Friday, November 30, 2018
The Amazing Story of Hedy Lamarr, Movie Star and Prolific Inventor
Hedy Lamarr is became a household name as a star in the golden age of Hollywood, but behind the scenes, she was also one of the greatest minds of the 20th century.
In the latest installment of Lifehackers of History, we look at Lamarr’s remarkable achievements, including patenting frequency hopping in 1942 (thus setting the stage for future Bluetooth technology); designing airplane wings for Howard Hughes; and handing over Mussolini’s secrets to the allies. She’s perhaps the only person to have a star on the Hollywood Walk of Fame and be a member of the National Inventor’s Council.
from Lifehacker https://ift.tt/2AGzJPQ
Industry reactions to the enormous Marriott data breach
On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States. Marriott engaged security experts to help determine what occurred. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014.
The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.
The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.
For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using AES-128. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.
Here are some reactions Help Net Security received about this incident.
Ollie Whitehouse, Global CTO, NCC Group
Marriott Hotels should have identified this breach through their cyber due diligence of Starwood in 2016 when it acquired the company. As result of buying a breach they will face a number of challenges at a board level around the levels of governance and diligence within the business. Had it performed a detailed compromise assessment as part of its due-diligence activity, the organisation’s board would have been informed of the breach and been able to make a decision based on risk or put other warranties in place.
Since the compromise started in 2014, the breach doesn’t fall under the remit of GDPR. However, the fallout would be incredibly severe under this regulation, and therefore any organisation looking to undergo an M&A deal now or in the future should learn from this example and ensure a comprehensive cyber security and compromise assessments are carried out to inform their understanding of risk.
Matthew McKenna, VP EMEA, SecurityScorecard
Although the Starwood Marriott Merger was completed in September 2016, the aspects of merging organisations of this many brands and complexity operationally, from an IT, risk and security perspective is daunting. The likelihood of exploitable remnants of security vulnerabilities being left behind over the years that could have been exploited is one potential likelihood. Did Starwood and Marriott have clear visibility and oversight of the cyber risk implications of merger early enough to foresee such risk and at a second dimension did they have a strong enough understanding of the risk their supply chain was introducing into the organisation and to the overall security of their data?
With the ever-changing nature of cyber security threats, no company can ever truly guarantee even its own internal security. With the added complexity of connections to third party providers and supply chains, ensuring security becomes an even more difficult task.
Matt Aldridge, Senior Solutions Architect, Webroot
What’s interesting about this incident is that Starwood were breached two years prior to the Marriott acquisition, which brings up the question of “To what extent should Merger & Acquisition due diligence extend to cybersecurity audit, and if indeed this was done at the time, why did it not uncover this issue?” A prior breach is a real risk issue for a company to take on, and needs to be considered. Cyber hygiene needs to be embedded into business processes at all levels.
There’s a risk that this attack may have spread from Starwood systems into Marriott’s systems. It will be interesting to learn more as further details emerge, including whether the encryption keys were also exfiltrated, unlocking the payment cards of millions of Starwood customers. The travel and hospitality industry are a prime target for cyberattacks thanks to the wealth of data they hold – from payment information through to passport detail – which can be used to commit further crimes.
Matt Walmsley, EMEA Director, Vectra
With a real treasure trove of valuable personal information having been lifted, this is undoubtedly going to damage the Marriot Starwood brands, and could have a significant direct impact for their affected customers identity assurance.
With more than two months between the initial detection time on 8th September 2018 and public disclosure of the breach, depending on what they knew and when, the disclosure window may contravene the GDPR 72-hour notification requirement.
With regards to the breach itself, exfiltrating the data inside encryption may have been an attempt to circumvent security controls such as data loss prevent systems. Having systems watch for exfiltration like behaviours, rather than trying to inspect the data payloads can provide a way for handling this challenge. It’s not yet clear exactly what tool flagged the attack but it’s reasonable to believe, based upon their publish description, that it was only detected late in the attack lifecycle. Attackers generally have to make multiple steps and behaviours before they are able to steal or manipulate behaviours. Therefore, detection of these early stage behaviours is key.
This breach also demonstrates that incident response continues to take too long, and in many cases the result is security teams trying to figure out “what just happened, how do we stop it happening again?” rather than spotting, understanding and closing down an attacker earlier in its lifecycle to minimise or stop a breach occurring.
Equally, current manual threat hunting and forensics take too long, and we need to find ways to reduce this. It’s here that automation of some of the tasks, often powered by AI, can significantly reduce the noise of alerts and unrelated information that analysts have to plough through to build up an understanding. In this way, analysts and forensic investigators can augment themselves with automated tools that allow them to act with speed and efficacy that humans alone simply cannot achieve.”
Joseph Carson, Chief Security Scientist, Thycotic
What is shocking about this data breach is that the cybercriminals potentially got away with both the encrypted data as well as the methods to decrypt the data which appears that Marriott have not practiced adequate cybersecurity protection for their customers personal and sensitive information.
The major problem of such data breaches in the past is that those companies who have been entrusted to protect their customer data have only offered up to one year of identity theft protection. But, many of the identity information that is stolen typically can last between 5-10 years such as drivers licenses and passports. So while victims may get some protection, they are at serious risk for years unless they actively replace compromised identity documents which is done at a cost. Companies who fail to protect their customers should be at least responsible for the cost of replacing compromised information and documents rather than deflecting responsibility and accountability.
This latest major data breach will raise questions to when Marriott knew about the breach and whether or not they complied with global regulations such as the EU General Data Protection Regulation which imposes financial penalties of 20m Euros or 4% of annual turnover. If you are a customer of the latest Marriott data breach then it is important to know what data is at risk and consider taking extra precautions as well as changing your Marriott account password.
Tom van de Wiele, security consultant, F-Secure
The hack was targeted at a part of the company that Marriott acquired as few years ago, being Starwood. This is a common trend where it’s usually not the main company that is targeted but rather attackers aim to compromise the softer underbelly of the organisation, which are usually IT service providers, contractors and other entities with a high number of interactions within the company. Interactions mean a lot of moving parts to try and control, while other acquisition and fusion efforts are going on. Things like the integration of IT systems and the security thereof take a lot of time between two companies that have to merge requirements, security policies, IT environments, technology stack and company cultures. Some risks are addressed, others are excepted.
The most disappointing part of this hack is the fact that the amount of data stolen is one of the bigger ones of the last few years and further made worse by the fact that the compromise had been going on for at least four years according to several online publications. This indicates that as far as security monitoring and being able to respond in a timely and adequate fashion, Marriott had severe challenges being able to live up to its mission statement of keeping customer data safe.
The real root cause of this might never be known but when looking at other companies that have experienced similar situations – for which F-Secure has performed incident response – the reason for this long detection and response time is usually a general lack of maturity in the detection strategy of the company when trying to find relevant information to track potential incidents.
Being able to prioritise what is important for the business i.e. customer data, and placing detection points at the right choke points while being able to respond to, is absolutely crucial for any company trying to guard and protect customer data of any kind.
Some media have reported the database being potentially encrypted is a good thing. Companies should assume a breach will occur and, with that, assume that their database of valuable information can be stolen by an attacker. Following the defence-in-depth principle, this is the right thing to do – to provide layers of protection or resistance to limit the impact of the attack. But the customers of Marriott and Starwood should still take precautions and not get their hopes up. After all is said and done, encryption and the encryption of data is still dependent on who has the keys to be able to decrypt, or, make the information readable again. Having locks on doors is great, but not if you are only doing it to say that you have locks and keep a key handy under every doormat.
Ilia Kolochenko, CEO, High-Tech Bridge
Looks like one more tremendous data breach related to insecure web applications. Many large companies still do not even have an up2date inventory of their external applications, let alone conducting continuous security monitoring and incremental testing. They try different security solutions without a consistent and coherent application security strategy. Obviously, one day such an approach will fail.
Regulations, such as GDPR, do not necessary help. In the past two years many companies were over-concerned to comply with GDPR on paper, ignoring practical security requirements due to limited budget and resources. Management is often satisfied with a formalistic approach to compliance, ignoring the practical side of cybersecurity and privacy.
Legal ramifications for Marriott and its subsidiaries can be tremendous, from harsh financial penalties from authorities in many countries to individual and class-action lawsuits from the victims.
