Saturday, June 30, 2018
Friday, June 29, 2018
Earther The First Awful Heat Wave of the Summer Is Here | The A.V.
Earther The First Awful Heat Wave of the Summer Is Here | The A.V. Club Drake comes clean about his son on the sprawling new Scorpion | The Takeout Woman sues buffet for $1 million after developing “fried rice syndrome” |
from Lifehacker https://ift.tt/2N81K86
Earther These Would Be the Worst Supreme Court Nominees For the Environment | The A.V.
Earther These Would Be the Worst Supreme Court Nominees For the Environment | The A.V. Club Confetti flies and butterflies fall on a fatal RuPaul’s Drag Race finale | The Takeout Ask The Salty Waitress: Should I tip my barista for a cup of coffee? |
from Lifehacker https://ift.tt/2IGJm2Y
How to improve software vulnerability disclosure in Europe
As software gets embedded in more and more things we use every day, the problem of software vulnerability reporting and patching rises in importance. Unfortunately, only a few European countries have put vulnerability disclosure processes in place.
CEPS, a think tank and forum for debate on EU affairs, has delved in the problematics, listened to industry experts, academics, representatives of EU and international institutions and civil society, and has come up with recommendations on how to improve software vulnerability disclosure in Europe.
The think tank’s extensive report can be reviewed here, but the gist of it is as follows: there needs to be legal clarity regarding software vulnerability discovery and disclosure, an effective policy framework for implementing coordinated vulnerability disclosure in Europe, and government disclosure decision processes have to be set up.
CEPS’ recommendations
“Researchers involved in vulnerability discovery are often exposed to criminal or civil liability. The legal liability and responsibilities of security researchers should be fully clarified to enable them to continue their work without fear of prosecution,” the authors of the report advise. Incentives (whether monetary or not) for security researchers should also be offered.
“Amend Directive 2013/40/EU on attacks against information systems (the EU cybercrime Directive) to allow the smooth and rapid development of coordinated vulnerability disclosure (CVD). In transposing the NIS Directive, particularly its Article 14, member states may explicitly consider including CVD as one of the technical and organisational measures,” they added.
And, if the Cybersecurity Act proposed in October 2017 is passed, the European Network and Information Security Agency (ENISA) will be able to contribute to the development of CVD in the EU, the authors noted.
The agency can help write EU-wide guidelines for the reporting process, set up a web portal for researchers so they can disclose vulnerabilities anonymously, and help coordinate cooperation between national and international actors. It can also create a team of white-hats that would help EU member states and operators of essential services to mitigate software vulnerabilities.
Again, if the Cybersecurity Act is passed, CVD might be included in the proposed European Cybersecurity Certification Scheme.
All that’s on the EU level. The various EU member states should amend their national legislation to encourage CVD and should work on implementing transparent government disclosure decisions processes (GDDP) to coordinate the disclosure of vulnerabilities they discover or are informed about.
Among the best practices for the latter, CEPS advises for non-disclosure agreements with contractors, resellers or security researchers to be prohibited and for vulnerabilities to be disclosed immediately to the affected vendors so they can be patched as soon as possible.
“Where the vulnerabilities potentially affect the safety of regulated products (such as cars, medical devices or railway signals), the relevant RU safety and standards bodies should be involved in the GDDP,” the think tank notes.
from Help Net Security https://ift.tt/2yW6CKs
New infosec products of the week: June 29, 2018
GlobalSign launches IoT Identity Platform addressing IoT device security requirements
GlobalSign’s IoT Identity Platform is a set of products and services flexible and scalable enough to issue and manage billions of identities for IoT devices of all types. Using PKI as the identity mechanism, the IoT Identify Platform can serve the varied security use-cases of the IoT across all verticals, including manufacturing, agriculture, smart grid, payments, IoT gateways, healthcare, other industrial ecosystems and more.
Quantum Xchange launches first quantum network in the United States
Leveraging the company’s Trusted Node technology, the Quantum Xchange QKD network extends the technology well beyond the previous limitations of transmission distances, to offer commercial enterprises and government entities point-to-point support over unlimited distances. In doing so, Quantum Xchange provides hardened encryption to address the shortcomings of today’s encryption standards, and the imminent threat of quantum computers.
Coriant unveils Vibe X90 carrier-class white box
Coriant introduced the Coriant Vibe X90 Programmable Packet Platform, the first in the Vibe series of carrier-class white boxes enabling cost-efficient service aggregation from access to the core. A key component of the Coriant Hyperscale Carrier Architecture, the carrier-class Vibe X90 provides a white box solution for a wide variety of mobile and converged applications, including 4G/5G anyhaul.
Ping Identity enables the modernization of legacy IAM systems
Ping Identity announced PingAccess, a new product and features designed to simplify the transition to its identity and access management (IAM) solution. It’s a common complaint among global organizations that many legacy IAM offerings are unable to support the modern applications, APIs and single-page applications that are needed to run an enterprise more efficiently.
from Help Net Security https://ift.tt/2N7tVnT
Thursday, June 28, 2018
Code42 Forensic File Search offers visibility to endpoint data
Code42 announced its Code42 Forensic File Search solution helps organizations simplify compliance with the Global Data Protection Regulation (GDPR), which went into effect May 25, 2018.
By enabling security, IT and compliance teams to search file activity across all endpoints in their organization in seconds, the solution accelerates breach investigations and makes it easier to meet GDPR’s 72-hour notification requirements.
“GDPR-regulated data can be found in places you might not expect,” said Vijay Ramanathan, senior vice president of product management at Code42.
“Data moves everywhere your employees create, share or store their work, including laptops, desktops and personal cloud accounts. As a result, employee computers have become data stores for vital – and now more regulated – company and customer information. In the event that vital data is lost or stolen, GDPR requires companies to investigate and report on it within 72 hours of becoming aware of the loss or face severe financial penalties. A company’s ability to successfully beat the timer will rely on whether it has full visibility to where its data lives and moves.”
Code42 relieves the burden of data protection, investigation and recovery so organizations have more bandwidth to focus on GDPR’s other areas.
Through a single endpoint application, Code42 Forensic File Search collects file metadata and events across employee computers and makes them searchable via the cloud.
In the event of a data breach or loss, security, IT and compliance teams then use a simple search bar to get answers to GDPR questions in near real time. For example:
- What devices and files were impacted by the security event and when?
- What files were on the impacted devices and therefore compromised?
- Which specific users were impacted and who needs to be notified?
- Were files altered, modified or deleted, and if so, which ones?
- Did the files move to another device, personal cloud service folder or external storage? If so, where and when?
To further support GDPR breach investigation and remediation efforts, Code42’s recovery capabilities enable organizations to:
- Gather all current and historical file events, logs and metadata details, including MD5 hashes, date ranges, and file types and paths;
- Search file versions to determine whether they were on a device at a given date and time;
- See the content of those files to determine whether personal or sensitive data was involved;
- Identify all users who have (or had) access to a file; and
- Preserve all necessary files, even deleted files, saving the content and context.
from Help Net Security https://ift.tt/2Kvy9E2
Venafi Enterprise Mobility Protect delivers visibility and machine identity on mobile endpoints
Venafi announced Venafi Enterprise Mobility Protect, a solution that safeguards the machine identities used on endpoints that access enterprise networks and resources.
Venafi Enterprise Mobility Protect will be available on July 2, 2018 and delivers visibility and machine identity intelligence across all authorized mobile devices, including those that are owned by employees (Bring Your Own Device or BYOD).
With Venafi Enterprise Mobility Protect, organizations can protect the machine identities on mobile endpoints by managing device certificates through a central certificate security platform.
The Venafi Platform delivers certificate visibility, issuance, distribution, and policy enforcement, as well as the control needed to terminate access for unauthorized users and employees.
The enterprise-class machine identity protection solution for mobile devices also maximizes flexibility by supporting many certificate authorities.
Key benefits of Venafi Enterprise Mobility Protect include:
- Visibility and protection of machine identities across Windows, OS X, iOS and Android devices.
- Integrations with devices and systems, including Windows and Mac OS.
- Single kill switch for mobile devices and applications that allows security teams to terminate access from a central console.
- Support for corporate-owned devices, domain-joined or not, as well as BYOD.
- Automated certificate issuance from over 40+ certificate authorities including Microsoft, DigiCert, and Entrust.
- Support for NAC, 802.1X, VPN and other use cases.
Endpoints on enterprise networks – such as Windows, Mac, iOS and Android devices – need access to corporate resources to keep employees connected and productive.
In order to protect the communication between enterprise networks and the increasing number of mobile endpoints, organizations must provide mobile devices of all types with secure machine identities that support authentication, encryption and decryption.
However, if the digital certificates that serve as machine identities for these mobile devices are issued outside of enterprise policy, are not tracked, or are left unrevoked after use, they become targets for cyber criminals who can compromise them and then use them to access enterprise systems and data.
These issues can be problematic with employee-owned devices.
