AlienApps Roundup – Box, Cloudflare, Palo Alto Networks, Salesforce, ServiceNow, Zscaler, Checkpoint

Having a detection and response strategy and tools has long been a leading indicator of a mature, well-funded security organization.  The cost of tools, and expertise required to operate them, has long created an uneven playing field in the security industry.
Here at AT&T Cybersecurity, we believe that security, specifically detection and response, is something that should be available to every business, independent of size or the number of security experts working there.  Ever since we launched USM Anywhere, we have endeavored to bring detection and response “to the masses” by simplifying the process as much as possible, including providing integrations with third party tools via “AlienApps”.
These AlienApps are helper applications that collect data from a customers’ environment and cloud services, provide handy consolidated dashboards, and enable customers to take response actions without having to ever leave the USM Anywhere…

Posted by: Rich Langston

Read full post

      

The post AlienApps Roundup – Box, Cloudflare, Palo Alto Networks, Salesforce, ServiceNow, Zscaler, Checkpoint appeared first on Cybersecurity Insiders.

August 01, 2020 at 09:11AM

Read More

Secure remote access explained

This blog was written by a third party author
As the business world adjusts to the chaotic landscape of today’s economy, securing access from remote devices and endpoints has never been more critical. Equally critical is the requirement for organizations and their employees to practice good security hygiene.
With the rising number of endpoints (laptops, servers, tablets, smartphones) requiring access to corporate networks, the range of attackable targets for malicious actors has broadened substantially.
As more companies adopt a remote workforce, time must be taken to reinforce cybersecurity policies and best practices to address the introduction of new cyber risks and vulnerabilities.
Therefore, secure remote access should be a crucial element of any cybersecurity strategy.
What is secure remote access?
Secure remote access refers to any security policy, solution, strategy or process that exists to prevent unauthorized access to your network, its resources, or any confidential or sensitive…

Posted by: Mark Stone

Read full post

      

The post Secure remote access explained appeared first on Cybersecurity Insiders.

August 01, 2020 at 09:10AM

Read More

Virginia sees Q2 tech job growth amid COVID-19, fueled by Fairfax County; state shines in business climate rankings

FAIRFAX COUNTY, Va.–(BUSINESS WIRE)–Dice, a leading tech-career hub connecting employers with skilled technology professionals, issued its Q2 Tech Job Report revealing that job postings in Virginia during the coronavirus (COVID-19) pandemic rose 11 percent compared to the second quarter of 2019. Three Virginia-based employers named in the Dice report – General Dynamics, Leidos and Booz Allen Hamilton – are all headquartered in Fairfax County.

“The Board of Supervisors last year funded the Fairfax County Economic Development Authority’s (FCEDA) talent attraction and retention initiative because of a critical shortage of skilled workers particularly in technology sectors, and with this report we see that vision paying off as many of our companies continue to hire for tech positions even during the pandemic,” said Fairfax County Board of Supervisors Chairman Jeffrey C. McKay.

In terms of year-over-year changes, Virginia was the only state in Dice’s top four list to report an increase in quarterly job postings. In comparison, Dice reported declines in California, Texas and New York job postings of 28 percent, 2 percent and 34 percent, respectively.

During 2019 and 2020, name-brand tech companies have chosen Fairfax County and Northern Virginia to expand their footprint: Microsoft, Amazon Web Services, Google and Facebook all made location decisions in Fairfax County since Q2 2019.

“The fact that companies continued to hire in Virginia for tech talent during the pandemic, as seen in the Dice report, highlights the resilience of the economy here relative to other places – and spotlights how strong a technology community we have here,” said FCEDA President and CEO Victor Hoskins.