Kevin Curran, Senior IEEE Member and Professor of Cybersecurity at Ulster University
This is not the largest data breach by any means although 500 million is no small number and potentially a very sensitive data breach. The sensitive data stolen in this breach can be used by criminals for identity theft where they could convince targeted individuals to give up vital, personal infomation, like a password or access to banking sites. The more convincing a phishing email is – the more likely someone is to reply to it.
The reason we are seeing so many data breaches this year is simply an indication of where we are in time. We are situated between a time where companies really face no penalties for poor storage and protection of data – apart from reputation loss – and a future world where organisations will be fined enormous sums for allowing data to leak. People are also in a semi-state of ignorance (or deliberate ignorance) of safe computing practices.
A recent report stated that cybercrime damage is to hit $6 trillion annually by 2021. Cyber theft is simply becoming the fastest growing crime in the world. Gartner reports that this rising tide of cybercrime has pushed cybersecurity spending to more than $80 billion in 2016. A major problem is that there is a severe shortage of cybersecurity talent with unfilled cybersecurity jobs to reach 1.5 million by 2019.
In the wider context, according to the National Crime Agency Cyber Crime Assessment 2016 report, cybercrime accounted for 53 per cent of all crimes in 2015. This percentage is rising steadily each year. We can expect to see cybercrime continue to develop into a highly lucrative and well organised enterprise.
Cyber criminals whether state sponsored or not are even beginning to devote funds to research and development as yet. Criminals are increasingly moving online because this is where the money is. The annual Mary Meekers state of the Internet report for 2017 reports that Network Breaches are increasingly caused by email spam/phishing. In fact spam has increased 350% in one year. The trend for ransomware is also showing worrying trends. Malwarebytes show increase from 17% in 2015 to 259% in 2016. Across the board we are seeing increases in attacks and breaches like Marriott will only make this problem worse.
Geoff Forsyth, CTO, PCI Pal
The fact that Marriott exposed the personal info of approximately 500M guests, with 327M members having their sensitive data including names, contact info, passport numbers, travel information, and potentially credit card numbers exposed, may be just the start of the company’s concerns.
We recently conducted consumer research which found that 83% of consumers will stop spending with a business for several months in the immediate aftermath of a security breach like the one faced by Marriot today. Even more significantly, over a fifth (21%) of consumers will never return to a business post-breach, representing a significant potential revenue loss. To put this in perspective, one fifth of Marriot’s reported $398M in Q1 2018 earnings equates to approx $79.6M.
Add to this the fact that consumers are starting to perceive certain sectors as more risky than others as a result of security breaches such as this one – the same research found that consumers already think the travel sector is the second most risky when it comes to security, after retail.
For consumer facing businesses, these findings should serve as a stark warning to ensure that they are implementing online and voice payment security measures, or face negative, and potentially long-lasting revenue and reputation consequences.
Tom Kellermann, Chief Cybersecurity Officer, Carbon Black
It appears there had been unauthorized access to the Starwood network since 2014, demonstrating that attackers will get into an enterprise and attempt to remain undetected. A recent Carbon Black threat report found that nearly 60% of attacks now involve lateral movement, which means attackers aren’t just going after one component of an organization – they’re getting in, moving around and seeking more targets as they go.
The report also found that more than a third (36%) of today’s attackers now use the victim primarily for island hopping. In these campaigns, attackers first target an organization’s affiliates, often smaller companies with immature security postures and this can often be the case during mergers and acquisitions. This means that data at every point in the supply chain may be at risk, from customers, to partners, to potential acquisitions.
from Help Net Security https://ift.tt/2Q5sqeX
The Cult-Favorite AeroPress Coffee Maker Is Just $22
Even at full price, Aerobie’s AeroPress coffee maker is easily the cheapest and easiest way to make terrific coffee, and you can grab a very rare discount on yours today. It was on sale for $24 on Black Friday, but today’s deal is actually slightly cheaper.
Amazon’s is selling the Aeropressfor $22 today, down from the usual $30 (which is an absolute steal, for the record). Unlike most products on Amazon, that price basically never moves, so if you’ve had your eye on this thing, I wouldn’t recommend waiting.
This is one of the easiest ways to make great coffee while traveling, and also a surprisingly great machine for making iced coffee as well, so you can really use it 365 days per year.
While you’re at it, we highly recommend picking up a reusable stainless steel filter to go with your new toy. It’s only $9, and it’ll pay for itself over time.
from Lifehacker https://ift.tt/2LocaiB
Huge Marriott breach puts 500 million victims at risk
Marriott has today revealed that its Starwood guest reservation database has been subject to unauthorised access “since 2014”. The scope of the data breach is huge, covering nearly five years and approximately 500 million guests.
The company has created a website to deal with the breach at info.starwoodhotels.com (note that at the time of writing it redirects to answers.kroll.com).
Who’s affected?
The company warns that if you made a reservation at one of its Starwood brands in the last five years then you are at risk:
If you made a reservation on or before September 10, 2018 at a Starwood property, information you provided may have been involved.
According to Marriott its Starwood brands include: Starwood branded timeshare properties, W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.
What data is at risk?
It seems that different guests may be subject to different levels of exposure, according to how much data they shared. Until you have successfully confirmed your level of exposure with Marriott, you should assume the worst.
Information put at risk by the breach includes “some combination of” name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, communication preferences, payment card numbers and payment card expiration dates.
Although payment card numbers were encrypted, thieves may have stolen the information required to decrypt them.
What happened?
Marriott has not revealed what events or security failures occurred (it may not yet know), but it has released some details about how it discovered the breach.
The company says that on 8 September 2018 it was alerted to an unauthorised attempt to access the Starwood guest reservation database. Security experts called in to deal with the incident revealed that unauthorised access to the Starwood network started as far back as 2014, two years prior to Marriott’s acquisition of Starwood.
On 19 November 2018, Marriott learned that a recent attempt to encrypt and exfiltrate data from the network had included data from the Starwood guest reservation database.
As you can see from what Marriott has revealed so far, it can be difficult for everyone concerned to tell the difference between data that has been put at risk and data that has actually been stolen.
Until they can confirm otherwise, victims would be prudent to assume they amount to the same thing.
What to do?
Website and call centres
If you think you may be affected, make a point of checking the official breach website regularly, particularly its frequently asked questions section. Remember, it’s likely that Marriott is still learning about the breach and adapting to the situation it finds itself in.
Marriott says it has established a dedicated, multilingual call centre that will be open seven days a week. You can find your local call centre number by clicking on the large Call Centre Information link on the main page of the breach website.
Emails
Marriott has begun sending emails to affected guests whose email addresses are in the stolen database. This represents a huge potential opportunity for email scams, so the company has sensibly set out some guidelines to help you identify if an email is genuine:
- The email will come from starwoodhotels@email-marriott.com
- It will not contain attachments or requests for information
- It will only link to the official website
Web monitoring
Marriott is offering victims in the USA, UK and Canada a free, one year subscription to something it calls WebWatcher, which it describes as a service that monitors “internet sites where personal information is shared”.
Don’t Google it. If you Google WebWatcher you won’t find the monitoring service, you’ll find lots of links to spyware of the same name. Don’t sign up for that!
Do follow the links to country-specific versions of the official breach site. You cannot sign up for monitoring from the main breach page, you have to go to the all-but-identical versions of the page for the US, UK or Canada.
On those pages you’ll find local call centre phone numbers and large, grey (and surprisingly easy to miss) Enroll Now buttons. They link to an enrolment form for Kroll’s ID monitoring service, and they look like this:
Precautions
- Review your accounts. Review your bank or payment card accounts for suspicious activity, and if you’re a member of Marriott’s Starwood Preferred Guests program, monitor your SPG account for suspicious activity too.
- Beware of scams. Criminals may look to exploit anxious victims with fake websites or phishing emails, messages and phone calls. These may be well disguised so don’t click on any links, and verify anything you encounter by heading directly to the official breach website or calling the official call centre numbers.
- Report ID theft. If you think you’re a victim of identity theft, or if your stolen information has been misused, contact your national data protection authority or local law enforcement.
- Change your password if you have a Starwood Guest Account. If you used the same password on other websites or services, change those too. Choose different, strong passwords for each one.
from Naked Security https://ift.tt/2DSM32u
Code Dx Enterprise offers new dashboard providing AppSec visualization
Code Dx released the newest version of its Code Dx Enterprise. Code Dx 3.5 now offers a new dashboard with metric visualization, providing AppSec professionals with information about all of their application testing activities—all in one place, to provide an understanding of their application’s security status.