“As businesses embrace BYOD policies, organizations have multiple teams issuing and using machine identities for mobile devices,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
“Venafi makes it possible for security teams to include employee-owned and corporate owned mobile endpoints in their machine identity protection strategy. With Enterprise Mobility Protect, security teams can be confident that all machine identities used for mobile devices, laptops, desktops, VPNs, WiFi and NAC authentication are secure. This allows all machine identities for mobile devices to be protected and comply with policy throughout their entire lifecycle, regardless of who owns the device or which team issues and manages the machine identity.”
from Help Net Security https://ift.tt/2N616YK
Enterprise digital transformation and IT automation with NS1’s Private DNS
NS1 unveiled Private DNS, an enterprise solution that unlocks the infrastructure performance, automation and scale advantages already used by the Internet companies.
Private DNS is for organizations that are modernizing their application infrastructure and embracing everything from clouds to containers.
Organizations are undergoing digital transformation, infrastructure automation and application modernization.
Distributed and dynamic applications are created by DevOps teams and delivered through a diverse mix of on-premise, public and private clouds, content delivery networks (CDN) and microservices platforms.
At the same time, years of technical debt — including that created by homegrown or traditional appliance-based DNS solutions — hold back enterprise modernization initiatives by hindering automation, performance and scaling.
NS1’s Private DNS is the DNS infrastructure solution designed from the ground up for application delivery.
It can help eliminate decades of technical debt and reduce manual processes and inefficiencies that increase costs and slow application and network changes.
Private DNS delivers traffic routing for the application experiences; an API-first approach for global change propagation and application and infrastructure automation; vendor-agnostic DNS load balancing; and service discovery at cloud scale — all critical for enterprise application delivery.
“DNS plays a vital role in modernizing the application delivery stack, yet there has been a glaring lack of DNS solutions designed to work in increasingly automated enterprise infrastructure and complex hybrid environments,” said Kris Beevers, co-founder and CEO of NS1.
“NS1’s Managed DNS platform is already used by the largest, most trafficked internet and cloud companies in the world. Private DNS delivers those same next generation DNS advantages in a self-hosted solution to accelerate transformation of the legacy stacks of enterprises.”
Benefits of NS1’s Private DNS in the Enterprise
Control and optimize traffic performance – Enterprise networks are becoming complex and distributed, requiring traffic management capabilities to ensure availability and performance. NS1’s data-driven platform tracks the availability and status of all the application points of presence across the enterprise then quickly and automatically reacts to changes. The Filter Chain provides a way to optimize routing decisions, resulting in more reliable and responsive applications.
Dynamic infrastructure and autoscaling – Advantage of cloud infrastructure, both private and public, is its ability to auto-scale in response to demand. This empowers enterprises to quickly spin up new services and capacity to improve user experiences. Such dynamic change requires a DNS platform that supports API call rates and change propagation, neither of which can be facilitated by traditional DNS systems. NS1’s Private DNS delivers a 10X improvement in API capacity and reduces propagation times from days or hours to seconds.
Service discovery at cloud scale – As organizations deploy applications into dynamic, cloud-based environments, they need a service discovery mechanism to connect application instances to other applications and users. NS1’s Private DNS ensures that your DNS moves at high velocity to manage discovery of services atop this globally available, service discovery protocol, supporting the scale and performance requirements of modern infrastructure while integrating with existing applications.
DevOps ready – An “API first” architecture allows DevOps teams to integrate DNS changes into their CI/CD deployment processes and tool stack, including Terraform and Ansible. This eliminates the need to send change request tickets to DNS administrators, and is just one of the many benefits unlocked by automation.
Cloud native and built for microservices – Platforms are not designed to meet the autoscaling and performance needs of dynamic infrastructure. Private DNS has a modular architecture comprising components that are packaged for deployment into Docker containers. This deployment model reduces resource consumption, enables easy, high-velocity change management, and unlocks more flexible scaling.
DNS global server load balancing – Private DNS enables enterprises to manage workloads across distributed data centers and virtual private clouds. Its open data feeds enable Private DNS to track availability and workloads at every facility and shift traffic to ensure application performance and capacity utilization. This approach delivers global server load balancing (GSLB) across multi-vendor, heterogenous data center and cloud infrastructures.
Modernization without downtime – Capable of supporting both modern and legacy systems, NS1’s Private DNS provides traffic management controls that enable easy and stable migration to new infrastructure. By moving fractions of traffic at a time to new cloud or hybrid infrastructure, Private DNS reduces the risk of service interruption and compromised performance.
Single DNS platform and integration for simplified management – Private DNS is built for modern infrastructure but at the same time fully supports legacy environments. Enterprises can choose to standardize and train their teams to use the management GUI or the API, or to interface with the NS1 platform via the tools they already use to manage their server, storage and networking.
“NS1’s Private DNS is a welcome addition to the enterprise DNS landscape. Organizations need to stop chipping away on isolated instances of technical debt, and upgrade infrastructure elements that can unlock and accelerate sweeping digital change to remain competitive in today’s digital economy,” said Brandon Butler, senior research analyst, Network Infrastructure, IDC.
“DNS is a critical foundational element to not just the internet, but any connected enterprise application or service. Modernizing DNS to deliver an API-first platform for automation and innovation, and advanced traffic management capabilities to boost performance and reliability, can deliver a broad reduction in technical debt and pave the way for large leaps in enterprise digital transformation.”
from Help Net Security https://ift.tt/2Kxr0D9
JASK raised $25M Series B financing to advance security operations
JASK announced that it raised $25M in Series B funding. Led by Kleiner Perkins with participation from early investors, including Battery Ventures, Dell Technologies Capital, TenEleven Ventures and Vertical Venture Partners, the round brings JASK’s total funding to $39M.
The company will continue its focus on platform development, increase hiring in all departments and expand global sales channels.
JASK also announced that Kleiner Perkins General Partner, Ted Schlein, joined the company’s board of directors.
Schlein was the original investor in ArcSight, in addition to other industry disruptors that include Carbon Black and Mandiant.
By leading JASK’s Series B investment, Schlein reunites with JASK co-founders Greg Martin and Damian Miller, who led the security operations practice at ArcSight through its acquisition by HP.
“With one of the most experienced teams in security operations, JASK understood that the biggest challenge to cybersecurity is human talent. There are not enough people skilled in attacker methods to quickly discern a real threat from a low-risk compromise,” said Ted Schlein, General Partner at Kleiner Perkins.
“Through advanced AI and machine learning, JASK frees security analysts from onerous data review to focus on investigating and responding to the most critical threats, improving efficiency and reducing organizational risk exposure.”
JASK’s mission is to modernize security operations by delivering an asset-independent, open platform that provides prioritized threat information with an autonomous workflow of what, where, why and how SOC analysts should take action.
The JASK ASOC platform automates much of the work of a tier one security analyst by correlating and analyzing vast amounts of data and summarizing the important information via JASK Insights, streamlined notifications that indicate a combination of events or activities that should be investigated.
JASK Insights contain all of the information in one interface to help speed investigation and response times.
“Over the past 20 years, the challenge of sifting through the deluge of alerts has been like finding the needle in a haystack,” said Greg Martin, CEO and co-founder of JASK.
“SOC teams now deal with a stack of needles and need to find the sharpest one. Technology can no longer hinder them, but rather support their workflows and improve their efficiency. Our Series B funding and partnership with Ted and Kleiner Perkins will help us accelerate our mission to deliver this technology.”
JASK’s leadership team brings together decades of experience solving real-world SOC issues from ArcSight, Carbon Black, Cylance, Netflix, Cloudera and the U.S. counter intelligence community.
Applying that experience and understanding of how SOC teams operate drives the team to leverage automation where possible to streamline analyst workflows and improve efficiency.
Using AI and machine learning, the JASK ASOC platform is built for data ingestion to reduce the costs and bandwidth demands of outdated SIEM data storage models, while adding important context from all attack vectors, users, devices, networks, applications and third-party integrations.
from Help Net Security https://ift.tt/2lKMykJ
LogPoint and DFLabs join forces to provide detection and remediation of security incidents
The companies have integrated their LogPoint SIEM and IncMan SOAR products for interoperability in any customer environment.
Gartner coined the term SOAR to describe an approach to security operations and incident response that aims to improve security operations’ efficiency, efficacy and consistency.
SOAR allows organizations to collect security data and alerts from different sources, including a SIEM, and perform incident analysis and triage using a combination of human and machine power.
This helps to define, prioritize and drive incident response activities to a standard workflow.
“The deep integration of the LogPoint SIEM with DFLabs IncMan combines the power of each solution to create a more robust, efficient and responsive security program,” said Dario Forte, CEO and Founder of DFLabs.
“Together IncMan and LogPoint enable organizations to automate most of the work performed by security analysts, and accelerate incident detection and response actions from hours to seconds.”
Taking advantage of LogPoint’s ability to ingest volumes of data, provide real-time cybersecurity analytics and generate alerts, DFLabs IncMan manages the incident response process for each SIEM alert.
IncMan automates and orchestrates the manual and repetitive tasks that would take analysts hours to complete to ensure all alerts are assessed and flagged for further investigation if necessary.
“With accelerated detection and response and the added benefit of utilizing playbooks and runbooks to formalize the response handling procedure, we will provide true operational value to our customers,” said Jesper Zerlang, CEO of LogPoint.
