While in Israel late last year, I caught up with Shaked Zin and Avi Shulman, co-founders of security company PureSec. PureSec was in a bit of a conundrum. It was doing important work but in a space that was still nascent: serverless computing. As such, it was having a hard time both articulating its value proposition and getting investors to understand and commit to their story.I found this conundrum interesting. Serverless computing is, after all, pretty high on the hype cycle. Ever since Amazon Web Services (AWS) introduced the notion of serverless via its Lambda offering a few years ago, all vendors have been rushing to commercialize their own serverless offering.To read this article in full or to leave a comment, please click here
While in Israel late last year, I caught up with Shaked Zin and Avi Shulman, co-founders of security company PureSec. PureSec was in a bit of a conundrum. It was doing important work but in a space that was still nascent: serverless computing. As such, it was having a hard time both articulating its value proposition and getting investors to understand and commit to their story.I found this conundrum interesting. Serverless computing is, after all, pretty high on the hype cycle. Ever since Amazon Web Services (AWS) introduced the notion of serverless via its Lambda offering a few years ago, all vendors have been rushing to commercialize their own serverless offering.To read this article in full or to leave a comment, please click here
With networking pros unable to trust the security of Internet of Things devices, Cisco says they should focus on implementing network-based security protections that limit the blast radius of IoT security breaches.This week Cisco unveiled a new package named IoT Threat Defense at the company’s IoT World Forum in London. IoT Threat Defense combines seven separate offerings, including network-segmentation rule creator TrustSec, network behavior analytics platform Stealthwatch and device-visibility offering named Cisco Identity Service Engine. +MORE AT NETWORK WORLD: 8 Tips to secure IoT devices | IoT security guidance emerges +To read this article in full or to leave a comment, please click here
Modern businesses must be agile, flexible and innovative. Business leaders are always looking for the next opportunity and speed is of the essence. Whether they’re looking to scale up quickly for a new project, or seeking to harness the benefits of the latest and greatest technology, it’s often necessary to go beyond company walls and sign up with a vendor for new software or services.You may have spent considerable resources to ensure that your security is strong, but what about your third-party vendors? We’ve discussed how cybersecurity is only as strong the weakest link before, but sometimes that weak link is a partner.To read this article in full or to leave a comment, please click here
In 2016 consumers were exposed to a larger number of high profile data breaches than any year previously. According to the Breach Level Index, 1,792 data breaches led to almost 1.4 million data records being compromised worldwide, an increase of 86% compared to 2015. Identity theft was the leading type of data breach last year, accounting for 59% of all data breaches. These numbers have helped raise public awareness around the serious threats to personal data that exist in the modern era, and awareness is also growing for some of the solutions that businesses and individuals can use to minimize the risks from data breaches. But is it enough?To read this article in full or to leave a comment, please click here
With information security being a major concern at all companies, successful security executives need to be equally comfortable in the boardroom and the server room. While being well-versed in traditional security duties, like developing incident response plans and knowing what technology will keep the bad guys at bay, is still essential, CISOs and CSOs also need to know how security factors into the business’ operations.Three skills that are essential for future leaders to master are being able to clearly articulate the importance of security to non-technical executives, show how security can help a company achieve its business goals and balance security with innovation. These skills are consistently mentioned by CEOs and CSOs when we’re discussing how business and security leaders can work better together.To read this article in full or to leave a comment, please click here
Imagine you wake up one morning, assuming everything is as you left it the night before. But overnight, attackers with a quantum computer capable of breaking current cryptography standards have targeted millions of people and stolen their personal data.Experts have estimated that a commercial quantum computer capable of breaking the cryptography we rely on today will be available by 2026. In fact, IEEE Spectrum reported last year that a quantum computer is close to cracking RSA encryption.To read this article in full or to leave a comment, please click here
When it comes to security and the iris recognition technology used in its flagship Galaxy S8 smartphone, Samsung touted, “The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private.”But the Chaos Computer Club (CCC) made a mockery of Samsung’s “virtually impossible to replicate” claims, easily defeating the iris recognition system used in the new Galaxy S8 with nothing more than a camera, a printer and a contact lens.Not only can the iris authentication system be broken to unlock an S8, the same trick could allow an attacker to access the victim’s mobile wallet. Just last week, Samsung Pay tweeted a short iris scan video ad along with, “Every eye is unique. Now you can use yours to make purchases with Samsung Pay.”To read this article in full or to leave a comment, please click here
