[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
dit: 1348 (http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=49c4028691&e=20056c7556)
\n————————————————————<\/p>\n
Threat Intelligence Platforms \u2013 A short briefing
\nThreat intelligence is an emerging commercial search that provides a security operations team with the ability to ingest threat feeds from multiple sources.
\nThis is supposed to be \u201cthe year of threat intelligence\u201d but many organizations are frustrated that they cannot turn this valuable source of data into trusted actionable intelligence.
\nMany threat feeds provide limited information as to why they have been marked as potentially dangerous.
\nGiven that one of the key mantras for the security industry is \u201cTrust but verify\u201d, many security teams are worried about blindly trusting that an IP address or URL is bad, just because somebody else thinks it is.
\nI\u2019m not going to give an assessment of the individual vendors but there have been some early pure threat intelligence platform market place builders.
\nOthers are new and others are trying to evolve their platforms to become a threat intelligence platform.
\nThey include BAE, Palantir, Sqrrl, and Threat Connect, ThreatQuotient, and ThreatStream.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c1c594415c&e=20056c7556<\/p>\n
Skycure Report Finds Mobile Threats Lurking Around Every Corner, with Two in Every 100 Devices Already Compromised and More than 40 Percent at Medium to High Risk
\nPalo Alto, Calif. \u2014 October 30, 2015 \u2014 On the eve of Halloween,Skycure, the leader in mobile threat defense, announced the results of its first Mobile Threat Intelligence Report, which found an increase in threats to both enterprise and personal mobile devices.
\nBy analyzing worldwide mobile data from Skycure and outside sources, the report found 41 percent of mobile devices are at medium to high risk on the Skycure risk scale.
\nNearly two in every hundred are high risk devices\u2013already compromised or were under attack.
\nSkycure ranks devices according to a proprietary Mobile Threat Risk Score, which takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.
\nRisks increase over time, according to the study.
\nIn one month, about 22 percent of devices will encounter network threat, with that number jumping to 40 percent over the following three months.
\nThe majority of devices are not equipped to fight these threats.
\nThe report reviewed data from devices with Skycure either installed by enterprises on employees\u2019 mobile devices or by security-aware consumers.
\nDespite these protections, the report found that the majority (over 52 percent) of all devices do not even have a simple passcode enabled, and 30 percent of devices were running an out of date operating system.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d97eef0233&e=20056c7556<\/p>\n
Why software can never replace the human security analyst
\nAs an industry we have at our disposal a plethora of cyber-domain-specific and generic computer science approaches to automate or semi-automate data and information processing.
\nThe purpose of this automation is to aid in the discovery, analysis and ultimate production of threat intelligence.
\nSystems for the automated collection, processing, and storage of data that is big or small and may be either generic (network traffic collection) or problem-specific (e.g. malware analysis) in nature; basic patterns, such as regular expressions to identify data that is or is not of interest; statistical or probability algorithms, to identify things which are or are not similar; machine learning algorithms, to provide statistical classification around what is or is not normal or expected; and natural language processing of human-produced text, to extract sentiment, intent, purpose, target, or topic.
\nIn threat intelligence there is a confidence scale that goes from the fully qualified (‘this is the threat to your organization because of xyz facts which are supported by def with this level of certainty’) through to the unqualified (‘we cannot say this is a threat or not at this time because of abc unknowns or contradictions’), with varying degrees of confidence, caveats and assertions in between.
\nUnlike today\u2019s algorithms or childlike artificial intelligence, an adult human has an amazing ability for logical thought, challenging assumptions, explanation, and justification.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d2f8f5f258&e=20056c7556<\/p>\n
Three lessons to take away from Intel\u2019s Focus 15 security conference
\nIntel\u2019s Focus 15 security conference at the beautiful Palazzo Hotel in Las Vegas has come to a close, rounding off two days of keynotes, interviews and breakout sessions (mixed with an obligatory visit to the Blackjack table).
\nGrey clouds ahead
\n=================
\nCloud computing has been a hugely hyped technology that has the potential to improve business processes for SMBs and enterprises alike in so many ways.
\nMix it in with the Internet of Things (that other much publicised trend) and the possibilities are endless, but with these opportunities also come some serious threats.
\nI predict a riot
\n================
\nOne of the things Chris Young, Intel\u2019s senior vice president and general manager and Brian Dye, Intel\u2019s head of products, spoke about during Tuesday\u2019s keynote was the key role that analytics can play in predicting cyber attacks before they happen.
\nSecurity skills wanted, apply within
\n====================================
\nThere has been plenty of talk around the growing digital skills gap and, in the security industry specifically, this is now more prevalent than ever.
