A seed round of funding will enable further development of TruStar's security information-sharing technology.
The need to share security information to help defend against attacks is often considered a best practice, but how do you share that information in a safe, secure and anonymized way? That is the focus of security startup TruStar, which announced a new $2 million seed round of funding led by Resolute Ventures.
The security information-sharing specialist plans to use the new capital to fund continued development efforts as well as sales and marketing.
"The basic idea we had when we started the company is that companies really need to be able to share incident data anonymously while also protecting privacy," Paul Kurtz, co-founder and CEO of TruStar, told eWEEK. "We think we're at a terrific point to take in some seed funding, we have a product, and we have several companies that are beginning to share information."
TruStar is actively working with a few companies and organizations, including Rackspace and the Cloud Security Alliance (CSA). "The CSA is establishing an incident-reporting center for cloud providers, and users and we're central to that effort," Kurtz said.
From a technology perspective, Kurtz explained that the data is sent by companies though an encrypted channel and then TruStar's technology correlates the information for analysis. The technology that enables the encrypted anonymous transfer currently has patents pending on it.
"The technology allows us to know enough about a company that is sending something to us, so we can confirm they are a part of our effort, but not enough to determine who they are," Kurtz said. "It's basically a complex token exchange between the providers of information and TruStar."
The TruStar platform includes the Orion and Pulsar technologies. Orion is TruStar's open-source information pull where the system is looking for similar reports to ones submitted by users. Pulsar is an encrypted end-to-end chat capability that enables secured conversations.
The idea of threat intelligence sharing is not unique to TruStar; multiple vendors in the market are attempting to solve the challenge is different ways. Verizon has its VERIS (Vocabulary for Event Recording and Incident Sharing) framework, which helps inform its annual Data Breach Investigations Report (DBIR). AlienVault has a platform called the Open Threat Exchange (OTX), which enables threat sharing.
TruStar is taking a different approach due to its privacy techniques and provides a platform that can connect organizations, Kurtz explained, adding that his goal is for his company to be to the security industry what the Bloomberg terminal is to the financial services industry.
"Bloomberg brings in all kinds of data feeds together to help traders make good decisions about buying and selling; the system also includes chat," Kurtz said. "That's where TruStar will go, being a data exchange platform with real incident data, correlated with other threat feeds, so enterprises can make better decisions to protect themselves."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
TruStar Raises $2M to Further Develop Security Info-Sharing Tech
↧
↧
Dell Goes Proactive in Endpoint Security by Adding Cylance
Cylance's security package, already in use by a number of government agencies, has been charted to stop a whopping 99 percent of malware and advanced persistent threats.
Dell on Nov. 17 added a new option to its endpoint security arsenal when it announced a collaboration deal with Cylance, a cybersecurity software startup that uses artificial intelligence to proactively prevent, rather than reactively detect, advanced persistent threats and malware.
Cylance's Endpoint Security Suite Enterprise combines authentication, encryption and advanced threat protection into a single-control security suite, something none of the major IT providers currently have.
It protects against the execution of advanced persistent threats and malware, including zero-day attacks, scripting attacks and targeted attacks such as spear phishing and ransomware, founder and CEO Stuart McClure told eWEEK.
Dell Software, which plugs some big gaps in its security offerings with the partnership, said it has begun integrating Cylance's wares directly into its Dell Data Security solutions lineup.
After buying Quest Software in 2012 and unifying the 36 other companies it had bought to form Dell Software, Dell started to build its own security division in 2013 when it bought Credant Technology for its high-end enterprise data encryption product. The addition of Cylance IP completes the major components needed for a new stand-alone endpoint security package.
As a result, by early next year Dell will become the only Tier 1 PC vendor to offer a security suite integrating Cylance's technology when it launches Dell Data Protection Endpoint Security Suite Enterprise. This collaboration follows the Dell Ventures investment in Cylance earlier this year as part of its commitment to support new businesses that align with Dell's strategic direction.
By the way, Irvine, Calif.-based Cylance picked up a tidy $42 million in venture capital investment—much of that from Dell Ventures—last July to bring its three-year VC investment total to $77 million since its launch in 2012.
"It's pretty obvious that standard, signature-based anti-virus and anti-malware solutions aren't working," McClure told eWEEK. "If they were, we wouldn't have all the issues we have today."
Cylance's security package, already in use by a number of government agencies, has been charted to stop a whopping 99 percent of malware and advanced persistent threats. In contrast, the average efficiency rating of traditional anti-virus solutions is less than 45 percent, according to a number of security analysts.
Endpoint Security Suite Enterprise uses a deep understanding of attack vectors with sophisticated artificial intelligence and algorithmic science to provide superior endpoint protection against both present and future threats, McClure, who previously had built Ernst & Young's security practice, said.
Dell Data Protection Endpoint Security Suite Enterprise will be available starting in early 2016 from Dell and through PartnerDirect partners in the United States and around the world. Go here for more information.