This week, Virginia also ranked highly across a variety of categories in the 2020 State Rankings by Business Facilities, a national publication that is a location source for corporate site selectors and economic development professionals:

• No. 1 in Cybersecurity Leaders
• No. 1 in Digital Infrastructure
• No. 1 in Unmanned Aerial Systems
• No. 2 in Business Climate
• No. 3 in Workforce Development/Talent Attraction

The 16th annual rankings by Business Facilities highlights how Virginia has taken a leadership position in cloud computing and cybersecurity, as the top-ranked state in the publication’s Cybersecurity Leaders ranking. Fairfax County is the U.S. hub for cybersecurity and national-defense assets thanks to its robust cyber cluster, which includes more than 500 firms ranging from startups to Fortune 500 companies. In fact, of the top Cybersecurity 500 global firms, more than 50 have a presence in Fairfax County, with nearly half of those headquartered in the area.

“The Business Facilities rankings are exactly the kinds of input that business executives want to see when they evaluate location decisions – what kind of business environment can they rely on,” added Hoskins.

Boasting 8,700 technology establishments and more than 50 Cybersecurity 500 firms, Fairfax County is a proven resilient tech hub. It is the business hub of the Washington, D.C., area, which is projected to add more than 130,000 tech jobs within the next five years, outranking cities such as San Francisco and Austin.

Earlier this month, CBRE, the world’s largest real estate firm, issued its 2020 Scoring Tech Talent report that ranks the 50 largest technology markets in the U.S. and Canada. The Washington area jumped two spots to number 2, behind only the San Francisco Bay area. The CBRE scorecard uses 13 metrics to measure each market’s depth, vitality and attractiveness to companies seeking tech talent and to tech workers seeking employment.

The Fairfax County Economic Development Authority promotes Fairfax County as a business and technology center. In addition to its headquarters in Tysons, Fairfax County’s largest business district, the FCEDA maintains business investment offices in six important global business centers: Bangalore/Mumbai, Berlin, London, Los Angeles, Seoul and Tel Aviv. Follow the FCEDA on Facebook, Instagram, LinkedIn, Twitter and YouTube.

The FCEDA is a member of the Northern Virginia Economic Development Alliance. Other members are the Alexandria Economic Development Partnership, Arlington County, City of Fairfax, City of Falls Church, Fauquier County, Loudoun County, City of Manassas, City of Manassas Park and the Prince William County Department of Economic Development.

The post Virginia sees Q2 tech job growth amid COVID-19, fueled by Fairfax County; state shines in business climate rankings appeared first on Cybersecurity Insiders.

August 01, 2020 at 09:09AM

Read More

Industry Insights: Hardware Hacking Trends That Are Top of Mind For Leaders Today

By Brad Ree, CTO, ioXt Alliance

As the Internet of Things device volumes and consumer use continue to increase, there has simultaneously been an uptick of innovative and sophisticated attacks on this technology. As of December 2019, according to SonicWall’s 2020 Cyber Threat Report, there were 34.3 million attacks in total, and this number is only expected to rise. With newly manufactured IoT devices introduced to the market each year as well, an increase of attacks should not only be expected, but strategically planned for. It’s no longer a matter of if, rather, when they will happen.

With IoT devices still at serious risk, it’s important that industry stakeholders understand the current landscape of the technology, from identifying various potential vulnerabilities to knowing how to secure IoT devices from future threats and take action accordingly. Recently, the ioXt Alliance held an industry conference where leaders came together to share their insights on these topics, and discuss top-of-mind trends specifically related to hardware hacking, as well as the most effective ways to identify and secure devices against hardware hackers. Below are just a few highlights from the event’s sessions.

3 areas of security that are failing

During the Cold War, scientists created the internet as a new way for government leaders to safely communicate and share information. Fearful of an attack from the Soviet Union on the nation’s telephone system, the internet was developed to successfully withstand any nuclear weapons or missile fire – and physical access to the network was therefore limited to an invited and approved set of users. At the time, security — inherently — wasn’t as big of a concern for scientists for this kind of closed system and applications were installed on an as needed basis for any further security instead (versus including security from the ground up).  According to Bruce Schneier, author, Schneier on Security, the consequences of this are still present in 2020, leaving long-standing security systems to fail as the World Wide Web and IoT devices become even more linked today.