“We partnered with leading cybersecurity visualization experts to conduct research to determine what information AppSec practitioners really need to see and how that data should be shown,” said Ken Prole, CSSLP, chief technology officer at Code Dx. “Now, users of Code Dx Enterprise have a complete dashboard that guides them through the entire AppSec testing process, presenting all the information from multiple testing tools in one place and in a way that makes sense to them.”
The new dashboard shows users metrics and information about all of their testing activities, not just reports from single tools. They can explore this data to determine which tools are working well for their AppSec program, and identify security and vulnerability trends.
In addition to the new dashboard, Code Dx version 3.5 also offers two-way Jira integration and MISRA (Motor Industry Software Reliability Association) compliance. Code Dx is committed to working with the regulatory and industry standards. By adding MISRA compliance mapping, organizations can now ensure that their code complies with this standard.
from Help Net Security https://ift.tt/2AAQSdG
Deadspin Kevin Durant Is Absurd | The Grapevine CNN Fires Marc Lamont Hill After Israel Comments | T
Deadspin Kevin Durant Is Absurd | The Grapevine CNN Fires Marc Lamont Hill After Israel Comments | The A.V. Club Scott Pilgrim is more zero than superhero, but his movie is still a zippy comic-to-screen delight | Jezebel Of Course Thrillist Knew About The Burger Guy’s Domestic Violence Conviction | Splinter And Now a Very Legal and Also Very Cool Revelation From the President |
from Lifehacker https://ift.tt/2zB2rSf
Three-Rotor Enigma Machine Up for Auction Today
Sotheby's is auctioning off a (working, I think) three-rotor Enigma machine today. They're expecting it to sell for about $200K.
I have an Enigma, but it's without the rotors.
from Schneier on Security https://ift.tt/2BIyMYL
Thursday, November 29, 2018
The fundamentals of network security and cybersecurity hygiene
Infrastructure and network security
The two fundamental building blocks to ensuring that your data is secure are physical infrastructure and network security. Understanding and protecting your information from threats and human error require meticulously layered security protocols.
Physical infrastructure
Last year, British Airways canceled over 400 flights and stranded 75,000 passengers because of an IT outage caused by an engineer who disconnected a power supply at a data center near London’s Heathrow airport. When it comes to data centers and networks, even minor human errors can have a major impact on businesses and their customers.
With the exorbitant costs and human resources required to maintain an on-premise system, organizations should be looking to the public cloud companies who have the necessary resources to properly manage and secure their data centers.
Public cloud companies bring capital and expertise to the table. Their physical infrastructure and data centers are much better protected than what most companies could put in place on their own. For example, Google’s focus on security and data protection is ingrained in their company culture and technology solutions. With that in mind, it is the primary design criteria when they are constructing their data centers.
Google uses a layered security model that includes safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometrics, and laser beam intrusion detection on the data center floor. The data centers are also monitored 24/7 by high-resolution cameras that can detect and track intruders. Access logs, activity records, and camera footage are available in case an incident occurs. Furthermore, it is only possible to access the data center floor using a security corridor which features multi-factor access control that requires a security badge and biometric confirmation. Only approved employees with specific roles are provided with the credentials necessary to enter it.
Network security
If you think that your firewalls are secure, think again. Physical security is important but protecting your network is just as vital. It’s like an arms race between the defense – on-premise firewalls and security systems – and hackers. Almost half (48%) of organizations who suffered a cyberattack identified the root cause of their data breach as a malicious or criminal attack.
Not only are internally-built firewalls typically poorly managed and more vulnerable to being hacked, they are also unable to provide organizations with the necessary risk alerts. The only companies that truly have enough properly trained staff and dedicated resources to stay on top of network security are public cloud companies.
With so many vulnerabilities out there, from the five backdoors that Cisco discovered this year to the notorious USB Conficker worm, you need the best protection. Without regular maintenance, hackers can and will break through your firewalls and other off-the-shelf security software. Merely having a firewall is not enough to ensure that the data that is housed in your company’s network is secure. However, the constant testing, maintenance, and upgrades are too rigorous for many businesses trying to go it alone.
On the other hand, some top cloud companies employ hundreds of security and privacy professionals in their software engineering and operations divisions. Employees of public cloud companies include some of the world’s foremost experts in data, application, and network security – publishing hundreds of research articles on information security and cryptography every year. Their highly specialized teams are broken down into more agile departments that are dedicated to disciplines that include security, privacy, internal audit and compliance, and operational security. This level of specialization ensures that customers’ security needs receive even more detailed attention.
Software updates
Many of the network vulnerabilities described in the previous section were quickly fixed by the vendors after they were found, but this is not enough. Companies also need to update their operating systems, databases, and web servers for the patches to be applied. Many are neglecting this responsibility. When software isn’t properly updated to protect against the latest cyber threats, the entire company is put at risk.
When it comes to software maintenance, there’s more to it than upgrade and installation costs. The ability to keep a company’s software stack updated is also dependant on the capabilities of the corporate IT team and the individual employees who use company-issued or personal devices for work. It’s also challenging to update systems and devices without service interruptions. Many IT departments will delay the deployment of critical updates to minimize the impact of interruptions.
This is a common pitfall of organizations who use software beyond the official end of support date. This puts such organizations at a huge risk, not being able to patch critical vulnerabilities. For example, as was the case with WannaCry. Patches for the old software were not available as the end of support date was in 2014.
The implications of a software vulnerability can be as severe as any other IT security breach. For example, IHG released data showing that cash registers at more than 1,000 of its properties were compromised by malicious software that was designed to siphon customer debit and credit card data.
Employing dedicated vulnerability management, malware prevention, and monitoring teams, Google provides its customers with a secure business platform. Google’s malware strategy uses manual and automated scanners to scour their search index for domains that may be vehicles for malware or phishing schemes. Google also utilizes multiple antivirus engines in Gmail and Drive as well as on their servers and workstations to help identify malware that may have been missed by other antivirus programs.
User authentication
Getting document permissions and user authentication right goes a long way to ensuring proper organizational security. It’s important to make sure that the people who are accessing your data are who they say they are. This can be achieved with strong passwords, multi-factor authentication, and physical security keys; all things in which public cloud companies are investing heavily.
For example, Google’s Titan Security Key uses multi-factor authentication to protect users from attacks. Hackers may be able to steal your password in the digital world but they will have a much harder time stealing a physical security key. With multi-layered authentication practices, organizations reduce the risk of unauthorized persons being able to pose as approved users.
Just look what happened back in 2017 when Deloitte, once named “the best cybersecurity consultant in the world” by Gartner, failed to use multi-factor authentication. Hackers were able to access Deloitte’s network after cracking the password of an administrator account that didn’t require multi-factor authentication. This gave the cybercriminals unrestricted access to the company’s emails and email attachments. Had Deloitte been using multi-factor authentication, the hackers would not have had the secondary identifier that they would have needed to log in and the account owner would have been alerted about the unauthorized use of their account – things that would have likely prevented the breach.
Still, it’s not just about passwords. It’s also about having the right policies and procedures in place. A public cloud solution provides customizable permissions and integrated workflows that help improve security and increase productivity. Organizations can monitor who is trying to access their network and proactively block unknown devices from connecting.
from Help Net Security https://ift.tt/2ABGsul
IBM QRadar Advisor with Watson expands knowledge of cybercriminal techniques
IBM Security unveiled new capabilities for the company’s AI-based security platform, QRadar Advisor with Watson, which expand the platform’s knowledge of cybercriminal behavior and allow it to learn from security response activities within an organization.
IBM Security also is embracing the open-source MITRE ATT&CK framework, a playbook to help analysts understand how an attack has evolved and what might happen next based on real-world observations from the security community.
With some estimates predicting as many as 3.5 million cybersecurity vacancies by 2021, security teams today are struggling with the capacity and skills needed to analyze and respond to a massive amount of cybersecurity incidents and alerts.
The use of AI and machine learning technologies like QRadar Advisor with Watson, which learns from the latest research available in the external security community as well as activities happening within an organization, can equip analysts with the knowledge and automation needed to help them escalate critical threats faster and more effectively.
