This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.A recent Network World article argued that automated threat detection (TD) is more important than automated incident response (IR). But the piece was predicated on flawed and misguided information.The article shared an example of a financial institution in which analysts investigated 750 alerts per month only to find two verified threats. The piece claimed that, in this scenario, automated IR could only be applied to the two verified threat instances, therefore making automated threat detection upstream a more important capability by “orders of magnitude.”To read this article in full or to leave a comment, please click here
Microsoft released security patches Tuesday for 55 vulnerabilities across the company's products, including for three flaws that are already exploited in targeted attacks by cyberespionage groups.Fifteen of the vulnerabilities fixed in Microsoft's patch bundle for May are rated as critical and they affect Windows, Microsoft Office, Microsoft Edge, Internet Explorer, and the malware protection engine used in most of the company's anti-malware products.System administrators should prioritize the Microsoft Office patches because they address two vulnerabilities that attackers have exploited in targeted attacks over the past two months. Both of these flaws, CVE-2017-0261 and CVE-2017-0262, stem from how Microsoft Office handles Encapsulated PostScript (EPS) image files and can lead to remote code execution on the underlying system.To read this article in full or to leave a comment, please click here
Security architects are the people responsible for maintaining the security of their organizations’ computer systems, and as such they must be able to think as hackers do in order to anticipate the tactics attackers can use to gain unauthorized access to those systems, according to the InfoSec Institute.Anyone in this position can expect to have to work odd hours on occasion, and needs to be constantly up to date on the latest security threats and available tools.Sometimes people who ultimately take on the role of security architect, like Jerod Brennen, could not have predicted such a career direction when they were younger. When Brennen began attending Capital University, a small liberal arts college in Ohio, in the 1990s, he intended to pursue a career in the film industry as a composer.To read this article in full or to leave a comment, please click here(Insider Story)
Blockchain technology has been generating excitement in the public and private sectors for the past several years for many reasons — a prominent one being support for self-executing contracts commonly referred to as smart contracts. But while smart contracts have the potential to streamline many business processes, full automation isn't likely anytime in the foreseeable future."Smart contracts are a combination of some certain binary actions that can be translated into code and some reference to plain language like we have today that is open to litigation if you mess up," says Antonis Papatsaras, CTO of enterprise content management company SpringCM, which specializes in contract workflow automation. "I think it's going to take forever."To read this article in full or to leave a comment, please click here
A recently released draft of the National Institute of Standards and Technology’s (NIST's) digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies.The new framework recommends, among other things:
Remove periodic password change requirements
There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach.To read this article in full or to leave a comment, please click here
After John Oliver urged viewers of HBO’s Last Week Tonight to fight for net neutrality (again) and post comments on the FCC's site, people were not able to submit comments because the site turned to molasses.The FCC blamed the problem on “multiple” DDoS attacks: “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”To read this article in full or to leave a comment, please click here
Risk scores seem all the rage right now. Executives want to know what their risk is. The constant stream over the past few years of high profile breaches and the resulting class action lawsuits, negative PR, loss in share price, cybersecurity insurance pay-out refusals, and even termination of liable executives has made this an urgent priority. The problem is we haven’t really developed a good way to measure risk.Most risk score approaches are restricted by a very simple limitation: They are not vendor agnostic or universal. The solution used to calculate risk is limited by the data it collects, which can vary widely. What is the risk score composed of? More important, what doesn’t it capture? One vendor will include only network and system vulnerabilities, another bundles application vulnerabilities into the mix, and yet another adds user behaviour. Agreeing on the “right” mix still eludes us with no real authoritative standards that define what should be included. Every scoring methodology is subjective, which is surely a sign of how inherently unscientific the entire approach is.To read this article in full or to leave a comment, please click here
Microsoft has released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.Ormandy announced Saturday on Twitter that he and his colleague found a "crazy bad" vulnerability in Windows and described it as "the worst Windows remote code execution in recent memory."To read this article in full or to leave a comment, please click here
When I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. Back then, application vendors tended to specialize in one area—PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real time. + Also on Network World: Cybersecurity companies to watch +
Yes, the ERP journey was a bit painful, but the transition resulted in a steady increase in business productivity, enhanced efficiency and better decision making.To read this article in full or to leave a comment, please click here
The security space is one area where there are a massive number of vendors all offering to solve particular discrete problems. That is all well and good if you have a singular, discrete problem to solve, but what happens if you’re looking for a solution that covers the totality of your needs?Signal Science wants to be the answer to that question, the company offers a web protection product that covers cloud, physical and containerized infrastructure and provides security prioritization based on where applications are targeted. Signal Sciences claims Under Armour, Etsy, Yelp and Shutterstock as customers.+ Also on Network World: What to ask when selecting application security solutions +
The company is making a dual announcement today. The first about its platform overall; the second is some fundraising news. Since fundraising is often seen as a validation of the product story, I’ll cover off the money side of things first. Signal Sciences has raised a $15 million Series B funding round led by Charles River Ventures.To read this article in full or to leave a comment, please click here
Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.+More on Network World: FBI/IC3: Vile $5B business e-mail scam continues to breed+ RedLock
Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.To read this article in full or to leave a comment, please click here
Staples has hired its first chief information security officer (CISO), a key new member of the office supply giant's team that combines traditional IT and digital transformation. Staples
New Staples CISO Brett Wahlin
CISO Brett Wahlin, who will report to the company's CTO, will be responsible for enterprise-wide information, product and data security during a time in which Staples looks to expand its delivery business. His responsibilities extend into areas such as connected devices (think Amazon Echo/Google Home digital assistant competition in the office), fraud and loss prevention. To read this article in full or to leave a comment, please click here
If you think you're immune from a scary exploit found in Intel's Active Management Technology just because you're a consumer, think again.The exploit, disclosed on May 1, lets bad actors bypass authentication in Intel's remote management hardware to take over your PC. This hardware, built into enterprise-class PCs, lets IT administrators remotely manage fleets of computers—install patches and software, and even update the BIOS as though they were sitting in front of it. It is, in essence, a God-mode.Here's the fine print: Many early news reports said "consumer PCs are unaffected." But what Intel actually said was, "consumer PCs with consumer firmware" are unaffected.To read this article in full or to leave a comment, please click here
Security, trust and data integrityImage by ThinkstockThe emergence of IoT is altering our personal technology security paradigm and is a game-changer in customer/business interaction, in part due to the wide scope of available data and sheer number of devices collecting this data. McKinsey & Company estimates the IoT ecosystem will generate $6 trillion in value by 2025. Successful IoT offerings rely on the perception of benefit they can deliver to businesses and consumers while creating a proportionate foundation of security, trust, and data integrity. There are important ways that IoT technology can reduce data security risk while improving customer experience in a connected world.To read this article in full or to leave a comment, please click here
Security, trust and data integrityImage by ThinkstockThe emergence of IoT is altering our personal technology security paradigm and is a game-changer in customer/business interaction, in part due to the wide scope of available data and sheer number of devices collecting this data. McKinsey & Company estimates the IoT ecosystem will generate $6 trillion in value by 2025. Successful IoT offerings rely on the perception of benefit they can deliver to businesses and consumers while creating a proportionate foundation of security, trust, and data integrity. There are important ways that IoT technology can reduce data security risk while improving customer experience in a connected world.To read this article in full or to leave a comment, please click here
Several German firms are taking a stab at a single login process for accessing different online services -- an approach that could compete with U.S. offerings. The companies, which include automaker Daimler, insurance provider Allianz and Deutsche Bank, among others, announced the joint effort on Monday. Their goal: to create a platform that revolves around a “master key” for users that can access sites and services across industries.The platform will not only make online registration simpler, but also more secure, they said. To do so, the companies will incorporate top standards in data security, and comply with local European Union data protection laws.To read this article in full or to leave a comment, please click here
The U.S. Federal Communications Commission's website slowed to a crawl after comic and political commentator John Oliver urged viewers to flood the agency with comments in support of net neutrality, in what appeared to be a repeat of a 2014 incident.With the FCC headed toward a repeal of net neutrality rules it passed in early 2015, Oliver on Sunday echoed his "Last Week Tonight" commentary on the topic from three years ago. (Note to viewers: The link to Oliver's new diatribe is not safe for work.) As in 2014, the FCC's website seemed to buckle under the load late Sunday and early Monday, but the cause may have been more sinister than a flood of people expressing their support for net neutrality rules.To read this article in full or to leave a comment, please click here
Kids these daysImage by Ólafur Páll GeirssonThe National Collegiate Cybersecurity Competition (NCCDC) is an annual event that seeks to get college students involved in cybersecurity. This year, as usual, the kids were playing defense, but many of the competitors had certain black-hat incidents in their past, having hacked systems as varied as insulin pump, a connect avionics system, and a beer kegerator.To read this article in full or to leave a comment, please click here
There should be prizes for this. Let’s call them The Oopsies. The most bafflingly easy servers to hijack, turn out to be those running Intel’s Active Management Technology (AMT).People warned me about this, and I pooh-pooh’d it. Please hand me a scraper so that I can wipe the egg off my face. The servers are so wickedly simple to jack that a third-grader can log into them and merrily do essentially root damage.+ Also on Network World: The insecurities list: 10 ways to improve cybersecurity +
That the largest server CPU provider on earth doesn’t fall all over itself in sincere apologies (United Airlines gone wrong?) doesn’t surprise me. No one falls on their sword anymore. No one takes product managers out behind the cafeteria and strips the access key fob from the management toy room. It’s all just jolly. Oops. Sorry, folksTo read this article in full or to leave a comment, please click here
Aaron Gach wasn't expecting U.S. Customs and Border Protection agents to demand to search his smartphone when he returned to San Fransisco from Belgium in February.The artist and magician, a U.S. citizen, had just attended an art event near Brussels and was targeted for advanced screening by CBP after his flight landed in the U.S. During a series of questions from CBP agents ("Did you pack your bag yourself?"), they repeatedly asked to search his smartphone, Gach said."Do you understand that if you choose not to unlock your phone we may need to detain your other personal effects?" one agent told him, according to a description of the encounter that Gach posted online.To read this article in full or to leave a comment, please click here