“From a business value perspective, LogPoint and DFLabs are individually delivering the best feature to price ratio in the market, but even more so as a joint solution.”
Both DFLabs and LogPoint incorporate machine learning into their solutions to reduce false positives.
In addition, DFLabs uses machine learning to automatically reapply previously successful actions and playbooks, facilitating knowledge sharing capabilities.
from Help Net Security https://ift.tt/2tKYarK
SierraWireless delivers FirstNet ready LTE router AirLink MG90
Sierra Wireless announced its AirLink MG90 multi-network vehicle router, based on its AirPrime EM7511 embedded module, is certified and approved for use on FirstNet.
FirstNet is the nationwide public safety communications platform dedicated to America’s first responders.
Being built with AT&T, in public-private partnership with the First Responder Network Authority (FirstNet Authority), FirstNet is bringing public safety agencies a technology upgrade to help them connect to the information they need.
The FirstNet ready AirLink MG90 router supports FirstNet’s First Priority – which includes priority and pre-emption for first responders – and FirstNet’s 700MHz Band 14 spectrum.
The AirPrime EM7511 LTE-Advanced Pro Embedded Module was also recently approved by AT&T and is the first embedded module available for the FirstNet network.
“We’re pleased to welcome Sierra Wireless to the FirstNet ecosystem,” said Chris Sambar, senior vice president, AT&T – FirstNet.
“The more tools public safety has access to on their network, the more we can help them achieve their mission. Sierra Wireless already has a well-established relationship with the first responder community, and with the FirstNet Ready designation, first responders can be confident that Sierra Wireless’ AirLink MG90 router is a trusted solution that meets FirstNet’s standards for relevancy, high security and performance.”
Before being certified and approved for use on FirstNet, devices are subject to tests that cover a number of aspects, from security and durability to network impacts.
This helps make sure that they can meet the needs of first responders.
The AirLink MG90, a vehicle multi-networking platform, is purpose-built to provide secure, always-on connectivity for mission-critical applications in public safety, transit and field services.
The newest AirLink MG90 variant supports LTE-Advanced Pro (Cat-12 speeds) and can switch seamlessly between FirstNet Band 14 wireless spectrum and other U.S. commercial mobile networks, with dual concurrent Gigabit Wi-Fi and Gigabit Ethernet and extensions to Land Mobile Radio (LMR) and satellite systems.
Part of the AirPrime EM75 Series, the new EM7511 embedded module provides 4G LTE Advanced Pro Cat-12 coverage, including FirstNet Band 14, with 3G fallback and integrated GNSS, delivering up to 600Mbps downlink speed and 150Mbps uplink speed.
The EM7511 module will enable IoT device manufacturers to deliver new solutions to the public safety community.
“Sierra Wireless has been helping advance first responders’ communications capabilities for more than 15 years, allowing public safety organizations to deploy reliable and cost-effective wireless solutions,” said Jason Krause, senior vice president and general manager, Enterprise Solutions, Sierra Wireless.
“More than half of the top 100 public safety agencies in the U.S. rely on Sierra Wireless products for mission-critical communications. We’re proud to collaborate with the FirstNet Authority and AT&T to support the FirstNet initiative to keep first responders and communities safer, and we will expand our portfolio of FirstNet Ready products in the coming months.”
Availability
EM7511 modules are available for OEM testing and integration. AirLink MG90 routers with support for LTE-Advanced Pro and FirstNet Band 14 are commercially available through Sierra Wireless’ authorized channel partners.
Options to upgrade existing AirLink MG90 units that are already currently deployed are also available.
from Help Net Security https://ift.tt/2lHVXtD
Cloud Daddy launches Secure Backup, AWS-native data protection solution
Cloud Daddy’s Secure Backup is the solution that joins backup and disaster recovery, security, and infrastructure management into one offering for AWS users.
For Cloud Daddy, the move to a unified AWS-native solution reflects the changing IT landscape.
“Not long ago, disaster recovery was built around the notion of natural disasters impacting an on-premises data center,” said Cloud Daddy Founder and CEO Joe Merces.
“In today’s world, cybercrime and cyber threats join natural disasters in making secure backup and recovery a constant concern.”
“Migrating your infrastructure to AWS isn’t enough to guarantee secure backup and disaster recovery,” Merces added.
“In fact, AWS specifically calls out a ‘Shared Responsibility Model,’ where AWS is responsible for security of the cloud, but the customer is responsible for security in the cloud. Cloud Daddy’s Secure Backup makes it easy to backup, restore and replicate — all while incorporating advanced security countermeasures in providing the best end-to-end data protection solution available for AWS.”
With five levels of product offerings, Cloud Daddy offers a range of both backup/disaster recovery and security features:
Backup/disaster recovery features
- Application/Crash-consistent backups based on native Amazon Snapshot API,
- Backup schedules and recurrent jobs,
- Tag-based backup and restore for easier search and management,
- Cross-region and cross-account backup/restore and recovery,
- Multi-tenant design and access,
- Email alerts and reports.
Security Features
- AWS web application firewall integration,
- Instance firewall and rules,
- Security group management,
- Detailed firewall logs.
Cloud Daddy Secure Backup gives users an understanding of their entire AWS infrastructure, navigated by tabs and incorporating a dashboard with an visualization of protected instances and job status.
Users can select backups and replications anywhere on the globe where AWS has a presence.
Assets can be backed up, managed and recovered even from one AWS region or account to the other, providing layers of disaster recovery with superior restore speeds using AWS over on-premises solutions.
Cloud Daddy Secure Backup is under development and committed to continuing to lead the combined mindset of backup, security and management as a strategy in enhancing the solution by implementing features that strengthen this foundation into the future.
Upcoming iterations of the Cloud Daddy solution will unlock capabilities for IT operations and management, all at a small fraction of the cost of standing up and configuring your own hardware.
Cloud Daddy Secure Backup solution is innovative, with a US patent pending on the machine learning and artificial intelligence that will drive the security system coming in Release 2.0.
George Crump, founder of the technology analyst group Storage Switzerland, LLC, noted that not only is the Cloud Daddy approach to all-in-one data protection for Amazon Web Services innovative, so is their pricing model for such protection.
“With their monthly subscription model, Cloud Daddy is the only company to my knowledge that provides a holistic data protection solution for AWS. That creates an easy and cost-effective way for Cloud Daddy customers to combine secure backup, infrastructure management and advanced security countermeasures in a single dashboard-style application.”
“The old days of thinking about backup, security and infrastructure management as three separate areas of responsibility within IT are gone in today’s hyper-scale cloud world,” said Merces. “Cloud Daddy Secure Backup is the only way to combine all three functions into one affordable, comprehensive, and effective solution for AWS.”
from Help Net Security https://ift.tt/2yTHDrl
Vulnerability landscape evolution for common desktop applications
Flexera released Vulnerability Review 2018: Top Desktop Apps, part of the annual report series from Secunia Research. This new edition focuses on heavily used desktop applications, which can be easily breached through the Internet.
“Companies are in desperate need to improve patching so they can reduce risk. Ultimately that means creating a smart process,” said Kasper Lindgaard, Senior Director of Research and Security at Flexera. “To do that you have to cut through the noise – not all software updates are security related, and not all security updates are equally critical. Having patching processes, supported by best-in-class technologies, gives you the visibility and intelligence you need to prioritize and act decisively.”
Most desktop app vulnerabilities pose extreme risk
Security professionals need to pay close attention to desktop applications because most vulnerabilities found in these types of apps can be extremely dangerous. Whenever new vulnerabilities are reported, Secunia Research issues Advisories assessing their criticality, attack vector and solution status. This allows desktop admins to identify and prioritize critical security patches. Without such information, operation teams struggle to keep up with a the large amount of patches.
In 2017, 83 percent of the Secunia Advisories covering the top desktop applications were rated “Extremely” or “Highly” critical (compared to only 17 percent when you look at Secunia Advisories across all software applications ranked).
Moreover, desktop applications are extremely vulnerable to attack via the Internet, making them attractive targets. 94 percent of advisories relating to desktop apps could be exploited through the Internet, without any interaction with the user, or the need for them to take any action.
Microsoft’s automated updates aren’t enough
The report also cautions users who incorrectly believe that Microsoft’s automated updates will shield them from vulnerability risk. In fact, the majority of desktop app vulnerabilities occur in non-Microsoft applications. 65 percent of the vulnerabilities reported in the 50 most common desktop applications were found in non-Microsoft apps.
“Organizations can improve security patching in just three steps,” added Lindgaard. “First, arm desktop admins with security Key Performance Indicators to keep security patching a high priority. Second, create an inventory of desktop apps to make installing a patch easier. Finally, put prioritization and sourcing patches on a schedule, so patches are consistently monitored and applied quickly.”
The key takeaway? When armed with vulnerability intelligence, IT professionals can get ahead of security risks with patches for almost all vulnerabilities affecting the most common desktop applications.
from Help Net Security https://ift.tt/2tD4z91
Cryptocurrency miners poised for continued growth
WatchGuard threat intelligence from Q1 2018 revealed that 98.8 percent of seemingly common Linux/Downloader malware variants were actually designed to deliver a popular Linux-based cryptocurrency miner. This is just one of several signs that malicious crypto-mining malware is becoming a top tactic among cyber criminals.