As part of the latest release, IBM has developed new analytic and learning models which enable QRadar Advisor to identify attack patterns and adapt to the local client environment. This learning loop gets smarter with time based on additional interactions and engagement with analysts, allowing the tool to provide recommendations on how to respond, as well confidence ratings based on how incidents align with historical data.
“Standards like MITRE ATT&CK, which take advantage of the collective knowledge of the security community, are crucial to advancing the industry and helping security teams stay ahead of increasingly sophisticated threats,” said Chris Meenan, Director of Security Intelligence Offering Management and Strategy, IBM Security.
“Combining the ATT&CK framework of known adversary tactics with Watson for Cyber Security’s ability to stay current on the latest security research, QRadar Advisor can help arm analysts of all levels with the knowledge needed to better respond to the threats they’re facing.”
Connecting the dots for decisive threat escalation
MITRE ATT&CK is an open-source playbook of cybercriminal behavior developed with real-world examples and insights from cybersecurity experts across the industry, which defines step-by-step patterns and actions that a threat can take as it evolves.
Using the ATT&CK framework, QRadar Advisor with Watson is moving beyond identifying the threat and providing external research on it, to now also shedding light on how external attacks and internal threats have progressed within the client infrastructure – for instance, whether a malware has just landed within an organization, or if it has collected data such as passwords or credit card information.
This added context also includes a confidence level as well as the evidence for each stage of the attack. By helping analysts visualize how an attack has evolved, this capability allows analysts to understand where an incident stands in a threat lifecycle and what it might do next, which can improve response times and effectiveness.
These additional insights from QRadar Advisor can augment the skills of analysts and help them connect the dots to see the full scope of an attack in a way that a higher-level analyst or threat hunter could do. Advisor can also use ATT&CK to recommend an incident escalation process to analysts, helping them understand the next steps to take based on where the threat falls in its lifecycle. Leveraging the ATT&CK framework allows QRadar Advisor to provide this context in an industry standard that maps to company’s incident response playbooks.
Applying new learning models to threats within an organization
IBM Security is also deepening the intelligence of QRadar Advisor with Watson by enabling it to learn and contextualize behavior of threats and security response actions happening inside an organization.
The initial release of QRadar Advisor with Watson enabled Watson to gather, read, and understand structured and unstructured security data from external sources, and bring the relevant information to analysts’ fingertips to help them understand what was already known and published on a specific threat.
Now, QRadar Advisor is also learning from the actions being taken within customers’ environments – both events happening in real time, as well as what has happened with certain types of events historically. Two new capabilities IBM is introducing for QRadar Advisor include:
- Threat disposition models: QRadar Advisor uses new algorithms to build a model for specific types of threats, based on the actions and outcome of previous similar events that have happened within an organization. When a new investigation comes in, this model can be used to help rule out false positives, or help the analyst decide whether the threat should be escalated as malware, data exfiltration, or other specific types of threats. This capability becomes intelligent the more it’s used, learning and adapting based on interactions with analysts.
- Cross-investigation analytics: Within a company’s Security Operation Center (SOC), multiple analysts may be working on different offenses which are related to each other, or alerts over many months might be part of a long-term adversarial campaign. This capability allows QRadar Advisor to find commonalities across investigations using cognitive reasoning, and group together investigations that are related to avoid duplication of efforts, as well as provide fuller context to aid in the investigation.
Combining these new learning models, which add context to activities within the network, with Watson for Cyber Security’s investigative capabilities and ability to digest current research being published in the security community, analysts can now use QRadar Advisor to help drive investigations and respond faster and more efficiently.
from Help Net Security https://ift.tt/2DRQ7jp
Gemalto unveils cloud access management enhanced for smart card users
Gemalto launched a solution that will enable organisations which have invested in Public Key Infrastructure (PKI) security applications to leverage their investment without compromise on security or user experience when moving to the cloud.
Through SafeNet Trusted Access, organisations whose employees log into enterprise resources with smart cards can use those same credentials to access cloud and web-based apps and benefit from single sign on (SSO).
PKI hardware’s limitations meant companies could not adopt cloud and mobility projects without having to replace their security framework. As a result, companies have been using smart cards and tokens to allow their employees to authenticate themselves while accessing corporate resources, but this was limited to activity within the enterprise perimeter. In addition, companies that use PKI credentials for email encryption and digital signing have also been limited to on-premises environments.
This new offer from Gemalto enables employees and organisations to benefit from SSO and PKI-based authentication, making it easier and more secure to access cloud and web-based apps and resources from wherever and on any device. Employees will no longer have to re-authenticate each time they access a resource with their smart card, while allowing enterprises to maintain security when needed.
In addition, Gemalto will also help users access PKI applications from new environments, including mobile devices and virtualised desktops environments (VDI) and use PKI credentials for security applications including digital signing and email encryption.
“As much as cloud computing is recognised for its many benefits, the reality for most firms is that they will be operating in a hybrid environment for years to come,” said Garrett Bekker, Principal Security Analyst at 451 Research. “By enabling firms to extend their existing PKI investments to cloud and web-based resources, SafeNet Trusted Access can help firms build on their existing security frameworks to accelerate their digital and cloud transformation.”
Gemalto is offering different ways to build on current PKI investments, so companies embrace digital transformation without compromising on security.
- Enabling cloud transformation: Organisations can extend PKI credentials to access policies, allowing CISOs to maintain security in the cloud by triggering the use of step up PKI-based authentication to cloud and web-based apps when needed.
- Facilitating mobility: Employees can access enterprise applications within virtual environments with their PKI credentials. This means that employees and consultants will be able to perform all the same actions they would perform with a smart card, with a virtual smart card.
“With the rapid development and adoption of cloud services, many organisations are struggling to balance their digital transformation projects with the need to keep themselves secure,” said Francois Lasnier, senior vice president of Identity and Access Management at Gemalto.
“For organisations that are using high assurance PKI deployments for an added layer of security, our SafeNet Trusted Access solution makes it easier for them to expand into the cloud, virtual desktop infrastructures and mobile devices easily and securely, without putting themselves at risk. Our solution enables companies to allow their employees to operate as normal, while introducing them to the benefits of cloud, mobility and SSO.”
from Help Net Security https://ift.tt/2QwZmws
Exabeam announces Smart Timelines and a single user interface to end ‘swivel chair’ incident response
Exabeam released two new features: Exabeam Smart Timelines and a single user interface (UI), as part of its ongoing mission to improve security analyst productivity.
The additions to the Exabeam security information and event management (SIEM) platform will offer detection, investigation and response to threats. The company also announced the general availability (GA) of its Threat Intelligence Service to its customer base.
Smart Timelines incorporate indicators of compromise (IOCs) from the Exabeam Threat Intelligence Service, including suspicious IP addresses, blacklisted IP addresses, known phishing URLs, and malicious file signatures.
By automating the task of timeline creation and stitching together normal and abnormal behaviours for users and devices, Smart Timelines put an end to a problem for security analysts– known as ‘swivel chair’ incident response– in which workflows require multiple products with different interfaces and credentials. Now, investigators can pinpoint anomalous events and improve their productivity for incident investigation and threat hunting.
“Exabeam Smart Timelines allow us to quickly analyse and understand when there is a threat, so my team can spend their time acting on the evidence and outmaneuver our adversaries,” said Ryan Clarque, senior manager, Global Cybersecurity, Levi Strauss & Co.
Ian Lee, manager, IT Security and Compliance, Hudbay Minerals, reiterated Clarque’s point: “Exabeam Smart Timelines stitch together events from various sources, making it easy for us to identify anomalous activity in our environment.”
The Threat Intelligence Service behind Smart Timelines is a cloud threat intelligence feed that provides context for potential attacks, which SOCs need, by uncovering IOCs and malicious hosts. As part of the service, Exabeam aggregates IOC feeds and applies machine algorithms to remove false positives before downloading the feeds on a daily basis to Exabeam Data Lake and Exabeam Advanced Analytics.
The Exabeam Security Management Platform now also has a single, unified UI for detection, investigation and response. Having fewer tools to master means that engineers have a reduced learning curve. Additionally, the ability to move from investigation to case management to response without needing to assemble information from multiple disparate systems reduces the chance for human error. By spending more time on investigation, teams decrease the mean time to detect (MTTD) and mean time to respond (MTTR).