↧
Chipotle allows job applicant to access its HR emails
US restaurant chain didn't own the 'chipotlehr' domain name, despite using it to respond to job seekers
↧
Halton Equips Caretaker Teams With 1st Touch Mobile
Halton Housing Trust has chosen Caretaker Software from 1st Touch (www.1sttouch.com). The software will be used by Halton’s Estate Services and Environmental teams across 140 communal flat blocks and over 200 green space areas.Halton Housing Trust is a forward thinking and dynamic not-for-profit housing association that owns and manages over 6,700 homes with over 16,000 customers in the Cheshire towns of Runcorn and Widnes. Halton’s Board works closely with its executive management team to ensure the Trust’s Strategic Aim of ‘Improving People’s Lives’ is achieved. Maintaining efficient Estate and Environmental services is a part of this strategy and Halton Housing Trust is using 1st Touch to streamline the activities of its Estate Service and Environmental team members.By using the software, re-occurring appointments are scheduled through the 1st Touch Diary facility. On completion of the activity this creates a contact in Halton’s Aareon’s QL Housing Management system so that the information is available to all staff through CRM. Whilst out on site, team members can also report fly tipping, graffiti and repairs using the 1st Touch module, which generates a workflow into QL to rectify any problems. Both teams also carry out van checks and grounds maintenance staff carry out a daily machine test. This information is sent to the 1st Touch Portal where managers can review any issues that have been flagged on the checks and tests.Halton Housing Trust chose the software as they had a positive and in-depth experience of a number of other 1st Touch modules as part of its Digital First Strategy. These include: Responsive Repairs, Arrears Management, Neighbourhood Management, Tenancy Support and also an ASBO module.The system delivers a number of key benefits. As Carole Galsworthy, Director of ICT and Business Improvement at Halton Housing Trust says: “We invested in the Caretaker software as part of our Digital First programme. By using mobile technology, we can jointly drive efficiency and enhance customer experience; which are both desirable outcomes. The biggest benefit will be that the whole process is now paperless, so therefore information on completion of work is instantly available to team members and management alike. In addition, the processing of daily tasks and the ability to reassign work is now automated and has become far more structured. Team members are able to raise ad hoc tasks from the diary and direct from the tablet. All tasks and outcomes are recorded so this makes performance reports far more accurate. Ultimately though the real beneficiaries of the increases in efficiency are our customers, who value how well maintained and managed their blocks, estates and open spaces are.” For his part, Greg Johns CEO of 1st Touch, welcomed Carole Galsworthy’s comments adding, “As part of its Digital First programme, Halton Housing Trust is committed to introducing mobile working in order to reduce costs, drive efficiencies and most importantly to support its customers. One key element of this programme is the work done by the Estates Services and Environmental teams. We are delighted that they have chosen 1st Touch Caretaker to deliver these key benefits to this function and we look forward to helping them fully exploit the system’s benefits in the field.” ends Note to Editors: About 1st Touch (www.1sttouch.com) Southampton based 1st Touch, a subsidiary of Aareon AG (www.aareon.com), has enabled dozens of field workforce-based organisations to embrace new mobile technologies and so achieve significant savings, greater productivity and more cost-effective use of resources. 1st Touch Mobile delivers clear and unique benefits: These include the system’s acclaimed ‘Smart Airtime’ feature where ‘airtime’ is minimised and the system is always available with or without ‘airtime’. The system’s flexibility through simple customer control over forms creation and amendment is also widely acclaimed. There is Integration to multiple back office and other enterprise software applications, so that data is entered only once. With its widely acclaimed mobile technology, 1st Touch has a clear focus on the Social Housing and Local Government markets. Many social housing providers and local authorities, at large, now benefit from the fast and tangible, best of breed benefits that 1st Touch mobile technology delivers to the enterprise. To date, over 50% of the social housing market, which has deployed mobile technology, has chosen to implement 1st Touch. In local government, 1st Touch has already been adopted for a wide range of mobile workforce uses. Ready to use applications for local authority organisations include: Public Buildings, Highways/Street Services, Environmental/Waste Management, Revenues and Benefits, together with Planning Control and Trading Standards. 1st Touch software is available on a wide variety of platforms including: Windows Mobile, Apple and Android. For further information on 1st Touch please contact: Sally Cops1st Touch 02380 111206sally.cops@1sttouch.com www.1sttouch.comorLeigh Richards The Right Image PR & Marketing Group07758 372527leigh.richards@therightimage.co.uk www.therightimage.co.uk Source: RealWire
↧
Windows 10 is ‘the most secure operating system, ready for deployment in all enterprise situations’ claims Nadella
As fears over cyber terrorism grow, Microsoft wades into the cyber-security conversation
↧
↧
Unisys Recognised by Two Respected Industry Analyst Firms for Leadership in Managed Security Services
Company positioned as a “Leader” in NelsonHall evaluation of managed security services and as a “High Performer” in HfS Research “Trust-as-a-Service” reportLondon, UK, November 18, 2015 – Unisys Corporation (NYSE: UIS) today announced that two respected analyst firms – NelsonHall and HfS Research – have recognised the company as a leading global provider of managed security services.NelsonHall has positioned Unisys in the “Leaders” quadrant in the 2015 NelsonHall Vendor Evaluation and Assessment Tool (NEAT) report on managed security services – the top category in the evaluation.In a separate report by HfS Research, Unisys is positioned as a “high performer” in the company’s “Trust-as-a-Service Blueprint Report.” The report evaluates security service providers “with a focus on broad security abilities grounded by managed security services and enhanced by overall security, risk and trust offerings.”The NelsonHall report cited Unisys’ contract with a global banking group as an example of how the company has helped clients by providing intrusion detection and security information and event management (SIEM) services. The report noted that, “Unisys reduced the number of incidents the client was experiencing by approximately 75 percent, and the labor required to resolve incident alerts by 65 percent.”