“Our Threat Lab team has uncovered multiple indicators that suggest malicious crypto miners are becoming a mainstay in cyber criminals’ arsenals, and will continue to grow more dominant in Q2,” said Corey Nachreiner, CTO at WatchGuard Technologies. “While ransomware and other advanced threats are still a major concern, these new crypto-miner attacks illustrate that bad actors are constantly adjusting their tactics to find new ways to take advantage of their victims. In fact, once again in Q1, we saw nearly half of all malware slip past basic signature-based antivirus solutions due to various obfuscation methods. One way every organization can become more secure against these sophisticated, evasive threats is to deploy defenses enabled with advanced malware prevention.”
Cryptocurrency miners are on the rise
Several cryptocurrency miners appeared for the first time in WatchGuard’s list of the top 25 malware variants. Firebox appliances have a rule called Linux/Downloader, which catches a variety of Linux “dropper” or “downloader” programs that download and run malware payloads.
Usually these droppers download a wide range of malware, but in Q1 2018, 98.8 percent of Linux/Downloader instances were trying to download the same popular Linux-based crypto miner. Evidence from Q2 so far indicates that crypto-mining malware will stay on WatchGuard’s top 25 list and may even crack the top 10 by the end of the quarter.
The Ramnit trojan makes a comeback in Italy
The only malware sample on WatchGuard’s top 10 list that hadn’t appeared in a past report was Ramnit, a trojan that first emerged in 2010 and had a brief resurgence in 2016. Nearly all (98.9 percent) of WatchGuard’s Ramnit detections came from Italy, indicating a targeted attack campaign. Since past versions of Ramnit have targeted banking credentials, WatchGuard advises Italians to take extra precautions with their banking information and enable multi-factor authentication for any financial accounts.
For the first time, APAC reports the highest malware volume
In past reports, APAC has trailed EMEA and AMER in the number of reported malware hits by a wide margin. In Q1 2018, APAC received the most malware overall. The vast majority of these attacks were Windows-based malware and 98 percent were aimed at India and Singapore.
Nearly half of all malware eludes basic AV solutions
Zero day malware (a term for malware that is able to evade traditional signature-based AV) accounted for 46 percent of all malware in Q1. This level of zero day malware suggests that criminals are continuing to use obfuscation techniques to beat traditional AV services, emphasizing the importance of behavior-based defenses.
Mimikatz targets the US, skips Asia Pacific
The Mimikatz Windows credential-stealing malware reappeared on WatchGuard’s top 10 malware list after several quarters of absence. Two thirds of the detection of this malware was in the United States and under 0.1 percent of detections were in APAC, possibly due to the complexity of double-byte characters in countries like Japan that use a symbol-based language for passwords.
from Help Net Security https://ift.tt/2lFsCzP
Do you support employee digital monitoring programs?
Employers can implement effective cybersecurity that increases visibility, reduces insider threat risk, and that respects employees’ privacy while gaining their support, according to Dtex Systems.
To achieve this, monitoring should be conducted with:
- Openness and transparency — make sure employees know what’s taking place
- Focus on security — monitor activities to reduce security risk, don’t use tools that eavesdrop
- Data anonymization — only review and analyze data after a threat has been detected.
“The world has lost its tolerance for deceptive data practices, aggressive surveillance and privacy invasions. It’s also become more lawless; Edward Snowden, Waymo vs. Uber and the insider who sabotaged Tesla are stark reminders of this reality,” said Christy Wyatt, CEO, Dtex Systems. “This survey shows that Americans understand the situation and expect their employers to maintain a level of security that protects them and their jobs. It also shows that Americans who expect to have their privacy protected will reject legacy monitoring technologies that record their every keystroke and record everything they do.”
Additional top findings revealed by the survey included:
- 45% of Americans believe it is sometimes, often or always acceptable for employers to monitor employees’ digital activities to protect against security threats and data breaches.
- 64% of Americans somewhat to strongly agree that employers have the right to monitor employees’ digital activities on personal or work-issued devices used to conduct work for security purposes, as long as they are transparent about it and let employees know up front that it is taking place.
- 77% of employed Americans would be less concerned with their employer monitoring their digital activity on personal or work-issued devices they use to conduct work, as long as they are transparent about it and let them know up front.
- 71% of Americans would not accept a job with an employer that monitors its employees’ digital activities on work-issued or personal devices they use to conduct work without letting employees know about monitoring up front.
- 70% of Americans somewhat to strongly agree that they would consider leaving an employer if they found out that the employer was monitoring their digital activities on work-issued devices they use to conduct work without telling them up front.
- 62% of employed Americans would be comfortable with their employer monitoring their digital activities taking place on work-issued devices if it was for security purposes and the activity data was anonymized (i.e., the employer would only look at it if suspicious or threatening behaviors were detected). 36% of employed Americans feel the same about employer monitoring on personal devices.
from Help Net Security https://ift.tt/2tNaOXm
The Ticketmaster breach – what happened and what to do
from Naked Security https://ift.tt/2Kuu2bl
Micro Focus’ File Governance Suite takes on GDPR compliance and ransomware
Micro Focus announced availability of Micro Focus File Governance Suite, helping customers archive and recover targets faster than traditional backup systems, and assisting with government and privacy mandates, including the General Data Protection Regulation (GDPR).
With this suite, organizations can protect sensitive data from damaging ransomware attacks—giving IT more capacity to meet business demands, rather than spending time recovering and repairing critical data.
According to Verizon’s 2018 Data Breach Investigations Report, ransomware was recently identified as the world’s biggest security breach threat.
“Ransomware is the top variety of malicious software, found in 39% of cases where malware was identified.”
“Micro Focus File Governance Suite empowers IT to provision, manage and dispose of user and group storage, while also establishing policies that automatically clean up, move, archive or delete sensitive files in order to protect and quickly recover valuable content,” said Joe Garber, global head of product marketing for Information Management and Governance at Micro Focus.
“This significantly reduces the compliance management burden for IT, giving teams more ability to reduce information risk and further drive the top line.”
Ransomware affects organizations of all types around the globe, including those that must now comply with privacy regulations.
For instance, GDPR requires organizations to construct defenses to protect against security breaches, and report identified breaches to both GDPR authorities and customers.
The File Governance Suite accomplishes this through data protection policies that enable nearline storage, point-in-time recovery, content control, file remediation, and identity driven file management.
In addition to protecting data through policy, the File Governance Suite provides data protection through analysis.
To further assist with GDPR compliance, authorized users can analyze the content of files. Files that include personal or secure information can then be automatically moved to more secure locations, or be deleted (when appropriate).
Micro Focus File Governance Suite combines:
- Micro Focus File Dynamics — a network and file system management and protection solution that automates set of management tasks through identity and target-driven policies.
- Micro Focus File Reporter — analyzes network file systems of network file systems and details file storage information that optimizes and secures networks, while helping organizations meet strict compliance standards.
Features of the newly released suite include:
Data Protection: Protect targets from threats such as ransomware with Epoch Data Protection policies—protected from direct user access and can only be accessed through a proxy account.
Data Analysis and Remediation: Identify sensitive files and move them to a secure location, protecting data from unauthorized users.
Automate Data Management and Cleanup: Specified policies automate the cleanup of data, including most unstructured data on the network.
File Classification: PII, PHI, and PCI discovery that is tied to pattern matching.
Data Ownership: Allows those who are closest to and understand the data to be able to take action on the data.
from Help Net Security https://ift.tt/2KrPlNX
Enea announces Qosmos Probe 2.0 for cybersecurity
Enea announced the availability of the Qosmos Probe 2.0 configured as a Deep Packet Inspection (DPI) sensor, designed to strengthen cyber threat hunting capabilities at Security Operations Centers (SOCs).
SOCs need accurate traffic intelligence to identify threats that evade cyber incident detection and protection solutions.
Configured as a DPI sensor, the Qosmos Probe provides detailed, real-time traffic information about applications and protocols.
The extracted data is formatted in a normalized stream for consumption by security analytics, Security Information and Event Management (SIEM), or other incident response tools.
The Qosmos Probe leverages the power of ixEngine, the most powerful DPI engine on the market, to deliver best in class traffic intelligence:
- Complete visibility up to the application level (OSI layer 7),
- Classification of 3000+ protocols,
- Extraction of 5000+ application metadata,
- Flexible management interfaces with support for NETCONF, REST, CLI,
- Information can be exported in multiple standard formats (CSV, IPFIX, JSON, etc.),
- Connectors for open source databases (Elasticsearch, InfluxDB, etc.),
- Cloud-native architecture suitable for virtualized environments (OpenStack, VMware) and cloud-based applications.
The benefits of the Enea Qosmos Probe for SOCs include:
- Improved threat hunting capabilities based on detailed real-time traffic information,
- Size of forensic data reduced by up to 150x compared to full packet capture (FPC),
- Less false positives when using information from the DPI sensor to improve rules for Intrusion Detection and Prevention Systems (IDPS).
“Cyber threats are becoming increasingly sophisticated and therefore Security Operations Centers need highly effective detection capabilities,” said Jean-Philippe Lion, Senior Vice President of the DPI Business Unit at Enea.