“We know that SOC teams are severely time constrained and under intense pressure, due to staffing issues and ubiquitous cyberthreats. Manual tasks like reviewing logs to understand the full scope of an attack can be unnecessarily burdensome,” said Trevor Daughney, vice president of Product Marketing at Exabeam. “Considering how overloaded the SOC team is, we want to end fragmented workflows and combine disparate systems and interfaces, so that critical alerts for distributed attacks aren’t missed.”
Other new features of the Exabeam Security Management Platform include:
- SAML integration for single sign-on (SSO) authentication with identity and access management (IAM) vendors like Okta, Ping and Google,
- Granular role-based access control (RBAC) for watch lists to control access of sensitive user information by role and responsibility,
- Eight new response playbooks and over 20 additional prebuilt integrations connecting Exabeam Incident Responder to security tools.
Exabeam Smart Timelines, Exabeam Case Management, Exabeam Threat Intelligence Service and new versions of Exabeam Advanced Analytics and Exabeam Incident Responder are generally available. Exabeam Threat Intelligence Service is available at no additional charge to Exabeam customers.
from Help Net Security https://ift.tt/2TYRl1T
HID Global releases Crescendo Mobile smart card
HID Global released the Crescendo Mobile smart card to bring convenience to security for accessing computer, network or cloud applications. The new HID mobile smart card utilizes digital certificates on users’ mobile devices for client authentication.
HID Crescendo Mobile provides organizations seeking to eliminate passwords with a solution that combines the security of physical authenticators with the usability of a mobile solution. Crescendo Mobile works similarly to, and is compatible with, secure Crescendo smart cards; however, rather than inserting a separate device into a contact smart card reader, it connects to a desktop computer via an NFC (near-field communication) reader or Bluetooth.
“End users and IT personnel alike have been clamoring for a highly secure solution for enabling secure access to networked assets that can utilize what people are already carrying, namely their mobile devices,” said Brad Jarvis, Vice President & Managing Director, IAM Solutions, with HID Global.
“A key to ensuring security protocols are followed is to ensure that they are as easy to use as possible. The ubiquity of mobile phones, tablets and the like make them an obvious choice to become part of the security system.”
Just as convenience is added to the user experience, the deployment of HID Crescendo Mobile is simple. The Crescendo Mobile app can be downloaded onto Android or iOS devices and the IT team can distribute cryptographic credentials to users without the need or expense of shipping smart cards or smart card readers. The solution is cost-effective to deploy for contractors and remote users.
Usage scenarios for HID Crescendo Mobile include:
- Allowing a user to log on and unlock a Windows workstation to access cloud applications, VPNs, desktop applications and Microsoft Active Directory.
- When the user walks away, Crescendo Mobile App locks the workstation down.
- End users can use their phone to carry the keys and digital certificates needed to digitally sign email, Microsoft Office and Adobe Acrobat documents.
- Ensure sensitive data by requiring the phone to access encrypted email messages or files using Windows EFS file encryption.
The Crescendo Mobile app is available for Android 7 or later in Google Play and for iOS 11 or later in iTunes App Store. Crescendo Mobile is part of HID’s authentication solution that includes ActivID Credential Management System, providing full lifecycle management of both the authenticators and the credentials protected by the authenticator.
from Help Net Security https://ift.tt/2FOtDCL
Qualys integrates with Amazon Web Services Security Hub
AWS Security Hub is designed to provide users with a view of their security alerts and compliance status by aggregating, organizing, and prioritizing alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from other AWS Partner Network (APN) security solutions. The findings are then summarized on integrated dashboards with actionable graphs and tables.
Vulnerability and configuration assessments are key to any security program. By integrating Qualys findings from Vulnerability Management, Policy Compliance and Cloud Security Assessment within AWS Security Hub, customers will get visibility into their security and compliance posture, directly in the AWS console. These insights gained by the correlation of Qualys information with other data in AWS Security Hub allow customers to detect risks in their AWS environments, and take remediation actions.
“AWS Security Hub gives enterprises the ability to build security and compliance visibility directly into all of their development and cloud projects,” said Philippe Courtot, chairman and CEO, Qualys. “By enabling Qualys within the AWS Security Hub, developers can easily leverage up-to-date insights about security risks, and ensure their clouds conform to company policies and standards.”
“AWS Security Hub makes it easier for customers to identify and manage all of their AWS-related security and compliance findings,” said Dan Plastina, vice president, Security Services, Amazon Web Services. “Users can also combine these rich findings with additional data from multiple security services, including integrated Qualys Cloud Apps, to find further insights and actionable intelligence for every identified vulnerability.”
Qualys Vulnerability Management, Policy Compliance and Cloud Security Assessment are now available within AWS Security Hub.
Users can identify the following across their AWS workloads and infrastructure:
- Instances and AMIs with vulnerabilities, missing critical patches, and which may be publicly exposed or have publicly exploitable vulnerabilities.
- Compliance with Center for Internet Security (CIS), PCI, NIST and HIPAA along with the standards customized and adapted to their organizations.
- Misconfiguration in their Amazon Virtual Private Clouds (Amazon VPCs), AWS security groups, Amazon Simple Storage Service (Amazon S3), AWS Identity and Access Management (IAM) against CIS web services benchmarks and best practices.
Qualys will continue to add security insights from other products within its cloud platform’s integrated security solution into AWS Security Hub.
The Qualys Cloud Platform
As a cloud-based architecture, the Qualys Cloud Platform offers customers a view of IT, security and compliance across on-premises assets, endpoints, clouds, containers and web applications, reducing the cost and complexity of managing multiple security vendors.
The Qualys platform currently delivers 18 fully integrated, centrally managed and self-updating security and compliance solutions. By gathering and analyzing security and compliance data from IT assets anywhere in one single-pane view, the Qualys Cloud Platform gives customers the scalability, visibility, accuracy and breadth of capabilities to fight cyber-attacks and build security into their digital transformation initiatives.
from Help Net Security https://ift.tt/2FQH1Gl
Let These Doctors Tell You If You're Dying
Every time you have a bad headache or pain in your chest, you might rush straight to WebMD and furiously research, caught in the grip of a full-on panic.
That’s why cardiologists Marc Eisenberg and Chris Kelly wrote Am I Dying?!, a calm, conversational guide that accurately steers you into calmer waters, towards the likely causes of your symptoms. In the video above, the doctors explain to us how not all chest pain is a heart attack, not every stomach ache is a burst appendicitis, and how best to describe your symptoms to a medical professional.
from Lifehacker https://ift.tt/2RnTF0G
The A.V.
The A.V. Club Stephen Colbert to sue Donald Trump for stealing his bit, proving we’re in hell | Deadspin The Next USMNT Coach Will Be Gregg Berhalter, Apparently | Splinter Meghan McCain’s Rant About Climate Change Is Perfect, Loud Nonsense | Jezebel Queer Eye’s Karamo Brown Says Wedding Planning Landed His Fiancé in the Hospital | The Root It Should Be Easy For Only Black Republican in Senate to Vote Against Nominee Who Helped Craft Strategies That Hurt Black Voters |
from Lifehacker https://ift.tt/2rdHFDQ
Wednesday, November 28, 2018
Blind spots and how to see them: Observability in a serverless environment
Companies embracing DevOps and cloud to fuel digital transformation are increasingly turning to serverless computing, also known as ‘functions-as-a-service’ (FaaS), to shift resource-intensive operational duties away from developers to cloud providers. According to the Cloud Native Computing Foundation, the use of serverless technology is surging, up 22 percent since December 2017, with 26 percent of organizations planning to deploy within the next 12 to 18 months to maximize operational efficiencies and enable application developers to focus on their core job functions – writing code.
Yet relinquishing infrastructure control to the provider creates a new set of risks for both development and security teams, including several major blind spots that traditional security toolsets are not able to capture:
Ownership confusion
Many organizations run serverless-based applications in conjunction with other types of workloads, like containers or virtual machines. Each added element introduces a new layer of complexity to the environment. Additionally, since serverless functions are constantly processing data flowing from numerous sources – from APIs, cloud storage to message queues, to name just a few – organizations can quickly lose track of who is responsible for securing which of these many moving parts. And as input sources and data streams multiply and the environment becomes more complicated by the day, so too does the overall attack surface.
In a serverless environment, while the infrastructure attack surface is reduced, the application attack surface remains as vulnerable as applications deployed on your own VMs or containers. Yet as a fairly new technology, many development and security teams do not fully understand the unique security risks serverless architectures present – let alone how to adequately control and prevent them.