“Unisys has demonstrated its investment in managed security and the ability to secure clients’ environments,” said Mike Smart, NelsonHall’s managed security services analyst. “The company has done this by leveraging its security technologies such as the Unisys Noise Cancellation Advanced Analytics Platform (UNCAAP™) to reduce the number of events that need to be processed in a traditional security environment, and its Unisys Stealth™ offerings to provide a new style of security, safeguarding clients’ networks by effectively making the network and assets undetectable.”The HfS report places Unisys at the forefront of security service providers across two main categories: innovation and execution. The report cited Unisys for its “interesting technologies and an approach that aggressively targets/positions security as a transformational element.” According to HfS, Unisys is providing not only security services, but more importantly, trust.“Unisys has a solid record of strong performance in the global security market,” said Fred McClimans, executive vice president of strategy and managing director of Digital Trust & Security at HfS Research. “Its alignment with our Digital Trust Framework, coupled with a long-term vision for advancing physical/digital security maturity, positions it well to assist enterprises seeking to stay ahead of emerging cyber threats.”“Innovation and execution in delivering managed security services are critical measurements of a company’s ability to help enterprises combat today’s escalating and sophisticated cyber threats,” said Tom Patterson, vice president and general manager for global security solutions, Unisys. “These two reports from two highly respected analysts firms testify to Unisys’ strengths in helping our clients protect themselves from sophisticated threats by providing advanced security solutions.”The Unisys global security offering includes a full suite of efficient managed services, technical and strategic consulting, award-winning Stealth micro-segmentation products and advanced physical security managed by the LEIDA™ (Library of eID Artifacts) framework, which creates software building blocks that accelerate the time needed to develop and implement identity and credentialing solutions. Unisys provides advanced security for clients including governments, financial services and commercial companies around the world.Please click on the following link for a copy of the NelsonHall report: http://www.unisys.com/offerings/sercurity-solutions/Analyst%20Reports/NelsonHall-Recognized-Unisys-as-a-Leading-Global-Provider-id-2515 Please click on the following link for a copy of the HfS report: http://www.unisys.com/offerings/security-solutions/Analyst%20Reports/Unisys-positioned-as-a-high-performer-in-the-hfs-research-id-2514 About UnisysUnisys is a global information technology company that works with many of the world's largest companies and government organisations to solve their most pressing IT and business challenges. Unisys specialises in providing integrated, leading-edge solutions to clients in the government, financial services and commercial markets. With more than 20,000 employees serving clients around the world, Unisys offerings include cloud and infrastructure services, application services, security solutions, and high-end server technology. For more information, visit www.unisys.com.Follow Unisys on Twitter and LinkedIn. ###Unisys and other Unisys products and services mentioned herein, as well as their respective logos, are trademarks or registered trademarks of Unisys Corporation. Any other brand or product referenced herein is acknowledged to be a trademark or registered trademark of its respective holder.Contact:Alex Brooks Octopus Group for UnisysD: 0203 837 3702 / M: 07900 205 460Alex.Brooks@weareoctopusgroup.netNick Miles, Unisys, 07808-391-543nick.miles@unisys.com Source: RealWire
↧
Microsoft Opens Cyber Defense Operations Center
The new facility will gather expertise from various Microsoft business units for proactive, intelligence-driven security services and software enhancements.
More than many other technology companies, Microsoft has had to endure a relentless onslaught of threats to its software ecosystem. In fact, during a speech at the Government Cloud Forum in Washington, D.C., Nov. 17, CEO Satya Nadella told attendees that Microsoft spends more than $1 billion in security research and development.
Signaling a change in Microsoft's approach toward security in a cloud-enabled IT landscape and the burgeoning Internet of things market, Nadella announced that the company is opening a new front in the war against cyber-theft and other hazards that enterprises face while conducting business in today's connected world.
In opening remarks yesterday, Nadella addressed "perhaps one of the most pressing issues of our times, of our industry, cyber-security." The past year alone has taken a major toll on businesses.
This year "has been a tough year around cyber-security," Nadella said. "Just the top eight or so data breaches have led to 160 million data records being compromised." It doesn't help matters that those breaches may go undiscovered for months.
"In fact, one of the biggest challenges that we all face is the time to detect an intrusion; it's something like 229 days between when you have been intruded versus when you know and you can start to respond," Nadella said. To combat this, and other potential threats, Nadella announced the formation of a new, cross-discipline Cyber Defense Operations Center.
"Now we're even bringing together the operational security people across our company, people running everything from Xbox Live to Office 365, to Azure, to Windows Update, to Windows Defender, and bringing them together in one operations center," Nadella announced. "We actually have people who are able to, in real time, connect the dots between what's happening across all of these services."
Bret Arsenault, chief information security officer at Microsoft, went into further detail in a Nov. 17 blog post on the topic.
"This state-of-the-art facility brings together security response experts from across the company to help protect, detect and respond to threats in real time," wrote Arsenault. "Staffed with dedicated teams 24×7, the center has direct access to thousands of security professionals, data analysts, engineers, developers, program managers, and operations specialists throughout Microsoft to ensure rapid response and resolution to security threats."
The center will maintain "critical connections with industry security partners, governments and enterprise customers," Arsenault added, and will coordinate with Microsoft's Digital Crimes Unit in cases of law-enforcement involvement.
In addition to the Cyber Defense Operations Center, Microsoft also took the wraps off the new Enterprise Cybersecurity Group (ECG).
"This dedicated group of worldwide security experts delivers security solutions, expertise and services that empower organizations to modernize their IT platforms, securely move to the cloud and keep data safe," explained Arsenault. "ECG offers security assessments, provides ongoing monitoring and threat detection, and incident response capabilities. ECG helps customers take advantage of Microsoft's best-in-class security and privacy technologies to optimize their investments and confidently advance their security postures."
↧
IT Managers Struggling to Keep Up With Cyber-Threats: Security Experts
NEWS ANALYSIS: Security experts say building in-depth cyber-defenses is the best way to resist the increasingly sophisticated attacks on enterprise networks.
DALLAS—Sometimes unanimity is refreshing, but not when panel after panel at the Metro Ethernet Foundation's GEN15 conference here delivers the same depressing news. Despite all the work that's been done to improve enterprise and network security, the picture is far worse today than at any time in the past.