“The Qosmos probe is an essential source of information to identify and protect against the most advanced attacks.”
from Help Net Security https://ift.tt/2MrJKo7
Earther Big Oil’s Victory in Climate Suit Doesn’t Matter | The A.V.
Earther Big Oil’s Victory in Climate Suit Doesn’t Matter | The A.V. Club The best films of 2018 so far | The Takeout Breweries roll out cannabis-infused beverages that actually get you high |
from Lifehacker https://ift.tt/2tIy4Wk
The IEEE is against mandated encryption backdoors
The Institute of Electrical and Electronics Engineers (IEEE) has added its voice to the chorus of security experts, privacy advocates, lawmakers and other prominent individuals who are against the idea of mandated encryption backdoors.
“We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as ‘backdoors’ or ‘key escrow schemes’ in order to facilitate government access to encrypted data,” the professional association stated.
“Governments have legitimate law enforcement and national security interests. IEEE believes that mandating the intentional creation of backdoors or escrow schemes – no matter how well intentioned – does not serve those interests well and will lead to the creation of vulnerabilities that would result in unforeseen effects as well as some predictable negative consequences.”
Many reasons for their official position
The reasons for their position are as follows:
- “Exceptional access mechanisms” would allow malicious actors to find them and exploit them, and as far as centralized key escrow schemes are concerned, they would allow adversaries to compromise the security of both targets and non-targets.
- Not all encryption schemes can be fitted with backdoors, and malicious actors can simply switch to using those.
- Encryption backdoors or key escrow schemes can have long-term negative effects on the privacy, security and civil liberties of citizens. “Encryption is used worldwide, and not all countries and institutions would honour the policy-based protections that exceptional access mechanisms would require,” they pointed out.
- Exceptional access mechanisms can also have a negative effect on companies’ ability to innovate and compete in the global market.
“Measures that reduce security of information or that facilitate the misuse of secure information and control systems can damage trust. Loss of trust will impede the ability of those technologies to achieve much broader societal benefits,” the IEEE noted.
US and UK law enforcement and intelligence agencies have been clamouring for years now that they need that type of access.
But the IEEE pointed out that law enforcement agencies have a range of alternative methods for getting into systems and accessing data, when legally allowed to do so.
“Techniques include legal mechanisms for accessing data stored in plaintext on corporate servers, targeted exploits on individual machines, forensic analysis of suspected computers, and compelling suspects to reveal keys or passwords.”
from Help Net Security https://ift.tt/2KdiDAB
Versasec updates its identity and access management solution
Versasec introduced vSEC:CMS S-Series 5.2. This version of identity and access management (IAM) solutions offers interfaces to a variety of smart cards, user directories and more.
vSEC:CMS S-Series 5.2 includes a list of features:
- A new inventory for software version management (RSDM, USS and VSC) to improve management of vSEC:CMS software components installed on managed devices,
- Updates and improvements to FixDN, a feature that finds and corrects broken links between user ID stored in vSEC:CMS and user directory (AD),
- Additional functionality to retrieve directory (AD) attributes, from the users’ managers,
- New options for the virtual contact interface (VCI) bits in Discovery Object, which can now be configured to set VCI PIN behavior,
- An updated interface to ypsID S3 smart card to support version 3,
- Improved management for PIV FASC-N Credential Numbers,
- An updated interface to Thales nShield HSM,
- Support for Symantec MPKI 7.5, which enables the issuance of smart card certificates from the Kuwait government PKI and affords Versasec new business opportunities in the Middle East.
vSEC:CMS version 5.2 includes support for the following: Longmai mToken CryptoID; fingerprint enrollment for ypsID S3 smart cards; and SPE (Secure PIN Entry) on Oberthur 8.1 IV cards.
“Governments and entities around the world recognize the importance of knowing who is accessing data, and our vSEC:CMS solutions make it very easy and cost effective to do so,” said Joakim Thorén, Versasec CEO.
“With our latest version of vSEC:CMS, we’re supporting more cards and tokens, and we’ve simplified our interfaces, making our solution easier than ever to use.”
Versasec vSEC:CMS is optimized for deployment in large-scale projects.
from Help Net Security https://ift.tt/2MsNaXE
Whitepaper: Managing users and authentication with on-premises Active Directory for O365
The move to Office 365 (O365) requires IT departments to make some tough decisions regarding how and where to manage users and authentication. To confuse the picture further, there are many different options an organization can take, from out of the box Microsoft to using a third party solution.
Most organizations will connect their existing on-premises Active Directory to O365 – a process also known as directory synchronization – to use existing user management and authentication processes.
This whitepaper compares the Microsoft components required to achieve directory synchronization, single sign on and multi-factor authentication against third party solutions to aid the decision making process.
from Help Net Security https://ift.tt/2yOKaTv
How Facebook and Google nudge users to make anti-privacy choices
Facebook, Google and Microsoft use design techniques and tricks to steer users toward sharing more information about themselves to benefit those businesses, the Norwegian Consumer Council (NCC) has shown.
Among these so-called “dark patterns” are anti-privacy default settings, confusing layouts, illusions of choice, and design choices (positioning, visual cues, etc.).
Privacy intrusive defaults
“Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected,” the NCC noted.
“The popups from Facebook, Google and Windows 10 have design, symbols and wording that nudge users away from the privacy friendly choices. Choices are worded to compel users to make certain choices, while key information is omitted or downplayed. None of them lets the user freely postpone decisions. Also, Facebook and Google threaten users with loss of functionality or deletion of the user account if the user does not choose the privacy intrusive option.”
If you’re wondering how these dark patterns look in practice, check out NCC’s detailed report.
Anti-privacy dark patterns and GDPR
Digital services providers’ use of these design techniques is arguably unethical, the NCC added, but they also might be falling afoul of EU’s General Data Protection Regulation.
“Data protection law requires that companies make it easier for users to make clear and informed choices, and that they let users take control of their own personal data. Unfortunately, this is not the case, which is at odds with the expectations of consumers and the intention of the new Regulation,” noted Finn Myrstad, director of digital services in the Norwegian Consumer Council.
So, they’ve asked the Norwegian Data Protection Authority and the Norwegian Consumer Agency to investigate whether the companies are acting in accordance with data protection principles in the GDPR, (i.e., data protection by design and by default).
Princeton professor Arvind Narayanan pointed out that, while the report examines three companies, dark patterns have become pervasive and institutionalized.
“In ongoing research, [Princeton grad Arunesh Mathur] has found that designers trade strategies and templates for dark patterns on message boards, treating the GDPR as a nuisance to work around. Left unchecked, dark patterns will negate much of the benefit of the GDPR and other consumer protection laws,” he added.
from Help Net Security https://ift.tt/2tRXcKv
Wednesday, June 27, 2018
Threat X extends SaaS-Based WAF solution with threat detection
Threat X announced the addition of capabilities to help global customers identify, profile, and intercept a wide range of threats, including DDoS, Bot and zero-day attacks while increasing application performance.
Additionally, cloud-native deployment options mean organizations can deploy and scale Threat X in hours—compared to the weeks associated with traditional WAF deployments.
Today, security teams are challenged to protect the large attack surfaces presented by complex technology environments from an ever-evolving threat landscape.
These teams simply cannot spend time managing multiple security products or be burdened with manual threat analysis if they expect to effectively protect their applications.
Available now as part of the Threat X platform, these capabilities capitalize on machine learning and attacker profiling to automate the precise detection and neutralization of advanced threats.
Now, security personnel can protect their application environments without the large management overhead associated with disparate products and rule-based WAF solutions.
Threat X’s enhanced DDoS, Bot Detection and Edge Caching capabilities draw on behavior-based analytics and risk, site and application profiling, as well as attacker fingerprinting to continually detect advanced threats and optimize application performance.
Unlike current WAFs, Threat X offers a solution that is purpose built to reduce false positives across a wide range of evolving threats, freeing up security teams to focus on top risks and security strategy.
New capabilities include:
- “Attacker Centric” dynamic detection and neutralization capabilities: With enhanced DDoS Mitigation and Bot Detection capabilities now included in its behavior-based attack profiling, Threat X can detect and neutralize with high precision layer 7 attacks, OWASP top threats, Bots, DDoS, and zero-day attacks. Threat X also features new site and application profiling to help companies block many key exploits of attacks, long before they become an issue.
- Container based, native-cloud and SaaS deployment: With continuous innovation in cloud-native and on-premise deployment capabilities, Threat X customers can now deploy sensors in minutes via SaaS, or Docker native containers in public or private clouds. Once deployed, Threat X can begin accurately blocking attacks in a matter of hours, providing total coverage and visibility across all web and cloud applications, APIs, and microservices.
- Advanced Edge Caching and site performance tuning: With new static and dynamic resource caching, image optimization, inlining and manual cache purging, Threat X’s latest release addresses customer impacting performance issues prevalent in slower, back-end applications and content-heavy web properties.
- Threat X Labs operations center: With its new Colorado location, Threat X Labs extends security team capabilities with proactive identification of target vulnerabilities, and 24×7, expert responses to high-risk events, freeing customers to focus on their core business with the confidence that their application security is addressed.