One of the first areas that are failing according to Schneier is patching. Embedded systems, including computers and phones, have teams of engineers who do the best to secure these devices right off the bat, and when a vulnerability is discovered, this team quickly and efficiently works to build a security patch. Unfortunately, considering today’s competitive market pressures around consumer electronics devices combined with the exorbitant amount of devices per model and the long lifespan of each device – companies today can’t always justify the cost of employing an engineer to staff each of their security updates. This is especially true for low-cost embedded systems, such as DVRs and home routers, which continue to exist without any security teams associated with them and therefore no effective way to patch them. In fact, the only way to “patch” these devices is to essentially throw them out and get new ones.

Another area that is failing is authentication. Manual passwords barely work, two-factor authentication is good but not for every situation, and backup authentication is unreliable. Over time, there is going to be an increase of “thing-to-thing” authentication and it’s important that this is able to scale accordingly. For example, a smartphone (thing 1) will automatically sync with a car’s system (thing 2) when a user enters a car — but it’s important to note that this was originally authenticated manually by the user. This manual authentication is simple when there are few devices, but it’s nearly impossible when it reaches a larger scale of hundreds to thousands of devices.

Schneier’s last noted area was around how supply chain security is also failing, mainly since it’s incredibly difficult. Over the past few years, there have been concerns if certain countries and the equipment and software that they provide could be trusted. But where does that leave manufacturers? If a smartphone was sourced solely in the U.S., it would be incredibly expensive, yet manufacturers need to be able to trust their different forms of mechanisms, including distribution, updates and shipping.

However, the biggest conundrum is that manufacturers can’t trust anyone, but need to trust everyone in tandem. According to Schneier, this boils down to a policy problem, rather than a problem with trust. Since everyone uses the same devices, security must either be built for everyone or built for no one; adding backdoors are easier for those in the FBI to eavesdrop for the greater good, but it’s also easier for the everyday consumer to eavesdrop. Our systems are too fragile, so if security for systems is to be taken seriously in a world where consumer devices have national security implications, resilience must also be a leading factor.

Thinking like a hacker is key

In order to build better, more secure products, Ted Harrington of Independent Security Evaluators explained that manufacturers need to understand how to find vulnerabilities as part of an overall approach — which includes thinking as a hacker would. All attackers need to find is one – only one – weakness in a manufacturer’s product to wreak havoc, meaning manufacturers needs to defend against any and all attack vectors in order to be truly secure. One of the issues is that most manufacturers think of security as an automated process and solely rely on tools to detect vulnerabilities, assuming that a one and done scan will suffice. However, evaluating the true weaknesses of devices goes beyond a scan and is actually better suited as a manual process, often most successful when done by someone with the necessary skills and experience.

To be most effective, it’s critical to first understand what a developer was thinking when they created the hardware in the first place, and what they assumed – at the time – the consumer would and wouldn’t do with it. Combining this insight on flawed developer assumptions with analysis on how the device can be used maliciously, the resulting overlap highlights where the most critical security vulnerabilities sit and how they can be identified.

This is shown to be a common thread in various hardware hacking techniques, which Harrington identified as abuse functionality, chain exploits, and unknown unknowns. Abuse functionality is taking the way a system is built and using its features to sabotage itself and go against the way developers had intended, whereas chain exploits is linking multiple system exploits together to amplify its effects, and unknown unknowns simply means that it’s imperative to identify things we don’t even know we don’t know – not an easy feat but one that must be tackled.

The current landscape of physical security

Over the last 20 years, attacks on IoT devices predominately happened remotely through the internet or cloud, but according to Mike Dow, Senior Project Manager, IoT Security of Silicon Labs and ioXt Alliance board member, there has been a big shift towards local attacks on the physical device today. Since experts are becoming more aware of remote attacks, hackers have since adjusted their hacking methods to pursue other avenues, focusing more on things like operational technology (OT), such as fire alarm systems, building control systems, and MRP systems.

A high-rise in New York City could now be a prime target. If hackers are able to gain access to the building’s fire alarm and security systems, they can trigger the alarm and empty the building, despite there not being an actual fire. From there, they can even lock the doors to keep everyone from re-entering the building, only relinquishing control for a large ransom. This is, of course, just one example of this kind of exploitation, but it demonstrates just how far hackers have come and how sophisticated and detrimental their attacks can be.