Over-privileged functions and users abound
In serverless environments, each application is comprised of many specific functions. Each of these functions requires a level of access to perform what it needs to do. All too often, however, functions are assigned full permissions so as not to slow down workflow. This introduces significant security risk, as unauthenticated internal users and outside attackers may be able to compromise functions with elevated access, manipulate application flow and take unauthorized actions. Establishing function-level segmentation with strong identity access management (IAM) policies is critical.
If the serverless environment requires access to a virtual private cloud (VPC), it’s also important to enforce least privilege principles to ensure users have the minimal level of access necessary to perform their intended functions. A set-it-and-forget-it approach is sure to fail. Once these security policies are solidly in place, organizations must continuously monitor functions as they are deployed to quickly identify suspicious in- or out-bound traffic between networks and other anomalies to protect against advanced attacks that surpass traditional protection layers.
Storage
Most applications require secrets – API keys, access credentials, tokens, passwords, etc. It’s a common (and dangerous) practice for developers to simply store these secrets and access keys in plain text configuration files, or in environment variables. This is low-hanging fruit for savvy attackers. To avoid these risks and stay in compliance, all of the credentials within function codes should be stored in-memory, and accessed through a secret store. If for some reason the function does require the use of a long-lived secret, secrets should be encrypted. The cloud provider’s key management service can be leveraged to manage, maintain and retrieve these secrets automatically.
An incomplete picture
Since serverless is typically only part of an organization’s unique cloud strategy, security teams often struggle to maintain a full and accurate view of their security posture across their public and private cloud data center meshes – from serverless and containers to third-party services. That’s because each workload provider follows its own security frameworks, making it nearly impossible for organizations to manage and control each piece of the puzzle together. In such dynamic and disparate environments, organizations need a more practical, uniform and automated way to enforce and manage security policies and efficiently control various cloud-native services, infrastructure and environments.
The third-party problem
Serverless functions often rely on third-party services and software, such as APIs, open-source packages and libraries. Without an intelligent, automated way to discover, continuously scrutinize and control these third-party services, organizations open the door to potential vulnerabilities that can pave the way for exploit and data loss
Legacy and shared security tools have limits
Legacy security tools designed for data centers compound this serverless security and observability dilemma. Traditional firewall and endpoint protection tools and even cloud security groups lack the necessary app-awareness, fine-grained controls and advanced anomaly detection mechanisms necessary to detect and prevent advanced attacks. Further, cloud providers offer limited threat detection coverage since they are blind to network-based attacks such as DNS exfiltration, spoofing and lateral movement. As such, enterprises need the extra layer of network protection not currently made available by the leading providers such as AWS, Google and Azure.
While it’s tempting to equate serverless with less security responsibility for your organization, the shared responsibility model still holds true. But this doesn’t mean that organizations must trade speed and agility for security. By following best practices for securing serverless environments and utilizing cloud-native tools that simplify and unify cloud operations protection, organizations can have it all as they continue their digital transformation journey with confidence.
from Help Net Security https://ift.tt/2Q1j5ET
Is security the real stuff of nightmares?
The Chief Information Security Officer role (CISO), is the most senior cyber security role in any organisation, and the role has developed rapidly in recent years under the wave of increased digital needs. With more customer data gathered and stored than ever before, the risk of implementing a sub-par security strategy effects every level of the organisation.
CISOs are the custodians, responsible for protecting the face of their business and trust of its customers as they engage with the organisation. They still have processes and programme delivery to manage whilst trying to stop people hacking into their systems, and every day can see something different happen. While this variety is one of the things that makes the role so rewarding, it can also be a nightmare when things go wrong. Below are three of the main things that keep CISOs up at night.
Managing the constant cyber risk
CISOs operate knowing that their organisation is likely under constant threat of attack, and it’s only a matter of when, not if, an attacker penetrates their defences. In situations where customer information is compromised by malicious actors, the reputational damage to the business can prove fatal to the CISO’s position.
However, while it is essential to keep the company as safe as possible, every business needs to be able to take risks, otherwise they don’t advance. For many CISOs, making sure security is not a barrier to progress is a personal challenge on par with defending against attackers. A CISO that is prohibitively risk averse can easily derail relationships with executives.
The tug of war between insuring that relevant risks have been identified, and the right approach has been taken in managing or mitigating them, while balancing with business needs, is extremely challenging.
Facing the board
Being agile in response to threats whilst keeping to security programme deadlines is near impossible without significant resources that comes with sign-off from the board. Aligning security strategy to wider business strategy is undoubtedly complex; but necessary to have real impact. This means a CISO must be adept at not only managing their security teams but raising issues with the board and winning their support for the necessary investment and action.
With buy in from the board a CISO has two major advantages. They can be a trusted partner to other executive decision makers in the business and also be team ambassador – providing value for the business agenda. Without being able to foster a good relationship with the board however, the security team suffers. They will be limited by the resources they have been allocated and feel like an unimportant silo to the business.
For many CISOs, this is where the reward for this job lies. Irrespective of boards or companies, being able to secure buy in from the board because you are trusted, will add value, this is what makes it worthwhile.
However, the task of confronting the board for more investment in security can easily lead to a CISO laying awake in a cold sweat. Security investments should be seen as taking out an insurance policy to provide protection in case the worst happens. However, it is still common for boards to see security as an expense that can be spared wherever possible, and CISOs often have to fight their corner. When a breach does occur, the CISO will not usually be able to go back and blame a lack of budget or resources for any shortcomings.
Spreading the word
Traversing who should be responsible for security risks in the organisation needs a Swiss army knife approach. For many security teams, there is an appreciation that security is not just the responsibility of the CISO. As all businesses are acting in a dynamic landscape, unless they have effective education at every level in the organisation, they cannot beat the myriad threats out there. Every organisation is at risk from being taken advantage of by a hacker and their ability to execute that depends on how staff react, not just security teams.
Awareness programmes and staff education play a large factor in this, as does limiting the ability of staff to fall foul to attack via access rights. Getting buy-in from executives and senior managers can be difficult if the evidence for such an extensive risk mitigation strategy is yet to be proven necessary due to a previous incident at the company.
At the same time, the perception of the CISO is, often, that they represent something of a roadblock and hinder progress. In many cases, this only changes when the CEO needs help and is able to witness first-hand the solution provided by the CISO. They can then see the value that an effective cyber security programme brings.
CISOs need to be decisive and ensure that their company has adequately invested in education for the workforce. At the same time, they must take responsibility for educating the board on their own importance and role within the company.
A common trap that more uncertain CISOs fall into is only being seen as useful in times of a crisis, spending their time waiting for the nightmare of a major security incident to begin. Those CISOs that are able to show decisiveness and leadership in handling security with the board and the rest of the organisation will not only be better equipped to keep the company safe, they’ll enjoy a better night’s sleep too.
from Help Net Security https://ift.tt/2Au7EuQ
Keeping data swamps clean for ongoing GDPR compliance
The increased affordability and accessibility of data storage over recent years can be both a benefit and a challenge for businesses. While the ability to stockpile huge volumes and varieties of data can deliver previously unattainable intelligence and insight, it can also result in ‘data sprawl’, with businesses unclear of exactly what information is being stored, where it’s being held, and how it’s being accessed.
The introduction of the General Data Protection Regulation (GDPR) in May this year has only complicated matters further, particularly when much of what is being stored can be classified as personal data which, under the new legislation, must be securely managed, anonymised and, if required, deleted.
What’s more, with many organisations exporting data to third-party locations for analysis, this data sprawl has led to businesses around the world facing significant compliance challenges that must be urgently addressed now that the GDPR is in force.
Difficulties with GDPR compliance
The aim of the GDPR is to protect the privacy of EU citizens by ensuring that organisations collect, use, store and dispose of their personal data in an effective and responsible manner. However, if an organisation doesn’t know what data it holds, and where it’s stored, it can prove difficult to comply with the new legislation. This is the problem many businesses are currently facing as a result of large and unwieldy ‘data swamps’.
A by-product of data sprawl, a data swamp is a vast amount of data which, like its physical counterpart, is messy, dirty and murky. If it is hard for organisations to see, much less understand, what is happening below the surface of these swamps, they can easily lose track of the data they are storing, and how they’re storing it, both of which are crucial for GDPR compliance.