“In today’s dynamic threat environment, security teams struggle to put together a comprehensive web application security approach, often deploying several standalone products that simply can’t provide a holistic view into vulnerabilities and threats. We believe that by combining these new capabilities with our proven behavior-based, next-gen WAF, we are helping our customers take a huge leap forward in how they deploy and manage their web application security. Now any organization can take advantage of a truly integrated solution that detects and neutralizes all types of web application attacks before they can materially impact the business,” said Bret Settle, CEO Threat X.
“Legacy WAF’s have a history of complexity and false positives, which often means they are not deployed widely enough, leaving application portfolios exposed and placing large burdens on security teams. To address these challenges, Threat X offers new capabilities and a truly next-generation approach to WAFs, with rapid and adaptable cloud deployment options and dynamic defense capabilities to address a wide range of threats. With Threat X, security teams no longer have to rely on static rule sets and reactive analysis and can now extend protection to an entire portfolio of web applications,” said Michael Suby, Stratecast VP of Research at Frost & Sullivan.
from Help Net Security https://ift.tt/2Klbn51
Inbox Security Scan identifies and protects critical online accounts
The average internet user has over 150 online accounts, making it nearly impossible to create strong, unique passwords for each, and difficult to remember which accounts they created.
With Inbox Security Scan, people have insight into the current state of their online accounts, helping them to both understand what accounts they have and those they need to act on to protect.
This feature is built on Dashlane’s zero-knowledge architecture, and is the only capability of its kind on the market.
Inbox Security Scan is a tool for anyone with an email address and makes it easier than ever to get started using Dashlane on mobile.
The feature, which is available with Gmail on iOS and Android, as well as with Outlook, Hotmail, MSN, and Live.com on Android, scans your email inbox, finds all the accounts you’ve created using that email, and offers a security analysis that includes a timeline of account creations, account categorization, and identification of accounts potentially affected by previous hacks.
From there, people can save accounts to Dashlane and manage passwords in one tap.
“With the release of Inbox Security Scan, we’re putting the needs of people front and center, offering anyone interested in understanding their digital footprint a huge amount of personalized insight within seconds of downloading the Dashlane app,” said CEO Emmanuel Schalit.
“Inbox Security Scan was designed to make identifying and importing critical accounts as easy as possible, and to help take control of and increase protection for these accounts quickly once they are in Dashlane.”
from Help Net Security https://ift.tt/2Ix0Fn3
Proficio’s ProView Plus Portal provides clients with ThreatInsight
Proficio announced their customer portal, ProView Plus, complete with new ThreatInsight risk scoring and executive dashboards.
The ThreatInsight Scoring Dashboard is offering customers visibility into the gaps in their security controls and automatically providing recommendations on how to maximize current investments and minimize risks.
ThreatInsight Scoring Dashboard leverages advanced analytics to reveal blind spots in an organization’s security controls, and then identifies and scores those threats based on the steps of the Cyber Kill Chain.
The ThreatInsight score is calculated based on Proficio’s proprietary technology and provides customers with recommendations on how to improve their security posture; it also allows customers to see how their score compares to Proficio’s complete customer base and their specific industry vertical.
“An alarmingly high percentage of threats go undetected by in-house security teams because there has never been a way for them to easily identify blind spots in their security controls that were putting them at risk,” stated Ken Adamson, VP of Product Development at Proficio.
“We chose to address this issue head-on by creating the ThreatInsight Scoring Dashboard. With this state-of-the-art technology we’re providing our customers with a single pane of glass that gives them complete visibility into their security gaps and provides them with the necessary intelligence needed to improve their overall security posture and give them the peace-of-mind they deserve.”
Along with the ThreatInsight Scoring Dashboard, the ProView Plus portal also has executive dashboards that provide customers with an overview of their security posture, the ability to investigate security alerts, review device behavior, search security log sources, create boardroom-ready reports, and handle case management and escalations.
Each executive dashboard is interactive and customizable with investigative workflows that provide in-depth security insight into each customer’s network all in one location.
“At Proficio, our focus has always been on providing our customers with the most innovative and advanced security solutions, and the ProView Plus portal with new executive dashboards delivers on that commitment,” said Brad Taylor, CEO of Proficio.
“With these latest portal enhancements, our customers have complete transparency into their security control performance and are provided with a clear roadmap on how to reduce overall risk in real-time. ProView Plus allows us to better support our customers’ objectives by arming them with the necessary tools and critical information they need to justify security spending to their board and to keep their organization safe.”
from Help Net Security https://ift.tt/2tyb4tX
Jasen Meece to head business development for Gurucul
Gurucul announced that Jasen Meece, former Managing Partner for IBM’s Global Security Group, has joined the company as President.
He will oversee sales, business development, channel and partnership programs, and their go-to-market strategies.
“With more than 20 years of management experience in identity, cloud security and cyber risk management with IBM, KPMG, Oracle and Sun Microsystems, Jasen is a great addition to our team,” said Saryu Nayyar, CEO of Gurucul.
“He has managed both internal and external facing organizations focused on helping customers solve complex digital transformation challenges. His passion for reducing cyber risk and deep industry relationships in the enterprise and partner community will help Gurucul accelerate and scale up our business development and growth initiatives.”
Jasen Meece joins Gurucul from IBM’s Global Security group where he served as Managing Partner, Cloud Identity. Prior to IBM, Jasen was Managing Director with KPMG where he helped implement cyber risk mitigation programs for several global organizations.
He was previously President of Qubera Solutions, a global IAM integrator and IT strategy firm acquired by KPMG. Jasen has built and led sales organizations for software companies.
He has a proven track record in both enterprise and mid-market sales management positions with Oracle Corporation, Sun Microsystems (now Oracle) and Sabre Corporation. Jasen has an MBA from Arizona State University, W.P. Carey School of Business.
“Gurucul has pioneered the market for behavior-based security and identity analytics, with the most mature technology that is widely deployed in Fortune 1000 companies” said Jasen Meece.
“The market for user and entity behavior analytics is now moving beyond the early adopter phase, and Gurucul is in a position to rapidly help enterprises mitigate cyber risk with security, identity and fraud analytics. This is an exciting time to join the company and really scale up our business relationships and market share.”
from Help Net Security https://ift.tt/2Ix0DeV
Ping Identity and SailPoint partnership helps prevent security breaches, meet regulatory requirements
Ping Identity announced partnership with SailPoint Technologies to provide identity access and governance for today’s most complex enterprise environments.
This means global organizations now have access to a flexible solution designed to provide an identity ecosystem for granting secure access to the right people, while also governing that access.
Today’s typical IT team is being stretched to manage a combination of on-premises and cloud infrastructure. As a result, it’s becoming more important for these companies to define the requirements around complex permissions and policies in the security tools they are leveraging.
Further, they are seeking solutions that will simplify all of this across a hybrid IT environment. The partnership between Ping Identity and SailPoint addresses many of the challenges these applications and environments provide.
By putting identity at the center of a deployment, enterprises will benefit from the added security to prevent breaches and enable them to meet highly-regulated requirements.
The Ping Identity Platform can be used across workforce, partner and customer identity types and offers a modern identity and access management solution to meet complex enterprise demands.
These capabilities complement SailPoint’s focus on staying at the forefront of innovation in developing identity solutions that keep pace with the increasing global regulatory and cyber security landscape.
“We’ve worked with SailPoint to deliver simplified, secure access and governance for complex, hybrid environments for years,” said Andre Durand, CEO of Ping Identity.
“Our customers have confidence that our solutions will work together, out of the box, with no additional costs for integration.”
The combination of access management from Ping Identity with identity administration and governance from SailPoint provides the following functionality to enterprises:
- Simplified, secure access and governance for complex environments. With the ability to authenticate users from any location and any device, the combined identity solution is flexible enough to determine the appropriate access. This level of provisioning is designed to enforce compliance and adhere to business policies.
- Complete visibility and control. Part of improving employee and partner productivity, while also driving customer engagement, is making sure the right visibility and control is available to authenticate users. The combined solution addresses this requirement by enabling users with policy-based self-service access to all applications, data and systems needed to successfully do their jobs.
- Comprehensive identity governance and access security platform. This proven solution is built for enterprise-level scale and security without the costly and time intensive integrations. Not only does it maintain an access audit trail of every identity in the organization, but it also demonstrates compliance with confidence and ease. This includes the ability to meet regulatory requirements, regardless of how complex the environment may be.
“Ping Identity and SailPoint have a long history addressing the most complex identity and access management challenges of the hybrid enterprise,” said Joe Gottlieb, senior vice president of corporate development for SailPoint.
“This partnership will make it easier for our joint customers to deliver policy-based access control; comprehensive identity governance; and streamlined access requests, approvals and certifications.”
“By bringing Ping Identity and SailPoint together, enterprises have the ability to solve their complex security issues in a standards-friendly and cross platform manner, with a rapid deployment model to help enable success,” said Jacob Pszonowsky, principal, Cyber Security Services at KPMG LLP.
“Many of our clients use both solutions already and have seen benefits from the increased integrations and cooperation when developing their IAM capabilities and solutions.”
from Help Net Security https://ift.tt/2tyaZq9
MobileIron Authenticator: Multi-factor authentication for the cloud
MobileIron announced the addition of MobileIron Authenticator to its MobileIron Access cloud security solution.
