The Travelers insurance company has teamed up with Symantec to give policyholders cyber security assessments and consultation in order to help them manage risks.The self-assessment consists of filling out a 25-question survey and getting a written report of how well their network and data protection stacks up. If they want to, they can talk to a consultant who walks them through the results and recommends steps they could take to remediate risks.+More on Network World: Synack: Hackers wanted after firm gets $21.25M funding from Microsoft, HPE+To read this article in full or to leave a comment, please click here
The Travelers insurance company has teamed up with Symantec to give policyholders cyber security assessments and consultation in order to help them manage risks.The self-assessment consists of filling out a 25-question survey and getting a written report of how well their network and data protection stacks up. If they want to, they can talk to a consultant who walks them through the results and recommends steps they could take to remediate risks.+More on Network World: Synack: Hackers wanted after firm gets $21.25M funding from Microsoft, HPE+To read this article in full or to leave a comment, please click here
Penetration testing provider Synack is getting an infusion of $21.25 million from the investment arms of Microsoft and HP, among others, and some of it will be used to hire more security analysts to fuel what it calls its hacker-powered intelligence platform.The investment is the Series C round of funding and is led by Microsoft Ventures, but also includes Hewlett Packard Enterprise and Singtel Innov8 to bring total investment in the company to $55 million.+More on Network World: 6 vulnerabilities to watch for on the factory floor+To read this article in full or to leave a comment, please click here
Penetration testing provider Synack is getting an infusion of $21.25 million from the investment arms of Microsoft and HP, among others, and some of it will be used to hire more security analysts to fuel what it calls its hacker-powered intelligence platform.The investment is the Series C round of funding and is led by Microsoft Ventures, but also includes Hewlett Packard Enterprise and Singtel Innov8 to bring total investment in the company to $55 million.+More on Network World: 6 vulnerabilities to watch for on the factory floor+To read this article in full or to leave a comment, please click here
Industrial control systems (ICS) that run the valves and switches in factories may suffer from inherent weaknesses that cropped up only after they were installed and the networks they were attached to became more widely connected. FireEye iSIGHT Intelligence
Sean McBride
The problems are as far ranging as hard-coded passwords that are publicly available to vulnerabilities in Windows operating systems that are no longer supported but are necessary to run the aging gear, says Sean McBride, attack-synthesis lead analyst at FireEye iSIGHT Intelligence and author of “What About the Plant Floor? Six subversive concerns for industrial environments.”To read this article in full or to leave a comment, please click here
Industrial control systems (ICS) that run the valves and switches in factories may suffer from inherent weaknesses that cropped up only after they were installed and the networks they were attached to became more widely connected. FireEye iSIGHT Intelligence
Sean McBride
The problems are as far ranging as hard-coded passwords that are publicly available to vulnerabilities in Windows operating systems that are no longer supported but are necessary to run the aging gear, says Sean McBride, attack-synthesis lead analyst at FireEye iSIGHT Intelligence and author of “What About the Plant Floor? Six subversive concerns for industrial environments.”To read this article in full or to leave a comment, please click here
Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here
Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here
Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here
Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.Some of the affected Anthem customers sued for damages they say resulted from the breach but then withdrew their suits after Anthem got a court order allowing the exams.The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.To read this article in full or to leave a comment, please click here
Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.Some of the affected Anthem customers sued for damages they say resulted from the breach but then withdrew their suits after Anthem got a court order allowing the exams.The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.To read this article in full or to leave a comment, please click here
A former FireEye engineer has kicked off a startup whose machine learning and artificial intelligence technologies will compete against his former employer’s threat-prevention platforms.SlashNext makes Active Cyber Defense System, a service with a cloud-based learning component that can detect data exfiltration, malware, exploits and social engineering attacks, says the company’s founder and CEO Atif Mushtaq. SlashNext
SlashNext CEO Atif Mushtaq: "The system has a low false positive rate."To read this article in full or to leave a comment, please click here
A former FireEye engineer has kicked off a startup whose machine learning and artificial intelligence technologies will compete against his former employer’s threat-prevention platforms.SlashNext makes Active Cyber Defense System, a service with a cloud-based learning component that can detect data exfiltration, malware, exploits and social engineering attacks, says the company’s founder and CEO Atif Mushtaq. SlashNext