But unlike 20 years ago, governing bodies and industry organizations are now going beyond just acknowledging these kinds of risks, and are actually starting to take action against it.  States such as California and Oregon for instance are creating regulations around IoT security, and organizations such as NIST in the U.S. and ETSI in Europe have created security best practices and guidelines for connected devices.

While these are steps in the right direction, the insights shared above along with other session discussions has further exposed the great deal of work that still needs to be done when it comes to IoT security, especially for physical devices. It also further highlights the pitfalls of today’s fragmented and isolated tactics and the increasing need for harmonized, globally adopted and replicable IoT security standards — like those proposed by the ioXt Alliance and its participating industry leaders. As the industry continues to address these issues head on, this approach will be what sets companies up for real success, and why above all, technology leaders, manufacturers, and regulators must band together to keep brands and their consumers safe from cyber harm.

Brad Ree (CTO, ioXt Alliance)

Brad Ree is chief technology officer of ioXt. In this role, he leads ioXt’s security products supporting the ioXt Alliance. Brad holds over 25 patents and is the former security advisor chair for Zigbee. He has developed communication systems for AT&T, General Electric, and Arris. Before joining ioXt, Brad was vice president of IoT security at Verimatrix, where he led the development of blockchain solutions for ecosystem operators. He is highly versed in many IoT protocols and their associated security models.

 

The post Industry Insights: Hardware Hacking Trends That Are Top of Mind For Leaders Today appeared first on Cybersecurity Insiders.

August 01, 2020 at 02:47AM

Read More

Vulnerability scanning explained

This blog was written by a third party author
What is vulnerability scanning?
Vulnerability scanning is the process of detecting and classifying potential points of exploitation in network devices, computer systems, and applications. This is done by inspecting the same attack areas used by both internal and external threat actors—such as firewalls, applications, and services that are deployed either internally or externally—to gain unauthorized access to an organization’s network and assets. Scans are compared against a database of known vulnerabilities to see security gaps in networks, systems, and applications to be identified—and fixed—quickly.
Who performs vulnerability scans?
Scans are performed by internal IT security teams or managed security service providers (MSSPs), as part of a vulnerability assessment that should be a part of a greater vulnerability management program. In some cases, scans are mandated by compliance regulations and require external…

Posted by: Nick Cavalancia

Read full post

      

The post Vulnerability scanning explained appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

Bitglass adds Middle East & Africa Local Edge Data Centers

June 29, 2020, Dubai: Bitglass is pleased to announce Local Edge Data centers in Dubai, United Arab Emirates; Fujairah, United Arab Emirates; Manama, Bahrain; Tel Aviv, Israel; Cape Town, South Africa; Johannesburg, South Africa and Nairobi, Kenya

  

The post Bitglass adds Middle East & Africa Local Edge Data Centers appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

Enhancing Speed and User Experience with Bitglass SASE

In an environment where the surge in remote workers makes the discussion on security solution performance more pronounced, we’ve recently observed a wave of security teams approach us with a natural question: “When we proxy traffic with other tools, we see latency. Will your platform introduce latency into our experience?” 

In short, no. In fact, your user experience improves.

The post Enhancing Speed and User Experience with Bitglass SASE appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

3 Steps to better cybersecurity in touchless business solutions (Part 3 of 3)

This blog was written by an independent guest blogger
Image Source
 
In Part 1 and  Part 2 of this series, we covered the first two steps to better cybersecurity in touchless business solutions, which is to practice extra caution in cashless payment solutions, and to heighten cybersecurity and data protection protocols.
We conclude this series by discussing the third step to improve cybersecurity for touchless systems, which is to automate wherever possible through innovative technologies.
We will discuss automation being implemented in 2 industries severely affected by the pandemic, with recommended preventive measures against cyber-attacks that keep both business and clients secure.
Automate wherever possible through innovative technologies
The food industry is probably one of the most affected in the wake of the pandemic. Restaurants had to close almost immediately. From established food chains to small business operators, the need to quarantine nearly drove the market to a standstill. 
But…