Timothy Wallach, supervisory special agent from the Federal Bureau of Investigations Seattle field office cyber task force, said that the level of criminal activity attacking enterprises in the U.S. has reached an all-time high.
Wallach also said that despite the worries about insider attacks, "those are only a small percentage of the attacks we see." He said that the vast majority of attacks on businesses are criminal activity seeking to steal information from companies that can be used by competitors or that can be sold on the dark Web.
While criminal actors are the single biggest source of threats, there are plenty of others, Wallach said, including political activists who want to disrupt businesses for some political gain or to make a point.
He also listed nation-state actors who will attack an enterprise, frequently as a means of gaining access to some other company with which they do business. "No one is immune from these attacks," he said.
What makes the latest attacks so serious is that perpetrators are better funded and usually more skilled than they have been, but Wallach also noted that even relatively unskilled attackers have access to sophisticated tools to break into networks and to launch attacks. He said that it's not unusual for IT managers to find that their networks have been infected for years.
Stuart McClure, founder and CEO of Cylance, speaking on the same panel, said that once security managers start looking for threats that already exist on their networks, "It’s like turning on a black light in a hotel room, you have to be ready for what you're going to find."
He said that it's not uncommon to find that the hackers have penetrated far more of a company's network than anyone realized and may have been stealing information for years. "You might wish you hadn't looked," he said.
During an earlier panel discussion, Ethernet inventor Robert Metcalfe, said he's been trying to encourage better security for networking, saying that in some instances the Internet of Things was going to be a significant weak point. He said that better authentication should be designed into embedded electronics. Metcalfe noted that such security problems were going to be growing in importance as the IoT becomes more widespread.
↧
Survey Data: IT and End Users Disagree on What Makes a Good Desktop Experience
AppSense 2015 Desktop Experience Study Shows IT is Enforcing Desktop Limitations that Impact Workforce Productivity SUNNYVALE, Calif., November 19, 2015 – An intensive study of end users’ satisfaction with their desktop experience, contrasted with IT’s perception of what constitutes a good user experience, reveals a disconnect between IT professionals and end users in the areas of security, performance, and productivity. The survey conducted by Dimensional Research for AppSense, the global leader in User Environment Management (UEM) solutions for the secure endpoint, shows that end users have high expectations for their desktops and often feel that desktop security limits their productivity.End users and IT professionals diverge on how important non-intrusive security is to the user experience. More than three in five (63%) end users ranked unobtrusive security as important to a great desktop experience compared to just 46% of IT professionals. Even while nearly half of IT professionals valued unobtrusive security, as many as 35% still limit their end users’ ability to personalize their desktops based on corporate security policies. The result is an increasing frustration among end users who continue to believe that security is negatively impacting experience. Desktop performance is another key area where end users and IT disagree when it comes to a good desktop experience. More than four in five (86%) of end users surveyed ranked good performance, including application request processing times, as the top factor impacting their great user experience. IT professionals rated this 11% lower than end users. Further, even while 63% of both end users and IT professionals ranked fast logon and logoff times as the third most important factor to a great user experience, they diverge on what a “fast” logon time truly is. More than three in five (63%) end users believe an acceptable standard is a logon time of 30 seconds or less. In contrast, more than two in five (42%) IT professionals believe that an acceptable end user logon time can be as much as three minutes. In the area of productivity, 71% of end users believe a good desktop experience impacts the quality and productivity of their work. In contrast, just more than half (55%) of IT professionals say providing a great desktop experience to employees significantly impacts business outcomes. What’s frustrating end users is the lack of ability to personalize their desktops. In fact, over half (52%) feel their productivity would benefit from being able to personalize their computer. Of those that were permitted to personalize their desktop, nearly all (92%) recognized the value of their ability to personalize. Yet, the vast majority (95%) of IT professionals limit desktop personalization, with only 5% allowing end users to change their desktops in any way they like.“Our research shows that IT needs to take a much closer look at what end users want from their desktop experience,” said Jed Ayres, Senior Vice President of Marketing, AppSense. “IT professionals enforcing corporate security policies and limiting end user choice are preventing end users from working the way they want and slowing productivity.”Closing the Desktop Experience Gap between IT and End UsersAs IT organizations work to resolve the challenges end users face with their desktop experience, User Environment Management (UEM) technology is a compelling option. UEM enables IT organizations to centralize desktop security, management and personalization policies, allowing users to have greater desktop personalization while improving security, performance, desktop consistency, and reliability. The top six benefits delivered by UEM solutions directly solve the issues that both end users and IT professionals identified in the survey as essential to a great desktop experience:Faster logon times (63%)Preventing corruption and bloating of user profiles (52%)Tightly controlling application access (45%)Simplified image management (43%) Secure enterprise file sync and share (39%)Least privilege enforcement through granular admin rights (33%)Both end users and IT want a corporate desktop that works so well that it fades into the background. Collectively end users and IT want secure desktops that deliver fast logons, applications that perform at their peak, and speedy file access, all within a familiar consistent environment. When IT provides users with a desktop that gets out of their way and lets end users ‘just work,’ the business can realize significant benefits in terms of increased employee productivity, efficiency and engagement.About the AppSense 2015 Desktop Experience StudyPerformed by Dimensional Research, the AppSense 2015 Desktop Experience Study findings are based on an online survey of 868 IT and business professionals. It examined experiences with corporate desktops and how those impact employee productivity and business outcomes. The complete AppSense 2015 Desktop Experience Study is available to download by visiting http://go.appsense.com/Dimensional-Research-Report.html. About AppSenseAppSense is the leading provider of UEM solutions for the secure endpoint. AppSense user virtualization technology allows IT to secure and simplify workspace control at scale across physical, virtual, and cloud-delivered desktops. AppSense Solutions have been deployed by over 3,500 enterprises worldwide to over 8 million endpoints. The company is headquartered in Sunnyvale, CA with offices around the world. For more information please visit www.appsense.com.###Media Contact:Erin JonesAvista Public Relations for AppSense704-664-2170appsense@avistapr.com Source: RealWire
↧
↧
Avanan Building a Cloud of Clouds for Security
The startup exits stealth mode with a new approach to enabling security in the cloud.
