In this episode, Michael Feiertag, CEO and co-founder of tCell, joins host Steve Ragan to talk about why application security is more critical than ever and why it's just now getting more attention from security teams.
Oracle joins other major tech vendors by rolling out its blockchain-as-a-service offering, and two smartphone makers plan to include the technology in new devices this year. Get the latest on the blockchain craze.
You're in luckWe've cobbled together a slew of things for the geeky among you to do on July 13 -- Friday the 13th that is. And we suggest you do it up because you won’t get another chance until Sept. 13, 2019.Don’t miss the day!Mobile apps exist solely for the purpose of reminding you when Friday the 13th is coming up. Pocketkai’s free iOS app will remind you of the one to three Friday the 13ths coming up each year for the next 50 years. The Bogeyman’s Android app will do likewise, for the next 10 Friday the 13ths.To read this article in full, please click here
A key component of SD-WAN is its ability to secure unreliable Internet links and identify anomalous traffic flows.SD-WAN technology providers are continuing to increase their native security features and to create robust ecosystems of network-security partners.[ See where SDN is going and learn the difference between SDN and NFV. | Get regularly scheduled insights by signing up for Network World newsletters. ]
IT managers should consider their branch network security requirements and carefully evaluate the security capabilities of leading SD-WAN providers, include their native security features and their partnerships with network security providers.To read this article in full, please click here(Insider Story)
Gentoo GitHub hack: What happened?
Late last month (June 28), the Gentoo GitHub repository was attacked after someone gained control of an admin account. All access to the repositories was soon removed from Gentoo developers. Repository and page content were altered. But within 10 minutes of the attacker gaining access, someone noticed something was going on, 7 minutes later a report was sent, and within 70 minutes the attack was over. Legitimate Gentoo developers were shut out for 5 days while the dust settled and repairs and analysis were completed.The attackers also attempted to add "rm -rf" commands to some repositories to cause user data to be recursively removed. As it turns out, this code was unlikely to be run because of technical precautions that were in place, but this wouldn't have been obvious to the attacker.To read this article in full, please click here
The European Union’s General Data Protection Regulation (GDPR) is widely viewed as a massively expensive and burdensome privacy regulation that can be a major headache and pitfall for American firms doing business in Europe. Many firms, including Facebook, have sought ways around the law to avoid having to deal with the burden of compliance.Well, there is no weaseling out now. Last week, with no fanfare, California Governor Jerry Brown signed into law AB375, the California Consumer Privacy Act of 2018, the California equivalent of GDPR that mirrors the EU law in many ways.To read this article in full, please click here
The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here
In this episode, host Steve Ragan talks with Phil Grimes, Professional Services Lead at RedLegg, about the challenges of educating customers — and building a partnership with them — to create successful red team engagements.
Host Steve Ragan is joined on the RSA 2018 show floor by Bryson Bort, CEO and founder of SCYTHE, to talk about the ICS Village, where attendees can learn how to better defend industrial equipment through hands-on access to the equipment.
With Windows Server 2019, Microsoft is adding resiliency and redundancy enhancements to the Shielded Virtual Machines security controls it introduced with Windows Server 2016.Shielded VMs originally provided a way to protect virtual machine assets by isolating them from the hypervisor infrastructure and could also help prove to auditors that systems were adequately isolated and controlled. Now Shielded VM enhancements in Window Server 2019 provide real-time failback configurations and host- and policy-based security improvements.[ Don’t miss customer reviews of top remote access tools and see the most powerful IoT companies . | Get daily insights by signing up for Network World newsletters. ]
Host key attestation
Under Windows Server 2016, key authentication was based on trusted platform module (TPM) cryptoprocessors and Microsoft Active Directory authentication. Both of these are great solutions but were limited when it comes to extensibility and redundancy.To read this article in full, please click here(Insider Story)
Host Steve Ragan reports from the RSA 2018 conference, talking with Liv Rowley, an intelligence analyst at Flashpoint, about Spanish cybercrime, an underground community that poses persistent security risks.
