, and sustainable fair principles.
Privacy Shield provides EU-like data protection for personal data processed in the United States.
Complying with Privacy Shield signals that Cisco takes privacy concerns very seriously, because it is the right thing to do for individuals and businesses.
Ultimately, it drives trust in business and confidence with regulators and citizens alike, which is good for Cisco and our customers.
So, we signed up and will keep striving to make our products and processes even better every day.
Link: http://blogs.cisco.com/security/cisco-signs-on-with-privacy-shield
Cisco whacks its Secure Access Control System
Michael Cooney
Cisco this week this week announced the death of its Secure Access Control System – a package customers use to manage access to network resources.
Cisco said the last day customers can order the system is August 30, 2017.
For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers’ service contract the company said.
The last date that Cisco Engineering will release any final software maintenance releases or bug fixes is Aug. 30, 2018.
After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software, the company said.
“The Cisco Secure Access Control System (ACS) product functionality has been implemented in the Cisco Identity Services Engine (ISE) product line.
Customers with only Access Control System installations interested in migrating to ISE may purchase a migration bundle with product part number ACS-ISE-MIG-M or ACS-ISE-MIG-S, on sale until August 31, 2017.
Customers who have maintained parallel installations of both ACS and ISE are able to simplify their security solution by using the functionality of their ISE installment.
Customers with both ACS and ISE installations are not eligible for the migration bundles,” Cisco wrote in an announcement of the product’s end of life.
Link: http://www.networkworld.com/article/3147842/cisco-subnet/cisco-whacks-its-secure-access-control-system.html
Symmetry and Sage Solutions Consulting to Bring World Class Security and Compliance for Mission Critical SAP Environments
JACKSONVILLE, FL and MILWAUKEE, WI—(Marketwired – Dec 7, 2016) – Responding to continued market demand for comprehensive SAP security and audit readiness services, Sage Solutions Consulting, an SAP c