There are a lot of vendors with different security technologies, any one of which might be helpful to an enterprise's cloud security aspirations. The goal of security startup Avanan is to enable enterprises to easily make use of any one—or multiple—security technology and apply it to cloud usage.
Gil Friedrich, co-founder and CEO of Avanan, said that the company closed an undisclosed seed round in August 2014 from Magma VC and StageOne Ventures. The company name "Avanan" is intended to be descriptive of what the company's technology is all about. Avanan is a combination of two Hebrew words that together translate to "cloud of clouds."
The basic premise behind the Avanan platform is that it provides its users with cloud versions of more than 60 security technologies from vendors such as Palo Alto Networks, Check Point and Symantec. Friedrich said that the vendor relationships that his company has vary from vendor to vendor.
"With some vendors, we have a very close relationship and we are their cloud go-to-market strategy," Friedrich told eWEEK. "Every time one of their customers needs a cloud solution with their technology, they send the customer to our platform."
With others vendors, Avanan represents a parallel effort to the vendor selling its own solution for cloud. What Avanan is seeing is that if a customer wants just a single vendor for a single software-as-a-service (SaaS) application, the customer may go directly to the vendor, according to Friedrich. However, in many cases, customers want technologies from several security solutions working in sync across multiple cloud apps, he said.
That's where Avanan's data analytics and workflow automation suites come into play, providing a different approach than what can be acquired directly from each individual vendor.
"But in all cases, from the third-party vendor's perspective we are another channel," Friedrich said. "For those vendors that do not offer a cloud solution of their own, we are the only channel into a very large and growing market."
Avanan connects directly to each cloud vendor's infrastructure using their native APIs, Friedrich said. "For each cloud vendor, Avanan has created customized versions of their native products that translate their data center functionality into our standardized security model," he said. "Each integration is unique and done with little or no development effort from the vendor."
The back-end Avanan infrastructure stack runs on Amazon Web Services and makes use of Ubuntu Linux as the operating system, PostreSQL as the database and Nginx as the Web server. The application layer provides data plane and policy automation capabilities that enhance the overall user experience and functionality of running multiple cloud security technologies.
Friedrich explained that the Avanan data plane normalizes all SaaS and security solutions to the same policy language.
"Every cloud policy, user, file and event is combined with the output of each of the security solutions to provide the most comprehensive view of the customer's cloud in one place," he said.
The policy automation piece is enabled by way of Avanan's policy engines that allow for easy policy creation and automated remediation.
"The engine can use real-time metrics from both the cloud or security vendors to enforce compliance policy or defend against real-time threats," Friedrich said. "This brings together all a customer's cloud deployments within their security policy. Information from multiple vendors can be used to monitor and enforce policy."
In Friedrich's view, by providing interoperability across technologies and management features, as well as an easier path to deployment, Avanan is an option over just going directly to any one security vendor.
The real strength of the Avanan platform, he emphasized, is in its governance platform.
"By connecting multiple SaaS applications into one policy engine, companies can now create rules that follow users and data as they move from desktop to data center and from cloud to cloud," Friedrich said. "This platform will expand to offer more powerful tools that will not compete with our vendor partners, but leverage them in a way that makes them each more powerful."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Blackhole Exploit Kit Makes a Comeback
Although the author of Blackhole was arrested in 2013, the exploit kit has risen again as malware developers make use of leaked code from the software.
The once-popular Blackhole exploit kit has returned, attempting to infect using old exploits but also showing signs of active development, according to researchers with security firm Malwarebytes.
Over the weekend, Malwarebytes detected attacks using older exploits for Oracle's Java and Adobe's Acrobat, but which attempted to deliver recently compiled malware. When Malwarebytes investigated, it found, behind the attacks, a poorly secured server that had Blackhole installed on it.
The return of Blackhole suggests that cyber-criminals may be reusing the code, which was leaked in 2011, Jérôme Segura, senior security researcher for Malwarebytes Labs, told eWEEK.
"Blackhole was well-written, and we have seen in the past, like with Zeus, that a lot of criminals do not reinvent the wheel," he said. "They will use older infrastructure and build on top of it."
Exploit kits are software programs used by cyber-criminals to infect victims and install malicious software. They are a basic building block for creating botnets and infecting users' systems to steal information.
The code for both the Zeus cyber-crime kit and the Blackhole exploit kit were released in 2011 within weeks of each other. Publicly released attack code can help criminals by giving them a common software platform on top of which to innovate. The release of the code for the Zeus banking Trojan, for example, led to the release of a large number of modules that helped cyber-criminals more easily launch advanced campaigns.
In October 2013, Russian authorities arrested the alleged author of the Blackhole exploit kit, and soon after a service that provided updates to the malware shut down.
While some criminals continued to use the software, the lack of new exploits meant that its effectiveness quickly declined, as security and software firms caught up to the code and users installed patches.
"We saw that, after the author got arrested, there were still customers who tried to keep using it, but the exploits got stale because they were no longer being updated," Segura said.