Drain the swamp
The first step in penetrating the depths of the data swamp is to understand what data should and shouldn’t be stored; essentially, if it can’t be used to inform business decisions, there’s probably little point in storing it. Once this is understood, organisations are required by the GDPR to manage data in a way that keeps it clean and accessible, which has the benefit of allowing it to be more easily analysed and used to address business issues, in real time.
By only gathering and keeping the data they can actually use and learn from, and by keeping it clean and well organised, businesses can replace their murky data swamps with clearer data lakes, from which it will be far easier to glean valuable insight.
Organisations have worked hard to comply with the GDPR long before it came into force, and this hard work is now paying dividends. Data governance has been improved, and businesses are now better positioned to sort the wheat from the chaff, and discard data that doesn’t offer some sort of business benefit.
An ongoing process
Maintaining GDPR compliance is an ongoing, long-term process, and draining the data swamp just once won’t be sufficient. Many of the data analysis tools currently used by businesses can encourage data sprawl, meaning that even after a data swamp has been transformed into a data lake, the complexity and opacity can soon build up and the problem begins again.
Employing more advanced data analytics tools and experts can minimise the risk of this occurring, however, by enabling users to quickly access the data most useful to them as well as identifying the business value it can offer. In doing so, they can help to maintain relatively stress-free ongoing GDPR compliance. A more centralised and flexible data platform, for example, in which data is left in a database, will enable staff to directly interpret only the data required to answer their immediate questions, thereby removing the need to extract it for analysis.
Tools such as these will make the development of a long-term data governance and analysis strategy possible; analysts will be able to provide an organisation with the business insights they need to be competitive, while remaining compliant with the requirements of the GDPR.
The modern approach to analytics required by today’s data-led business is based around easier processes and cleaner data. Rather than treating the GDPR as just another compliance requirement, businesses that take such an approach, and communicate their belief in the importance of privacy, trust, transparency and security, will reap the benefits. Their data governance will be more effective, they will be compliant and, by embracing transparency and clarity, their relationships with their customers and users will be stronger.
from Help Net Security https://ift.tt/2TW2aSG
7 trends driving enterprise IT transformation in 2019
Enabling the business outcome in a ‘Real-Time’ enterprise environment is the next challenge for global brands and government agencies in 2019.
Tech companies will need to drive hard to continually exceed to their customers’ expectations during a time of accelerating change. They will need to show how technology can help deliver on their customers’ objectives, improve agility, security and impact, or they risk being disrupted.
Here is Verizon Enterprise Solutions’ view of those enterprise technology trends that are most likely to impact our global business and government customers in 2019.
The Real-Time Enterprise will begin to transform how business works
Foundational technologies – Software Defined Networks, 4G, the Internet of Things, intelligent video, security, telematics – are already changing the operations of business. In 2019, savvy CIOs will be focusing on how to reinvent their operations to leverage the enormous potential promised by disruptive technologies like 5G, artificial intelligence/machine learning, automation and robotics, augmented and virtual reality and the next-gen cloud including edge computing. Many of these technologies have now moved from concept to reality, and those who can best leverage the advantages they bring will increasingly be well placed to win the future.
Businesses will invest for performance
CIOs are recognizing that the network they use really matters to their business – a secure, strong network foundation enables them to deliver innovative platforms and solutions that will move their business forwards. Then, it’s all about the service model and the tech surround that makes network-reliant applications available – the support, the professional services, service level agreements and more.
The key is to find an expert partner with the network expertise to help you deliver on your business objectives. You can’t run a modern business without secure network capacity.
We’ll remember that the customer is king
Customer experience (CX) has been a hot topic over recent years, but many of us have had personal experience of the big brands letting us down. With AI infiltrating CX systems, there’s an unprecedented opportunity to move to a principle of ‘personalization for you’, putting the customer back in the center of the business opportunity.
The best organizations will use data to inform human engagement, remembering that it is human engagement that creates real relationships. The technology will be leveraged to do this at speed and scale.
We’ll focus on the transaction guarantee
We’ve talked about software-defined networking (SDN) for a while, but it’s now out there, live, and transforming business opportunities all around the globe, configured to match your cost and security requirements. In 2019, organizational success will be driven by how well CIOs leverage the many options that SDN enables, delivering agility, flexibility, and scale to run their business. It’s now beyond application-aware networking, and instead, about focusing on the transaction guarantee, and defining policies to support the specific application, time or location needs that will make the difference.
Contextual privacy will be front and center
There’s never been a bigger focus on the importance of privacy, as data breaches continue to hit the headlines. Application users are keenly interested in how their data is used. In 2019, we’ll begin to see a focus on contextual privacy requirements, linked to location-based awareness. This will change how organizations are able to approach their security, and will impact their ability to keep personally identifying data safe.
Automation will transform the workforce
Robotic process automation and machine learning (ML) will transform how business operates – and what skills a business workforce needs. In 2019, educators and businesses will focus on how to build a pool of data scientists and ML specialists to support our future “skills needs”, rather than yesterday’s business requirements.
We’ll go back to basics on security (again), but also focus on specifics
In 2019, organizations will redouble their efforts to strengthen their security posture. It’s about understanding their risk environment, and ensuring they are doing the basics right to protect their business; practicing IT hygiene to keep infrastructure current to protect against vulnerabilities continues to be critical.
Network-level security is essential – in a software-defined world, network segmentation and security is a central part of the design. They’ll also increasingly need visibility on data to drive insights and ultimately to make decisions on how to mitigate against specific security threats. But, action will be taken – or the board or the customer will ask why.
from Help Net Security https://ift.tt/2QliIo7
Unbound releases open source blockchain-crypto-mpc library for blockchain developers
Unbound brings to the blockchain community a security solution via open source. The company’s blockchain-crypto-mpc library is available for free on Git Hub. It’s an open source library for blockchain and crypto assets that protects cryptographic keys using the company’s MPC-based technology used by the Fortune 500.
A long-needed answer
Today, crypto assets valued in billions are compromised and lost, and existing approaches for dealing with protection of crypto assets keys and secrets are proven as insufficient. Unbound’s blockchain-crypto-mpc library allows blockchain developers to create wallets and applications using a library that provides cryptographic foundations for resolving that ongoing challenge associated with crypto asset and blockchain applications: the protection of cryptographic signing keys and seed secrets.
Based on Secure Multi-Party Computation (SMPC), Unbound’s library harnesses the company’s technology that splits cryptographic keys into random shares which are located on separate machines and enables all operations to be conducted with the keys split. Seeds and private keys are always protected and never exist in complete form – even during generation, while in use or at rest.
Keys cannot be compromised
It is guaranteed that unless all machines are breached simultaneously, the keys cannot be compromised or used for signing a transaction. No key material or secret is ever in the memory. Wallet developers can therefore offer the key protection built into their offerings, without the need to rely on mechanisms such as multi-signature, hardware security modules (HSMs), or appliance-as-a-service options.
Offers core capabilities of Unbound’s CASP
Unbound’s blockchain-crypto-mpc serves as an opportunity for developers to gain some of the core capabilities of the Unbound Crypto Asset Security Platform (CASP), the solution designed for banks, custodians and exchanges that works with any asset, ledger, device or platform, and is built for the needs of crypto asset key protection. Based on the blockchain-crypto-mpc, CASP includes SMPC implementation of all blockchain cryptography, including ECDSA, EdDSA and HD wallets.
Benefits for blockchain and crypto asset wallet developers
As a low-level API, Unbound’s Blockchain Crypto MPC provides the ability for simple two-party approval processes; it can be compiled into virtually any platform and offers a secure zero-knowledge backup mechanism. Wallet developers gain benefits through blockchain-crypto-mpc, including security that’s built into the application and not reliant on external hardware that can be lost or stolen.
Developers are also not locked into mechanisms such as multi-signature – all while gaining the MPC advantage of sharing key custody between different parties without the need for multiple keys. It stands as a way to enable the creation and extension of applications to support any ledger and any asset.
Unbound’s three options include:
- The blockchain-crypto-mpc library – The free open source offering available on GitHub for blockchain and crypto asset wallet developers,
- Library – Designed for technology platform providers, integrators and commercial wallets,
- CASP – Designed for exchanges, banks and institutional custodians of crypto assets.