MobileIron Authenticator is a mobile application that allows organizations to verify a user’s identity using the phone as a second factor of authentication.
Passwords are failing
According to the 2018 Verizon Data Breach Investigations Report, compromised credentials are the top cause of reported data breaches. The best solution is to move beyond passwords, as MobileIron already does with seamless single sign-on for trusted devices and apps.
But when that is not possible because of legacy devices or untrusted environments, many organizations look to multi-factor authentication (MFA) as additional evidence to confirm a user’s identity.
Traditional MFA, however, uses hardware tokens that are easily lost or software tokens that require inconvenient activation through QR codes. Neither of these is an ideal user experience.
MFA must be simple and smart
MobileIron Authenticator is differentiated from existing MFA solutions because it provides a one-touch set-up process for end users, leverages smartphones instead of hardware tokens, and integrates MFA into a security workflow that establishes not just user trust, but also device and app trust.
“MFA is often a silo in a company’s security workflow, a separate solution that requires custom integration and creates frustration for end users,” said Vijay Pawar, VP of product management at MobileIron.
“MobileIron Authenticator integrates MFA into the broader security workflow and simplifies adoption by end users.”
MobileIron Authenticator benefits
User adoption – Automated, one-touch activation simplifies user adoption, so your employees can focus on getting work done, not figuring out how to use MFA.
Quick access – User login can be confirmed within seconds using push notifications on MobileIron-secured smartphones, simplifying the access experience.
Intelligent authentication – Authentication flows are now dynamic and based on context, so that device, app, network, and user trust are considered together to enable smarter authentication decisions.
Integrated security workflow – With the addition of MobileIron Authenticator, the MobileIron Access solution now brings MFA policies into a rich security workflow that already includes adaptive access and single sign-on for mobile apps.
MobileIron Authenticator is available today for Android devices, with iOS planned.
from Help Net Security https://ift.tt/2Mq7ol2
Earther The Next Decade Will Decide Our Future Climate | The A.V.
Earther The Next Decade Will Decide Our Future Climate | The A.V. Club The best albums of 2018 so far | The Takeout The following foods are unacceptable on an airplane |
from Lifehacker https://ift.tt/2KqbWat
Researchers release app that masks printers’ tracking dots
Did you know that nearly all modern color laser printers put tracking patterns of tiny yellow dots on each piece of paper they print?
Most printer manufacturers include these yellow dot patterns, which reveal information such as the serial number of the printer and the date and time when the document was printed. They are effectively invisible to the naked eye and they are ostensibly used to identify suspects in criminal counterfeit investigations.
But they can also be used to track down political dissenters or leakers.
Masking the tracking dot patterns
Computer scientists Timo Richter and Stephan Escher from TU Dresden wanted to decode the various patterns and see whether they can mask them to effectively “anonymize” the printed document and, therefore, the person who printed it.
They analyzed documents printed by 141 printer models produced by 18 manufacturers, found the dots in most of them, and mapped four distinct tracking dot patterns/matrixes (TDMs), of which one was unknown to the public before this.
They also found a way to completely delete or mask the patterns in a way that don’t allow the pattern to be reconstructed.
“When scanned documents are being sent via the internet, they might contain tracking information. Tracking dots can mostly be removed from scans by clearing the original document’s empty areas,” the scientists TEXT explained.
For masking tracking dots on printed documents it’s best to add another custom TDM over the printer’s one, with the goal of making the decoding ambiguous.
Finally, they created and made available an app that automates the TDM extraction, analysis, and the creation and implementation of an anonymization pattern.
“We believe that citizens should be aware of the existence of such codes, and the surveillance that they make possible”, said Escher. “The GDPR governs the protection of digital data, but only few people know that they can be observed and identified also with non-digital media”.
from Help Net Security https://ift.tt/2N45OX9
Twitter adds support for login verification with USB security key
Twitter has some good news for users looking to improve the security of their account: the company has begun rolling out the “login verification with a security key” option.
Twitter announced on Tuesday several new measures to fight abuse, trolls, and spam on the social network and, within that announcement, it offered advice on how to protect one’s account (enable two-factor authentication, regularly review any third-party applications, don’t re-use your passwords across multiple platforms or websites).
It then also added: “You can also use a FIDO Universal 2nd Factor (U2F) security key for login verification when signing into Twitter.”
Using a security key for login verification
This added security measure can be set up via from the account “Settings and privacy” – instructions on how to do so are provided here.
Users can use a Yubikey or a similar USB security key.
A physical key for login verification can come in handy when users don’t have their phone with them or suspect it to have ben compromised.
It can also prevent users from falling victim to phishing attacks: the key will work only on the legitimate Twitter login page.
New accounts have to be confirmed
Among the changes Twitter announced on Tuesday is also one that will hopefully make it a little bit harder to register spam accounts: new users will be required to confirm either an email address or phone number when they sign up to Twitter.
“This is an important change to defend against people who try to take advantage of our openness,” Twitter’s Yoel Roth and Del Harvey (VP of Trust and Safety) explained.
“We will be working closely with our Trust & Safety Council and other expert NGOs to ensure this change does not hurt someone in a high-risk environment where anonymity is important. Look for this to roll out later this year.”
from Help Net Security https://ift.tt/2tGI4iN
Know what’s happening on your network and make the most of your security tools
In an ideal world, all organizations would know at all times exactly what’s happening on their network: they would have deep enough pockets to buy the equipment and engage the personnel necessary to achieve this knowledge, no matter how much the speed and size of their network increases.
In this world, though, budgetary constraints force organizations to often ask themselves “Can we make do without this or will we have enough money for that?”, and a company that is making highly scalable, flexible and easy-to-deploy solutions is the answer to their needs.
Network Critical’s new SmartNA PortPlus network packet broker provides the solution for the total network visibility problem.
A trusted provider
Network Critical was founded twenty years ago by Alastair Hartrup, who is still the CEO. The company started out as a distributor of test and measurement products, but fairly quickly moved into the network visibility market and started designing and manufacturing network TAPs and network packet brokers.
The company has a reputation for leading the industry with innovative solutions and, with a long-standing US operation and manufacturing and assembly concentrated in both the UK and in the US, it has been able to provide its offerings to many US corporate businesses, federal agencies as well as the country’s uniformed service branches.
But its customers can also be found all over the world and in many different industries. In fact, anyone that runs either large global or regional network or data center can make good use of their TAPs and packet brokers.
The need for speed
“Historically, our competitors had high-end products and extremely high prices, but we’re trying to open the network visibility market up, to expand in the enterprise market as well as Tier 1 and Tier 2 environments,” Hartrup told Help Net Security.
The company aims to do so with SmartNA PortPlus, which can be custom-built to suit all operating levels, whether the end user is a large US conglomerate with datacenters across the globe or a business situated in one state with a head office and multiple branches.
SmartNA PortPlus is a packet broker, a hardware-based appliance that usually sits in the datacenter, in a rack alongside the performance monitoring and security equipment. Its main function is to give organizations total visibility of the network traffic so they can manage and improve its performance and enhance the efficiency of security tools: intrusion detection and prevention systems, SIEMs, VoIP, data leak protection solutions, and so on.
Packet brokers aggregate the traffic from numerous datalinks into a traffic streams. These traffic streams can be filtered and mapped to the correct output ports where the monitoring tools are connected. If that aggregated traffic is greater than the capacity of any single monitoring tool, the packet broker can load balance and distribute the traffic to multiple units.
Intrusion detection and prevention products can throttle the network down because everything has to pass through them, and that can impact performance and in-place service level agreements.
“We’ve recently worked with a very large carrier in the US and they wanted to have intrusion detection on their corporate network, particularly on their DMZ. But they realized that by having to look at every single byte to determine whether it was a malicious attack, the intrusion detection was slowing the customer experience down. By load balancing multiple IDSes we’ve improved the network’s performance, improving customer experience and allowing corporates to achieve the level of security they need for their due diligence and other set targets,” Hartrup shared.
“The IDS load balancing facility is a new feature that we’re adding to all our packet brokers. This is particularly of interest to vendors and people deploying intrusion detection systems, as they quite often need to load balance them to make them more effective, particularly in busy, high-availability environments.”
For security-focused tools, SmartNA PortPlus performs load balancing and discards the traffic these tools don’t have to look at. For performance monitoring tools, the traffic is mirrored: a copy is made of every single frame that’s active on the network and sent to them to look for performance problems, to calculate utilization statistics, to identify trends and discover where corporates need to focus their efforts.
“These tools are very expensive and clients want to make sure that they are getting as much data through them as they possibly can without overwhelming them. Our responsibility is to do precise traffic management to allow these tools to work at maximum efficiency,” he concluded.
SmartNA PortPlus: A game changer
Rapid advancements in network speeds are challenging for network architects and managers as well as security and network monitoring tools.
“It is much more complex to open packets, read, analyze and take action when the data is moving at one hundred billion bits per second than when the data is moving at ten billion bits per second. The dramatic increase in network link speed has led to a corresponding increase in complexity and price of the tools being used to monitor and protect networks,” Hartrup noted.