Securing the business network has been and continues to be one of the top initiatives for engineers. Suffering a breach can have catastrophic consequences to a business, including lawsuits, fines, and brand damage from which some companies never recover.To combat this, security professionals have deployed a number of security tools, including next-generation firewalls (NGFW) such as Cisco’s Firepower, which is one of the most widely deployed in the industry. Managing firewalls becomes increasingly difficult
Managing a product like Firepower has become increasingly difficult, though, because the speed at which changes need to be made has increased. Digital businesses operate at a pace never seen before in the business world, and the infrastructure teams need to keep up. If they can’t operate at this accelerated pace, the business will suffer. And firewall rules continue to grow in number and complexity, making it nearly impossible to update them manually.To read this article in full, please click here
Security researchers with Eclypsium, a firm created by two former Intel executives that specializes in rooting out vulnerabilities in server firmware, have uncovered vulnerabilities affecting the firmware of Supermicro servers. Fortunately, it’s not easily exploited.The good news is these vulnerabilities can be exploited only via malicious software already running on a system. So, the challenge is to get the malicious code onto the servers in the first place. The bad news is these vulnerabilities are easily exploitable and can give malware the same effect as having physical access to this kind of system.“A physical attacker who can open the case could simply attach a hardware programmer to bypass protections. Using the attacks we have discovered, it is possible to scale powerful malware much more effectively through malicious software instead of physical access,” Eclypsium said in a blog post announcing its findings.To read this article in full, please click here
Sometimes, confirmation of the obvious can be really important. At least, that’s how I felt when I saw a new Bain & Company report, Cybersecurity Is the Key to Unlocking Demand in IoT. According to the consulting firm’s survey, 45 percent of Internet of Things (IoT) buyers say “concerns about security remain a significant barrier and are hindering the adoption of IoT devices.” Worries over IoT security are hardly news, of course. I’ve been writing about them here on Network World for a while, and a quick internet search for IoT security rains down more than a million hits.To read this article in full, please click here
The terms software defined networking (SDN) and network functions virtualization (NFV) are often used interchangeably, which is incorrect. In a sense, the two are tied together as companies start using NFV as part of their SDN plans but that doesn’t have to be the case.Enterprises could maintain their current network architecture and shift to NFV or they could roll out an SDN and never leverage the benefits of NFV, so it’s important to understand what each is and the benefits of both.[ For more on SDN see where SDN is going and learn the difference between SDN and NFV. | Get regularly scheduled insights by signing up for Network World newsletters. ]
What is software-defined Networking
SDNs are a fundamentally different way to think about networks. Technically, SDNs can be defined as the separation of the management, control and data-forwarding planes of networks. Many people, including technical individuals read that definition and say, “So what?”, but the separation of these planes has a profound impact on networks and enables things that have never been done before.To read this article in full, please click here
Host Steve Ragan reports from RSA 2018 conference, talking with Wendy Nather, director, advisory CISOs at Duo Security, about how organizations can build a zero trust model, including consistently authenticating users.
Enterprises that have grown comfortable with Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (IaaS) are increasingly accepting of Network as a Service (NaaS). NaaS is a rapidly growing market. According to Market Research Future, NaaS is expected to become a US $126 billion market by 2022, sustaining an annual growth rate of 28.4 percent.One of the key benefits of cloud-based networking is increased security for applications and data. Given that the traditional perimeter of on-premise networks has been decimated by mobile and cloud computing, NaaS builds a new perimeter in the cloud. Now it’s possible to unify all traffic – from data centers, branch locations, mobile users, and cloud platforms – in the cloud. This means an enterprise can set all its security policies in one place, and it can push traffic through cloud-based security functions such as next-generation firewall, secure web gateway, advanced threat protection, and so on.To read this article in full, please click here
Open source has taken over the server side of things, but admins are doing a terrible job of keeping the software patched and up to date.Black Duck Software, a developer of auditing software for open-source security, has released its annual Open Source Security and Risk Analysis, which finds enterprise open source to be full of security vulnerabilities and compliance issues.[ For more on IoT security see our corporate guide to addressing IoT security concerns. | Get regularly scheduled insights by signing up for Network World newsletters. ]
According to the study, open-source components were found in 96% of the applications the company scanned last year, with an average of 257 instances of open source code in each application.To read this article in full, please click here
TSB customers in the U.K. were already frustrated by the bank's technical problems, but now the situation has gotten worse as criminals take advantage of the chaos. Host Steve Ragan looks at recent TSB phishing attacks and the kit that powers them.