Netgear makes some popular routers, but do you really want the company behind your model of router to collect data such as your IP address and MAC address? If the answer is no, then you need to disable the "analytics" data collection.Netgear’s NightHawk R7000 router, dubbed as “best-selling” and “top-rated” router on Amazon, is now collecting users’ data. Not just Wi-Fi information, but also information about connected devices, MAC address and IP. The data collection was enabled in the latest firmware update.A Slashdot user spotted the change after Netgear updated its data collection policy. A support article—“What router analytics data is collected and how is the data being used by Netgear?—states:To read this article in full or to leave a comment, please click here
I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:To read this article in full or to leave a comment, please click here
I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, Splunk's senior vice president of security markets, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:To read this article in full or to leave a comment, please click here
Running its courseImage by UntangleNetwork World's long-running product of the week slideshow has come to an end with this edition. Vendors are still welcome to discuss their products with reporters. Thank you to all who have submitted products. CyphonImage by dunbarTo read this article in full or to leave a comment, please click here
While you won’t be forgetting the WannaCry ransomware attack, it is likely you will be hearing a lot more about the alleged NSA-linked EternalBlue exploit and DoublePulsar backdoor as it seems a wide range of bad guys have them in their toyboxes. At least one person is leveraging seven leaked NSA hacking tools for a new EternalRocks network worm.EternalBlue and DoublePulsarMalwarebytes believes WannaCry did not spread by a malicious spam email campaign, but by an scanning operation that searched for vulnerable public facing SMB ports, then used EternalBlue to get on the network and DoublePulsar to install the ransomware.To read this article in full or to leave a comment, please click here
The internet can be a scary place. Threats come in many forms, lurking in practically any corner. Worse, yesterday’s prevailing advice for staying safe online -- avoid dodgy websites, don’t traffic in stolen or illegal goods, interact only with people you know -- no longer holds. Phishing emails from supposed family members, spyware piggybacking on legitimate apps, well-known sites hijacked with malicious code -- digital safety clearly needs new rules to meet today's evolving threatscape.Considering how much of our digital lives occurs online -- communications, financial transactions, entertainment, work, education, to name a few -- adopting even a few safe browsing practices can lead to broad benefits. And this includes how we deal with email messages as well, given how popular email is as a delivery mechanism for online attacks using exploit kits and malware.To read this article in full or to leave a comment, please click here
We often say, “HTTPS is secure,” or “HTTP is not secure.” But what we mean is that “HTTPS is hard to snoop and makes man-in-the-middle attacks difficult” or “my grandmother has no trouble snooping HTTP.”Nevertheless, HTTPS has been hacked, and under some circumstances, HTTP is secure enough. Furthermore, if I discover an exploitable defect in a common implementation supporting HTTPS (think OpenSSL and Heartbleed), HTTPS can become a hacking gateway until the implementation is corrected.HTTP and HTTPS are protocols defined in IETF RFCs 7230-7237 and 2828. HTTPS was designed as a secure HTTP, but saying HTTPS is secure and HTTP is not still hides important exceptions.To read this article in full or to leave a comment, please click here
Data at riskImage by George HodanBefore his retirement, an employee of the Office of the Comptroller of the Currency (OCC) uploaded more than 10,000 OCC records onto two removable thumb drives. He retired in November 2015; the agency didn’t discover the breach until the following September. That left almost a year between breach and detection. The OCC was not able to recover the thumb drives.To read this article in full or to leave a comment, please click here
There has been a steady stream of reports and claims lately that many of us no longer need endpoint security, that antivirus (AV) programs on our PCs are worthless.Gizmodo flat out said that you really don't need an antivirus app anymore, arguing that Windows 10 and the browsers have tightened up security to the point that they adequately protect end users. Windows Central asked the same question, but determined that more protection is better than less.To read this article in full or to leave a comment, please click here
Panda security solutions will fully protect you against the newly released malware and ransomware attacks, and Panda is offering 55% off all security products for home users using the coupon code ANTIRANSOMWARE at checkout. See Panda's Internet Security product here, or their Antivirus Pro product here, and enter the code at checkout to activate the 55% savings. This code will work for all Panda Security products for home users.
To read this article in full or to leave a comment, please click here
Years ago it would have been unthinkable to give up control to securing your most valuable assets. But for some companies the risk of handing the security keys to a third party is less than the idea of facing the daily barrage of attacks.When asked why a company would cede control, many vendors said it depends on the level of staffing that company has. If the expertise is lacking, why take the chance. Or if it is a small to midsize enterprise, maybe there is just not a budget for creating a security staff up to the level needed. Therefore, partnering with a managed security services provider (MSSP) has become almost a must when faced with worries over data theft and the number of mobile devices entering the workplace. To read this article in full or to leave a comment, please click here
If yet another cybersecurity expert wanted to warn the general public about the risks associated with the internet-of-things (IoT), it is as likely as not that the warning would go in one ear and out the other. But when a sixth grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here