A combination of the latest chip technology, new software, and up to 192 available ports of different speeds (1/10/25/40/100Gbps) allows SmartNA PortPlus to provide visibility into very high-speed links links while taking advantage of less complex but nevertheless expensive network monitoring and security tools (both legacy and new ones).
At the same time, its programmable architecture has been built to support greater workload density, emerging protocols and new technologies. Effectively, SmartNA PortPlus allows organizations to cost-effectively scale their monitoring and security infrastructure and to future-proof it, and it has made these benefits available to organizations that aren’t blessed with extra deep pockets.
Aside from making the most of legacy tools, the packet broker also minimizes mistakes and configuration time through the Drag-n-Vu technology and an intuitive interface, which allows organizations to filter traffic based on IP addresses, protocols, ports and VLANs and to easily add complex filter rules and port mapping. This also means there will be no need to employ an army of professional services consultants to set up and manage the technology.
“We feel that SmartNA PortPlus is really going to change the market as it’s much more flexible and scalable than anything currently available today,” Hartrup explained.
“If an extremely high port density is required, we’ve got your back. You can add and take away capacity as you need it – the expansion of the solution follows that of the network. And we also provide fail-to-safe technology so we don’t become a single point of failure, which eases the customer’s pain of deployment.”
from Help Net Security https://ift.tt/2txqoH1
Tuesday, June 26, 2018
Dell EMC, technology partners and customers collaborate to speed time to AI
Dell EMC announced details of customer collaborations, services and expanded partnerships in efforts to help new developments in artificial intelligence (AI), machine learning (ML) and deep learning (DL).
These developments sharpen Dell EMC’s focus on democratizing HPC, optimizing data analytics with AI innovations, and making Dell EMC solutions available to more mainstream enterprises, while continuing to advance the HPC and AI communities.
Taking the HPC ecosystem as a whole – including servers, storage, middleware applications and services – the industry accounted for a record high $24.3 billion global revenue in 2017 according to Hyperion Research.
With an expected CAGR of 9.8 percent, the HPC research firm expects the sector to reach $38.4 billion by 2022, fueled by investments in big data, AI, ML and DL.
“Successfully deploying artificial intelligence, and its subsets of machine and deep learning, creates immense value, but real-world implementations can be complex,” said Thierry Pellegrino, vice president of HPC at Dell EMC.
“Based on decades of experience with leading institutions, and collaborations with our technology partners and strategic customers, Dell EMC provides an extensive portfolio of technologies – spanning workstations, servers, networking, storage, networking, software and services – to help businesses and organizations, of all types and sizes, deploy HPC solutions that make it simpler to accelerate their artificial intelligence efforts and reach their goals faster.”
Dell EMC HPC deployments fuel AI initiatives
Customers continue to collaborate and deploy Dell EMC HPC solutions to fuel a range of discoveries and solutions development including a strong focus on AI.
Recent deployments include:
- OTTO Motors, based in Kitchener, Canada, manufactures self-driving vehicles for material handling for a wide range of customers including multiple Fortune 100 businesses. OTTO automates material movement jobs like bringing raw materials to the line, cross docking pallets, and moving parts between processes. In order to support the advanced software development of their vehicles, OTTO Motors selected a modern IT infrastructure from Dell EMC. Backed by a range of on-premises Dell EMC PowerEdge servers with Intel Xeon Scalable processors and Dell EMC ProSupport services, OTTO Motors runs thousands of software simulations daily before deploying one of its self-driving vehicles at a client site.
- ZIFF, a Utah-based startup, pioneered the development of an AI database for unstructured image, audio and video data. Part of NVIDIA’s Inception program, Ziff needed to find a server that could help them scale out and that was built for the rigors of deep learning, so they implemented the Dell EMC PowerEdge C4140 server. With the Intel Xeon Scalable processors and four NVIDIA Tesla Tensor Core V100 GPUs in a 1U, 2-socket package, the server is helping with their ever-demanding deep learning workloads while dramatically increasing their uptime.
- Zenuity is developing software system technology to bring autonomous cars to market with HPC-as-a-Service managed by Dell EMC Infrastructure Managed Services, with Dell EMC PowerEdge servers, Dell EMC Isilon storage, VMware and RSA. High performance computing is wired into these vehicles as they process trillions of operations per second to “see,” with its sensors, all the images, mapping data and audio material picked up by its cameras. The latest on-board computers are now about the size of a license plate and have the capacity of 100-server-datacenter. With 16 sensors, they have enough power to process data detect objects, find the car’s place in the world, plan a path, and control the vehicle itself.
- The University of Sydney’s Artemis 3 supercomputer is based on the PowerEdge C4140, the most powerful Dell EMC compute platform to date, containing the latest generation Intel Xeon Scalable processors and four NVIDIA NVLinkTM connected Tesla V100 GPUs per server. The Artemis 3 embraces AI and deep learning to support geophysics, cosmology, genomics and proteomics projects. With a greater number of research problems being data-driven, the Artemis 3 allows for faster processing of data to provide answers to scientific questions that were previously unanswerable.
Dell EMC expands HPC industry collaborations
In addition to a broad ecosystem of HPC partners, Dell EMC has expanded its partnerships with CoolIT Systems, Intel and NVIDIA, increasing collaboration on separate efforts within the Dell EMC HPC and AI Innovation Lab, the 13,000 square-foot showcase and operational data center in Austin, Texas.
This lab hosts the Dell EM Zenith system, which recently has exceeded 1 PetaFLOPS of sustained performance, ranked as #265 on the latest TOP500 list of highest performing HPC systems.
Collaborating with CoolIT Systems, the lab has installed a liquid cooled rack, designed to enable customers and partners to optimize and tune their unique data center workloads on liquid cooled Dell EMC PowerEdge C6420 servers.
These servers work in conjunction with corresponding CoolIT Coolant Distribution Units (CDUs) and Rack Manifold products to deliver a complete data center liquid cooling solution that uses water to cool the CPUs, eliminating the need for chilled water in most data centers.
Dell EMC and NVIDIA are collaborating on two key initiatives focused on providing expertise and large-scale lab environments to help customers prove out AI use cases.
In the Dell EMC HPC and AI Innovation Lab, the Rattler cluster enables data science, software development and testing of large-scale GPU applications to demonstrate business value.
Dell EMC and NVIDIA also are collaborating through the NVIDIA Deep Learning Institute to teach customers to solve challenging problems and advance innovation in HPC, data analytics and artificial intelligence.
Dell EMC’s continued collaboration with Intel includes the availability of Intel Xeon Scalable processors and the Intel FPGA (field programmable gate array) Programmable Acceleration Card (PAC) with a range of Dell EMC PowerEdge14th generation rack servers to support customers’ low latency, real-time AI efforts.
New Dell EMC services simplify HPC for organizations of all types
Dell EMC introduced two services for HPC environments – ProDeploy for HPC and ProSupport Add-on for HPC. The company’s services experts make the HPC solution implementation simple, flexible and worry free from consulting to installation and configuration to comprehensive, single source support.
Dell EMC AI Challenge finalists
This May, Dell EMC launched its own AI Challenge, encouraging entrants to demonstrate practical application of AI technology with a transformational impact on business, research or society.
The top finalists will receive exclusive remote access to a Dell EMC HPC and AI Innovation Lab cluster powered by PowerEdge C4140 servers to run and prove out their proposals.
Availability
- Dell EMC PowerEdge C6420 servers are available with liquid cooling.
- Dell EMC ProDeploy for HPC and ProSupport Add-on for HPC services are available in more than 50 countries.
“Every single piece of software that we develop is simulated hundreds or thousands of times before it sees a robot in test, much less a robot in one of our client sites. Having reliable compute infrastructure is critical for this. Dell EMC PowerEdge servers are the foundation of the work we do at OTTO Motors. They provide the automation, security, flexibility and reliability we need to focus on what we do best as a company and at a fraction of the cost of outsourcing to a cloud provider.” – said Ryan Gariepy, co-founder and chief technology officer, OTTO Motors
“Over the last five years, Dell has grown faster than any other major HPC vendor, Dell EMC is delivering the entire solution stack to make HPC and artificial intelligence easier for organizations. Dell EMC’s approach is helping to expand the HPC market to include both traditional and emerging HPC workloads and simplifies technology adoption for non-traditional HPC adopters.” – said Dr. Earl Joseph, CEO, Hyperion Research, LLC
“By providing the opportunity to witness liquid cooling in action, Dell EMC allows customers to assess configuration options and performance capabilities before taking the next step to implementation. CoolIT is proud to enable PowerEdge servers with liquid cooling to support higher wattage processors for increased performance, energy efficiency and rack-level density in today’s modern data center.” – Patrick McGinn, vice president, product marketing and business development, CoolIT Systems
“Artificial Intelligence is a strategic imperative for every major industry and company. Dell EMC PowerEdge servers with NVIDIA Tensor Core GPUs provide a unified platform for accelerating HPC and AI to help enterprises innovate with incredible speed in ways previously not possible.” – said Ian Buck, vice president and general manager, NVIDIA Tesla Data Center Business
from Help Net Security https://ift.tt/2tEPbbr