The return of the Blackhole exploit kit, installed on a server in the Netherlands, is a mystery. Portions of the program are being modified, but the current operation continues to use the same exploits, now ancient by Internet standards.
At first, Malwarebytes' researchers thought the attack may have been a prank, Segura said. Yet, a successful compromise delivered up-to-date malware that did not have recent detections on services such as VirusTotal.
Other possible explanations exist, he said.
"It may be a trap designed to track down honeypots, which typically have lowered security settings and would not get updated as often as consumer machines," he said. "If that were the case, their goal would be to identify security crawlers and scanners and add them to a blacklist."
It's unclear whether this is the rebirth of Blackhole, or a last hurrah before it disappears for good.
↧
Qylur System Uses Big Data to Improve Levi’s Stadium Security
New technology that is landing at Levi's Stadium takes a robust approach to physical security.
An unfortunate reality of the times we live in is the fact that any large gathering of people is potentially at ri...
↧
Chimera Ransomware Uses Peer-to-Peer for Decryption
A recent ransomware operation uses an uncommon peer-to-peer system to collect data about users and distribute the important security keys to those who are willing to pay to get their data back.
A ransomware program known as Chimera has adopted a relatively unknown peer-to-peer messaging system to communicate with the criminals’ command-and-control server, making investigating the infrastructure more difficult, according to security researchers.
The messaging system, known at BitMessage, is a communications system that allows messages to be encrypted, prevents spoofing and relieves the user of any need for key management. While the system is intended to help regular people secure their communications, criminals have adapted the software as well.
Chimera uses the peer-to-peer system to collect information about a victim’s system and then invokes a code key to encrypt their data, Chimera makes it much more difficult for investigators to find the servers used to manage the ransomware, Fabian Wosar, a developer for security-software firm Emisoft, told eWEEK in an e-mail interview on Nov. 19.
“It makes it a lot more difficult to shut the entire operation down, as it is not as simple as finding and closing down the malware author’s server,” he said. “The actual payments are done using Bitcoin, so tracking the payments is not more or less difficult than with most other ransomware these days.”
The Chimera ransomware gained attention earlier this month for its operators’ claim that they would publish data stolen from any victim who did not pay the ransom. Yet, security researchers argued that such functionality would be very difficult to efficiently manage. Currently, ransomware is profitable because the attack is very scalable, infecting and collecting money from a large number of victims is fairly easy. If data is stolen, however, it would mean a great deal of work for the criminals and could possibly leave a trail back to their operations, and making the crime more complex and hazardous.
In addition, Wosar, who analyzed the malware, found no code capable of stealing data from victims’ systems.
While its threat to publish victims’ private data has fallen flat, the Chimera ransomware’s use of a peer-to-peer encrypted messaging system poses a more significant danger, according to security researchers.
After it infects a victim’s system, Chimera will send information about the system and encryption keys to the operator of the scam, according to an analysis in malware information site BleepingComputer. When Chimera has finished encrypting a computer’s data, the program will create use a feature of BitMessage, known as a subscription, to act as a communication channel between infected systems and the command-and-control servers.
The subscription channel used by Chimera has reportedly fallen silent this week, suggesting that the ransomware operation may be changing its infrastructure or shutting down.
"At the time of this writing it does not look like the Chimera ransomware is active anymore, but with the success of this (encrypted) distribution method, I would not be surprised to find future malware that utilizes it," Lawrence Abrams, computer forensics expert and owner of BleepingComputer, wrote in his analysis.
Chimera first started infecting systems in Germany earlier this fall, according to security-information site Botfrei.
↧
↧
A Look at What Security Vulnerabilities Are Worth
Over the years, many vendors and security researchers have attempted to put a price on the value of a vulnerability. In some cases when bug bounties have been paid out, there has been transparency, while in others, the amounts have been shrouded in s...
↧
Context Information Security Joins “Bit9 + Carbon Black Connect” Alliance Program as an Incident Response Partner
LONDON, UK—November 23, 2015—Context Information Security has joined the “Bit9 + Carbon Black Connect” Alliance Program as an incident response (IR) partner. Bit9® + Carbon Black® is the market leader in Next-Generation Endpoint Security (NGES).As a “Connect” IR partner, Context uses Carbon Black in investigating and remediating cyber incidents and breaches for its customers. Context deploys Carbon Black across endpoints within their clients’ environments to hunt for and investigate evidence of compromise, revealing the entire “kill chain” of the attack. Using Carbon Black, their responders can quickly identify malware, attacker tools and their access, to develop an intelligent and informed response. This enhanced visibility enables Context to rapidly contain attacks and accelerate remediation efforts.“Carbon Black is an essential tool within our armoury. It is a key component in our investigations with its ability to interrogate the end point and to aid in our assessment of the forensic evidence left by the whole range of cyber threat actor groups during security breaches,” said Peter Barbour, Principal Investigative Consultant, Context. “Carbon Black in a cornerstone in our protection of our client base who rely on us to safeguard their reputation and prevent their customers from harm.”“Combining the remarkable skills of the Context Incident Response Team with the cutting-edge capabilities of Bit9 + Carbon Black has truly created a force to be reckoned with,” said Tom Barsi, vice president of business development for Bit9 + Carbon Black. “Context now has the ability to offer its customers the industry’s most comprehensive solution to protect endpoint devices, where the valuable data that their attackers are targeting resides.”About the “Bit9 + Carbon Black Connect” Alliance Partner ProgramThe “Bit9 + Carbon Black Connect” Alliance Partner Program integrates the leading endpoint and server security solution from Bit9 + Carbon Black with solutions from top companies in four categories:Incident responseManaged security servicesThreat intelligenceNetwork security, analytics and SIEMThis enables enterprises to create a unified defence against cyber threats. Enterprises that deploy the Bit9 Security Platform and/or Carbon Black with certified alliance partners’ offerings experience a fully integrated strengthening of their security posture, a decrease in their total cost of ownership, achievement of faster deployment times, and gain increased value from their integrated solutions.About Context ISContext is an independently managed cyber security consultancy, founded in 1998. Our broad service portfolio covers the areas of security penetration testing and assurance, incident response and investigations, and technical security research.We specialise in providing network security monitoring and incident response services, with offerings across the full spectrum of consultancy - from training and familiarisation through to rapid incident response and long-term dedicated monitoring. These services have been designed and honed through extensive experience to give organisations the support and capability they need to effectively and efficiently detect, respond to and protect against the most sophisticated cyber threats.In recognition of our capability and reputation in this area Context were among the first companies to be accredited under the joint CESG and CPNI run Cyber Incident Response Scheme and we are one of only five companies currently accredited under this scheme.ContactCathy O’NeillSpark Communications Ltd,cathy@sparkcomms.co.uk +44 (0)20 7436 0420Source: RealWire
↧
Starwood Hotels Fell Victim to Data Breaches at 54 Locations
Starwood Hotels and Resorts is investigating data breaches at 54 locations. Attackers gained access to credit card information.