SlashNext CEO Atif Mushtaq: "The system has a low false positive rate."To read this article in full or to leave a comment, please click here
A cycle of increasing new malware is well underway and could last the rest of this year if a trend established over the past two years continues.Defenders enjoyed a nine-month dip in malware innovation last year, but that’s over with, according to a cycle identified by McAfee Labs.Its latest McAfee Labs Threats Report says that starting at the beginning of 2015, the volume of new threats has fluctuated in a regular pattern, with two to three quarters of growth followed by three quarters of decline. The last three quarters of 2016 showed decline, so the next uptick should have started last quarter.To read this article in full or to leave a comment, please click here
A cycle of increasing new malware is well underway and could last the rest of this year if a trend established over the past two years continues.Defenders enjoyed a nine-month dip in malware innovation last year, but that’s over with, according to a cycle identified by McAfee Labs.Its latest McAfee Labs Threats Report says that starting at the beginning of 2015, the volume of new threats has fluctuated in a regular pattern, with two to three quarters of growth followed by three quarters of decline. The last three quarters of 2016 showed decline, so the next uptick should have started last quarter.To read this article in full or to leave a comment, please click here
Corporate security pros can add a new task to their busy days: handling panicky employees worried about privacy who are using the onion router (Tor) browser as a way to protect their online activity.That practice translates into additional security alerts that require time-consuming manual sorting to determine whether the persons behind Tor sessions are friend or foe, says George Gerchow, vice president of security and compliance at Sumo Logic.Ever since congressional action started a few weeks ago to roll back privacy regulations governing ISPs, Gerchow says has seen a dramatic increase in the use of Tor for accessing his company’s services, meaning security analysts have to check out whether the encrypted, anonymized traffic coming through Tor is from a legitimate user.To read this article in full or to leave a comment, please click here
Corporate security pros can add a new task to their busy days: handling panicky employees worried about privacy who are using the onion router (Tor) browser as a way to protect their online activity.That practice translates into additional security alerts that require time-consuming manual sorting to determine whether the persons behind Tor sessions are friend or foe, says George Gerchow, vice president of security and compliance at Sumo Logic.Ever since congressional action started a few weeks ago to roll back privacy regulations governing ISPs, Gerchow says has seen a dramatic increase in the use of Tor for accessing his company’s services, meaning security analysts have to check out whether the encrypted, anonymized traffic coming through Tor is from a legitimate user.To read this article in full or to leave a comment, please click here
Effective today, McAfee has officially spun out from Intel, dumping the name Intel Security and operating under new majority ownership that has deep pockets to help the company aggressively acquire technology via mergers and acquisitions to supplement home-grown innovations.Investment firm TPG is making a $1.1 billion equity investment in McAfee in return for 51% ownership, giving it the cash it needs to buy companies for their technology so it can be incorporated faster into McAfee platforms than if developed via R&D.That’s a different strategy than is used by Intel in its chip business. “Identifying what it takes to run a semiconductor company is quite different from running a cybersecurity company in a rapidly changing threat landscape,” says Intel Security’s CTO Steve Grobman.To read this article in full or to leave a comment, please click here
Effective today, McAfee has officially spun out from Intel, dumping the name Intel Security and operating under new majority ownership that has deep pockets to help the company aggressively acquire technology via mergers and acquisitions to supplement home-grown innovations.Investment firm TPG is making a $1.1 billion equity investment in McAfee in return for 51% ownership, giving it the cash it needs to buy companies for their technology so it can be incorporated faster into McAfee platforms than if developed via R&D.That’s a different strategy than is used by Intel in its chip business. “Identifying what it takes to run a semiconductor company is quite different from running a cybersecurity company in a rapidly changing threat landscape,” says Intel Security’s CTO Steve Grobman.To read this article in full or to leave a comment, please click here
Users of Azure cloud services have a new option for stopping the misuse of privileges as well as managing vulnerabilities through an alliance with Beyond Trust.Azure customers who buy Beyond Trust licenses can host PowerBroker, the company’s privileged access management (PAM) and its vulnerability management (VM) platform, Retina, in their Azure cloud instances.They can host BeyondSaaS perimeter vulnerability scanning in Azure as well. Both are available via the Azure Marketplace.These new services give Beyond Trust customers a third option for how they deploy PAM and VM. Before they could extend a local instance of Beyond Trust’s security to the Azure cloud via software connectors or deploy it within the cloud using software agents deployed on virtual machines there.To read this article in full or to leave a comment, please click here
Tim Greene