\nThe talent shortage was mentioned on multiple occasions during the keynote by several different Intel executives, as well as Docusign chief information security officer Vanessa Pegueros, which is a real worry seeing as the hackers don\u2019t appear to be slowing down
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=372f558512&e=20056c7556<\/p>\n
Bank of England and US authorities to simulate cyber-attack
\nThe biggest banks in the UK and US will face a simulated major cyber-attack from the Bank of England and its US counterparts this month, as officials probe the industry\u2019s ability to withstand assaults from hackers looking to steal data or cripple the financial sector.
\nThe simulation, dubbed Operation Resilient Shield, is the most sophisticated test of communications and co-ordination yet, following the Waking Shark series of trials run in recent years.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2a191acb43&e=20056c7556<\/p>\n
Machine Learning Is Cybersecurity\u2019s Latest Pipe Dream
\nCan machine learning help.
\nCan an algorithm reliably find the needles and give us the confidence to discard the haystack of data that represents normal activity.
\nIt\u2019s an appealing idea.
\nWe\u2019ve all experienced the power of ML systems in Google search, the recommendation engines of Amazon and Netflix, and the powerful spam-filtering capabilities of Web mail providers.
\nFormer Symantec CTO Amit Mital once said that ML offers of the \u201cfew beacons of hope in this mess.\u201d
\nt\u2019s important to remember there is no silver bullet in security, and there\u2019s no evidence at all that these tools help.
\nML is good at finding similarities between things (such as spam emails), but it\u2019s not so good at finding anomalies.
\nIn fact, any discussion of anomalous behavior presumes that it is possible to describe normal behavior.
\nUnfortunately, decades of research confirm that human activity, application behavior, and network traffic are all heavily auto-correlated, making it hard to understand what activity is normal.
\nThis gives malicious actors plenty of opportunity to \u201chide in plain sight\u201d and even an opportunity to train the system that malicious activity is normal.
\nCybersecurity is a domain where human expertise will always be needed to pick through the subtle differences between anomalies.
\nRather than waste money on the unproven promises of ML and AI-based security technologies, I recommend that you invest in your experts, and in tools that enhance their ability to quickly search for and identify components of a new attack.
\nIn the context of endpoint security, an emerging category of tools that Gartner calls \u201cEndpoint Detection & Response\u201d plays an important role in equipping the security team with real-time insight into indicators of compromise on the endpoint.
\nHere, both continuous monitoring and real-time search are key.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=62ea39155b&e=20056c7556<\/p>\n
7 Tips for Conducting Effective Cybersecurity Due Diligence in M&A Transactions
\n1. Start Early
\n2. Tailor Diligence
\n3. Assess Awareness
\n4. Ask the Experts
\n5. Ensure Payment Card Industry Compliance
\n6. Consider Other Risks
\n7. Consider Cyber Insurance
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=342ca692ce&e=20056c7556<\/p>\n
Hacking Team offers encryption breaking tools to law enforcement
\nMere months after having more than 400 GB of confidential information stolen from its servers, spyware vendor Hacking Team has announced that it has resumed operations with a suite of digital tools to help law enforcement agencies get around pesky device encryption technology.
\nIn an email pitch sent to existing and potential new customers earlier this month, Hacking Team CEO David Vincenzetti, touted the company’s “brand new and totally unprecedented cyber investigation solutions.” The company has also been reportedly working on a revamped 10th edition of its proprietary Remote Control System, which constitutes the core of its software suite.
\nThere is no word, however, as to when RCS 10 will be made available.
\nIt also remains to be seen as to which, if any, law enforcement agencies will take Hacking Team up on its offer, given the company’s recent security debacle.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7d6589109c&e=20056c7556<\/p>\n
Cyber Security Vulnerability: New Report Shows Only a Tiny Fraction of Bank CEOs Have Tech Experience
\nA new report by the Coin Telegraph exposed a bothersome reality: only 3% of global bank CEOs have tech experience.
\nA mere 6% of board directors also have previous experience in this industry.
\nAlso, 43% or about two fifths of global banks have zero board members.
\nThe percentages were taken from a survey that included 109 major banks across the world.
\nA new report by the Coin Telegraph exposed a bothersome reality: only 3% of global bank CEOs have tech experience.
\nA mere 6% of board directors also have previous experience in this industry.
\nAlso, 43% or about two fifths of global banks have zero board members.
\nThe percentages were taken from a survey that included 109 major banks across the world.
\nIf banks are to survive all the technological changes happening around them, some innovation must be implemented.
\nThe world is quickly moving to a future where cash will cease to exist and IT solutions will be the standard.
\nLumb advises that banks quickly adopt tech committees that have a board member in them.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b8ec7938c6&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=41f1ed922f)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage2.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: dit: 1348 (http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=49c4028691&e=20056c7556) ———————————————————— Threat Intelligence Platforms \u2013 A short briefing Threat intelligence is an emerging commercial search that provides a security operations team with the ability to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1164","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1164"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1164\/revisions"}],"predecessor-version":[{"id":3651,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1164\/revisions\/3651"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}