Starwood Hotels and Resorts reported that it was the victim of data breaches affecting its properties in the United States and Canada. Starwood owns the Sheraton, Westin, St. Regis and W hotel brands.
Different Starwood hotels were affected for varying periods of time, with the earliest breach likely occurring on Nov. 5, 2014, at the Walt Disney World Dolphin, Sheraton hotel. Other locations, such as the Sheraton Boston, Dallas and Denver hotels, were affected starting on March 2 of this year. The breaches were all contained inside of June 30.
Starwood stated in a notice to customers that as soon as the issue was discovered, the hotel chain started to work with third-party forensic experts to investigate.
"We do not know who did this," a Starwood spokesperson told eWEEK. "We are working closely with law-enforcement authorities to help identify the criminals."
The malware affected point-of-sale systems at a 54 Starwood hotel locations. The attackers gained access to credit card information, including cardholder name, card number, security code and expiration dates.
"The malware no longer presents a threat to customers using payment cards at our hotels," the spokesperson said. "We continually assess our security practices based on the current threat environment and are focused on addressing this issue."
Security experts eWEEK contacted were somewhat surprised at the amount of time it took for Starwood to disclose the breach, as well as the timing of the disclosure.
"It's very concerning that it took such a long time to disclose it—five or six months," Andy Hayter, security evangelist at G DATA, told eWEEK. "From what Starwood disclosed, the reservation system was not impacted, which is probably the only positive news coming out of this massive breach."
JP Bourget, CEO of Syncurity, a Mach37 company, is particularly concerned about the timing of the Starwood disclosure. Marriott International recently agreed to acquire Starwood for $12.2 billion.
"I suspect in the future these sorts of breaches may have an economic impact on merger and acquisition deals in progress," Bourget said.
Scott Petry, CEO of Authentic8, commented that the unfortunate reality is that breaches are a fact of life. As such, people should expect them to occur and take steps to protect themselves.
"This is yet another example of how even major brands with plentiful resources can be breached," Petry said. "Criminals may target specific large brands and make the news, but the majority of breaches happen through malware infections and broad exploits that indiscriminately attack users from even the smallest organizations—and these organizations clearly don't have the resources to detect or remediate breaches effectively."
For consumers, the Starwood breach serves as yet another potential risk to credit cards and personal information.
Wayne Crowder, director of threat intelligence at RiskAnalytics, commented that consumers in this day and age need to be watching and questioning suspicious charges on their accounts.
"The consumer and banks in many instances are the first to discover fraud from stolen credit or debit cards," Crowder said.
Bourget suggested that consumers not use debit cards to make purchases since the potential liability for not noticing fraud quickly is higher than with a credit card. He also suggests that consumers choose a credit card provider that allows them to set up alerts on transactions over a certain dollar amount.
Hayter also emphasized the need to monitor all credit card transactions. "Many bad guys will use small transactions first to see if an account works or if it is being monitored," Hayter said. "If they feel comfortable with the account, they will then spend big on your behalf, stealing all your money and savings."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
How Android Malware Lurks in Adult Apps
Zscaler finds two instances in which mobile malware authors are luring victims with lurid Android apps.
Android mobile malware is able to infiltrate user devices in many ways and, according to security firm Zs...
↧
↧
Startup Fortscale Updates Security Suite, Banks $16M in VC
Fortscale's user behavior-analytics package can identify and eliminate insider threats by using machine learning, analytics capabilities and context-based alerting.
Fortscale Security, a new-gen security softw...