“Through the release of blockchain-crypto-mpc, we are offering a distinctly superior alternative to today’s crypto asset security options,” said Oz Mishli, vice president of products at Unbound. “It’s pure software, open-source and free to use. We see this as a doorway to a new level of security that is backed by proven deployments at tier 1 global banks and tech companies as well as by the world-renowned expertise of our co-founders, Prof. Yehuda Lindell and Prof. Nigel Smart.
“Users will gain unparalleled protection and functionality while also opening doors for speedy scalability and further innovation – it’s a pivotal tool the market is looking for in order to address the fundamental trust, usability and security problems it currently faces,” Mishli continued. “We are delighted to make this contribution to the community, with hopes that it will enable secure, convenient and easy-to use-blockchain applications for all.”
from Help Net Security https://ift.tt/2Rm1FQ3
CyberGRX raises $30 million in Series C funding round
CyberGRX has raised $30 million in Series C funding led by Scale Venture Partners. Existing investors Aetna Ventures, Allegis Group, Bessemer Venture Partners, The Blackstone Group, ClearSky, GV, MassMutual Ventures, and TenEleven Ventures also participated in the round. In the last 12 months, CyberGRX has seen over 1,000 percent growth in both annual revenue, and in companies on the Exchange.
The company will deploy the secured capital to support this user growth, further extend augmentation capabilities with an analytics package, and advance the mission to build a community where enterprises can organize a collective defense against attackers. To date, CyberGRX has raised a total of $59 million in equity financing.
CyberGRX has transformed the way the market conducts third-party cyber risk management by replacing static and siloed methods with a dynamic and collaborative approach that unites third parties and their customers in the fight against cyber threats. While organizations and third parties face different challenges in third-party risk management, CyberGRX has proven that organizations are stronger when they work together.
The CyberGRX Exchange breaks down barriers between third parties and their customers, enabling them to share data and create insights on how to prioritize and reduce their collective risk. As more companies continue to join CyberGRX in an alliance against supply chain attacks, the benefits of the Exchange get stronger and organizations profit from a collaborative approach, including joint negotiation, community benchmarking and shared costs among users.
To help drive the company’s enterprise growth strategy, Ariel Tseitlin, a partner at Scale Venture Partners, will join CyberGRX’s board of directors. “CyberGRX has redefined the traditional approach to managing cyber risk by launching an Exchange that standardizes the assessment process for enterprises and third-party customers,” said Tseitlin. “By using a dynamic and collective approach, CyberGRX enables both sides of the market to increase efficiencies while reducing risk. We are very proud to be a part of their growth and look forward to future successes.”
The company has, and will continue to add essential sales, marketing and customer success positions to support their growth, including the recent hire of Brian Fegley, as CyberGRX’s Vice President of Customer Success. Fegley and his team will focus on ensuring the CyberGRX customer experience on and off the Exchange is conducive to helping third parties and their customers work together to reduce risk.
Fegley and the CyberGRX customer success team will also manage the recently launched online TPCRM community, purpose-built to encourage cross organizational collaboration between risk professionals and IT teams who are struggling with the inefficiencies created by traditional approaches to third-party cyber risk management.
“Third-party cyber risk management is a challenge to all organizations, regardless of size or industry,” says Fred Kneip, CEO, CyberGRX. “Rather than reacting to breaches after they occur, companies need to take a more proactive approach to managing third-party cyber risk. This requires more industry collaboration, meaning organizations and their third parties must work together to mitigate the risk of potential breaches before they become a target for attackers.”
Any company that shares data with third parties is in a race with hackers. It is critical for organizations, big and small, to identify the vulnerabilities within their digital ecosystem before attackers do. The CyberGRX Exchange is the way to identify, prioritize and minimize risk, for both third parties and their partners. The Exchange, built on a shared cost model, features assessments as well as the advanced analytics to turn that data into actionable insights and augment teams to achieve more with existing resources.
from Help Net Security https://ift.tt/2FM9dKp
Nutanix introduces Xi Cloud Services for the multicloud era
Nutanix launched Xi Cloud Services, a new suite of offerings designed to create a unified fabric across different cloud environments, that gives IT teams the freedom to run their applications on the optimal platform, not restricted by technology limitations.
Xi Cloud Services is comprised of five distinct offerings at launch, including Xi Leap, a native extension of the Nutanix Enterprise Cloud Platform providing disaster recovery as a service.
A hybrid cloud that allows IT to make workload placement decisions is the goal of many businesses. In fact, according to Gartner, “a multicloud strategy can help a customer gain access to a broader range of capabilities, especially bleeding-edge innovative capabilities.” But identifying cloud deployments and knitting them together for a seamless experience is hard, and too often results in siloes of infrastructure spread out across various on-prem and public cloud deployments. This forces companies to experiment with new workloads in public clouds while keeping traditional enterprise applications in the private cloud datacenter, even if those workloads would be more efficient in the public cloud.
According to the recent Nutanix Enterprise Cloud Index, enterprise workloads running in both private and public clouds are expected to jump nearly 20% in the next two years. Through Xi Cloud Services, Nutanix makes it easier for companies to integrate cloud services into their multicloud deployments, whether by extending their Nutanix environment beyond the boundaries of a traditional datacenter or by finally gaining the visibility and insight into their infrastructure deployments across platforms to monitor costs and ensure compliance.
Xi Leap
Nutanix Leap is a turnkey and integrated service that protects the applications and data in a Nutanix environment without the need to purchase and maintain a separate infrastructure stack. From within Prism, customers can simply VMs for protection and set up protection. The selected VMs will then be replicated in the background, ready to be recovered in the event of a site failure – all within the same management tool as an organization’s infrastructure deployment.
According to Gartner, “disaster recovery (DR) is often technologically tedious, especially handling IP addresses and DNS changes for applications and servers.” The analyst firm states, “the rise in cloud adoption, with deployment models for IaaS, platform as a service, and software as a service, has shown the benefits of rapid provisioning and elastic, on-demand capability for applications and users. Cloud-based DR solutions also provide these benefits.”
Leap reduces the complexity of achieving DR readiness, converging all elements of provisioning, replicating data, defining a DR runbook and configuring security and networking into a single service.
“DR is deceptively difficult and yet critical for any IT organization to manage perfectly so essential data is not lost,” said Dr. Gary Mattei, Director of Technology at Avon Grove. “Nutanix Xi Leap solves all of these challenges for us, allowing us to upload our data directly into the DR solution while providing a single view across our entire infrastructure. Xi Leap gives us confidence that our data is safe no matter what happens.”
Xi Cloud Services
Nutanix Xi Cloud Services is comprised of five distinct services at launch, including Leap, which address the challenges of the multicloud era. These services bring together not only the ability to standardize workflows and harmonize operations across environments, but also the ability to blur the lines between clouds, utilizing applications and data across multiple clouds for a variety of data protection, application delivery and edge locations requirements.
Offered as part of Nutanix Enterprise, customers can take advantage of:
- Xi Leap – cloud-based disaster recovery (DR) services to protect your critical business applications and data. Leap services are enabled directly in Nutanix Prism for a integrated public + private cloud experience.
- Xi Frame – desktop-as-a-service platform built from scratch specifically for cloud deployment, now integrating role-based access control.
- Xi Beam – a multicloud cost optimization and governance tool that allows customers to reduce cost and enhance cloud security across platforms, public and private.
- Xi Epoch – an observability and monitoring solution for multicloud applications that provides a Google Maps-like view of applications to determine performance bottlenecks and availability issues in any cloud environment.
- Xi IoT – an intelligent edge computing platform that performs real-time processing of sensor and device data pipelines, and moves filtered data back to a customer’s cloud platform of choice for long-term decision-making, allowing them to eliminate the complexity of deploying and managing edge locations while deriving more value from data at the edge.
“As we move into the multicloud world, a fundamental challenge for all businesses is running IT applications seamlessly across platforms,” said Dheeraj Pandey, CEO, Nutanix. “It has been our mission since we were founded to make infrastructure invisible to our customers so they can focus on their applications, not where the applications reside. Xi Cloud Services is the next evolution in that journey as we help our customers achieve invisible, together.”
Nutanix Xi Cloud Services are available now. Nutanix Leap is available to customers in East and West availability zones in the United States. Additional availability zones are expected to be available in the UK in calendar Q1 2019.
from Help Net Security https://ift.tt/2PcKUFa