↧
Real-time analytics and money-saving specialist EveryWare launched
EveryWare uses the Internet of Things to save businesses moneyStratford-upon-Avon, 24 November 2015: A pioneering real-time analytics specialist – EveryWare – has today been launched, with the aim of saving businesses money in areas that they are yet to recognise.EveryWare identifies the inefficiencies that are costing businesses money through the use of retrofit sensors and Internet of Things technology, allowing them to resolve issues instantly and remotely, before they escalate. It is born from the desire to provide a responsive, interoperable, easily integrated, tailored analytics solution to enterprises that cannot or do not wish to use one of the giant enterprise software systems.“What differentiates us is that we are entirely vertically integrated. We manufacture the sensors, the software and the interface in house. No outsourcing, no middle man. You can find us all in one place,” said Nigel Maris, Managing Director of EveryWare and Founder and Managing Director of its sister company, Assembled Electronics Solutions (AES). “This makes us cost effective, scalable, nimble and responsive – something that the larger enterprise software providers struggle to be.”The technology is tailored specifically to problems encountered in each individual business across a wide range of sectors – including manual handling, healthcare and green energy. The main focus is to simplify the process of obtaining appropriate data in the areas that are costing businesses money or potentially need to be controlled to avoid a crisis situation. This in turn gives companies the chance to react effectively on receiving real-time data. “The process breaks down into three main stages: local sensing though sensors that can be fitted retrospectively, local control via a Smarthub and remote monitoring from anywhere in the world via any handheld device,” said Tom Screen, Technical Director of EveryWare. “The back-office Smarthub tracks data gathered by sensors in the workspace, which is then synced in real time to a cloud platform for storage. Management can connect directly to the Smarthub from a remote device by using a secure access code to receive a real-time overview of the workspace, broken down by function.”EveryWare devices notify management if the sensors detect that pre-determined parameters have been exceeded, ensuring that they have complete control at all times.EveryWare utilises the experience of its sister company AES’, in the manufacture of its sensors and Smarthubs, meaning that everything is designed, developed and produced in house. AES has produced electronics devices for applications across multiple sectors – such as automotive, medical, security and aerospace – since 2009. For more information about EveryWare, please visit everyware.uk.com Follow EveryWare on Twitter - @EveryWareUKENDSABOUT AES AND EVERYWARE:Assembled Electronics Solutions was established in 2009 with a focus on creating value for clients using innovation, design and technology to bring new products to market or to extend the life-cycle of existing products.With its origins in the UK manufacture of printed circuit boards for more than forty years, AES has manufactured electronics devices for applications as diverse as automotive lighting, airborne and underwater systems, medical equipment and security devices.Innovation and problem solving is at the heart of the business. The vibrant and creative culture within AES attracts corporate clients seeking a focused design and manufacturing partner that is able to grasp corporate requirements whilst remaining lean and responsive. The variety of projects stimulates innovation whilst exposing the design team to emerging technologies.EveryWare utilises the electrical manufacture expertise of AES in the development of its sensors, which can be retrofitted to equipment to measure any parameter – from temperature to impact to energy usage – and reports back to a back-office Smarthub in real time. This data is then accessible to management through any computer or hand held device, allowing them to monitor data and make instant changes from anywhere in the world.PRESS CONTACT:Proactive PRLouis Peake+44 (0)1636-812152louis.peake@proactive-pr.com Source: RealWire
↧
AdaptiveMobile releases intelligence report detailing how new Grey Route approaches to exploit operator revenues are appearing across the globe
Company identifies hundreds of millions of dollars in missed revenue opportunities for operator networksDUBLIN AND DALLAS, 24 November, 2015 – AdaptiveMobile, the world leader in mobile network security, has released a new report entitled ‘Turning Grey into Gold – AdaptiveMobile Threat Intelligence Unit Analysis on Recapturing A2P Messaging Revenue,’ revealing that mobile operators worldwide are missing out on millions of dollars per annum due to A2P (application-to-person) SMS bypass fraud. These findings come after AdaptiveMobile was commissioned to undertake real-time analysis of networks in every region of the globe. Grey route traffic is extremely resilient; it’s pervasive nature and ability to continuously find new ways to enter networks makes it harder for operators to detect and gain control of these routes. Through analyses of network data collected across five continents, AdaptiveMobile has verified that A2P SMS bypass fraud is significantly affecting operator revenue opportunities and will continue to grow until a security solution is put in place. A CAGR of 127% is predicted for the Enterprise A2P Messaging Market by 2020, making it worth $7.5 billion USD and a considerable challenge for operators around the globe. AdaptiveMobile’s report details how one African operator was able to recapture more than $44 million USD per annum through deployment of the Company’s Grey Route Controls Service.“Every day, operators are being exposed to financial exploitation of their networks.” said Cathal Mc Daid, Head of AdaptiveMobile’s Threat Intelligence Unit. “Grey routes are omnipresent – every single operator worldwide is affected by varying degrees of this issue – and a comprehensive security solution should be deployed to detect and block suspicious A2P activity, without infringing on legitimate A2P and P2P (person to person) messages."AdaptiveMobile’s report highlights the primary areas of revenue loss as Inbound Grey Routes and Outbound SIM Banks and outlines the privacy and security concerns facing top brands should this challenge be left unresolved. The financial exploitation arising from a lack of A2P messaging protection can be protected through grey routes control solutions. AdaptiveMobile’s solution is unique as it enables multiple business models to manage grey routes, detecting and blocking where the grey route moves, ultimately protecting the operator and allowing them to achieve maximum revenue.The full report can be accessed here: http://www.adaptivemobile.com/downloads/turning-grey-into-gold. If you would like to discuss your network protection requirements in more detail, please contact sales@adaptivemobile.com. About AdaptiveMobile:AdaptiveMobile is the world leader in mobile network security protecting over one billion subscribers worldwide and the only mobile security company offering products designed to protect all services on both fixed and mobile networks through in-network and cloud solutions. With deep expertise and a unique focus on network-to-handset security, AdaptiveMobile’s award-winning security solutions provide its customers with advanced threat detection and actionable intelligence, combined with the most comprehensive mobile security products available on the market today. AdaptiveMobile’s sophisticated, revenue-generating, security-as-a-service portfolio empowers consumers and enterprises alike to take greater control of their own security.AdaptiveMobile was founded in 2004 and boasts some of the world’s largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The Company is headquartered in Dublin with offices in North America, Europe, South Africa, Middle East and Asia Pacific. Source: RealWire
↧
More Pages to Explore .....