Posted by: Mayleen Menez

Read full post

      

The post 3 Steps to better cybersecurity in touchless business solutions (Part 3 of 3) appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

Bitglass adds Europe Local Edge Data Centers

July 6, 2020, London, UK; Bitglass is pleased to announce Local Edge Data centers in Amsterdam, The Netherlands; Athens, Greece; Berlin, Germany; Brussels, Belgium; Bucharest, Romania; Budapest, Hungary; Copenhagen, Denmark; Dublin, Ireland; Dusseldorf, Germany; Frankfurt, Germany; Hamburg, Germany; Helsinki, Finland; Lisbon, Portugal; Madrid, Spain; Manchester, England; Marseille, France; Milan, Italy; Munich, Germany; Oslo, Norway; Palermo, Italy; Paris, France; Prague, Czech Republic; Sofia, Bulgaria; Stockholm, Sweden; Vienna, Austria

The post Bitglass adds Europe Local Edge Data Centers appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

SmartEdge is a Key Enabler for a Modern Remote Workforce

To protect enterprise data, IT teams have to counter risks on two fronts: (a) insider risks, i.e. threats from within the organization, such as employees handling sensitive data and (b) outsider risks, i.e. those originating from malicious external sources.

Data loss prevention (DLP) capabilities within a CASB (Cloud Access Security Brokers) solution have emerged as the most effective platform to prevent legitimate remote users from accidentally or maliciously sharing business data that could put an organization at risk.  Providing visibility into all types of cloud-based applications (SaaS, IaaS and PaaS) running across all types of devices, both managed and unmanaged, is a prerequisite for securing business data against insider threats. Add-in real-time access control, and threat protection for managed apps, and IT has the full toolset needed to fast track cloud adoption while de-risking breaches caused by internal users.

The post SmartEdge is a Key Enabler for a Modern Remote Workforce appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

Bring Your Own Device: Bitglass’ 2020 Personal Device Report

The surge of unmanaged devices syncing corporate data in recent months has served as a catalyst for BYOD (bring your own device) adoption. The way business is conducted is changing on a larger scale, and the integration of SaaS (software as a service) applications via the cloud is transcending individual and organizational productivity.

The post Bring Your Own Device: Bitglass’ 2020 Personal Device Report appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

Cost-Effective Cloud Security for the Modern Enterprise: Part 2

Due to recent global events, conducting business has been an uphill battle across industries around the world–more so than ever before. While facing a decelerating global economy, organizations are still responsible for enabling their own remote workforce, protecting data and defending against cyberthreats, and reducing costs. Unfortunately, enterprises that manage disjointed security solutions experience a myriad of unnecessary financial costs, tied to operational bottlenecks, high management costs, and more.

The post Cost-Effective Cloud Security for the Modern Enterprise: Part 2 appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

Bitglass Security Spotlight: Over 15 Billion Usernames and Passwords Are Now Available on the Dark Web

Here are the top stories of recent weeks:

• Bank Details to Streaming Services, It Is All Available on the Dark Web
• North Korea Is Linked to a Recent Cyberattack on US Enterprises
• TikTok Mobile App on the Verge of Being Banned Due to Surveillance Concerns
• Serious Security Concerns Over Smartwatch Tracker API Vulnerability
• Nearly 100k Customers Exposed in Leaky Database Belonging to Fitness Platform

The post Bitglass Security Spotlight: Over 15 Billion Usernames and Passwords Are Now Available on the Dark Web appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

Security Architecture podcast and the Bitglass SASE

With the rapid growth of the remote workforce, organizations are in need of a comprehensive security platform that offers a plethora of capabilities for securing today’s business environment. Recently, on Security Architecture, a podcast that covers best security practices, Bitglass’ VP of Product Management, Mike Schuricht, discussed the topic of secure access service edge (SASE), outbound browsing, and how they work.

The post Security Architecture podcast and the Bitglass SASE appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:13PM

Read More

ExtraHop Announces New Compliance for HIPAA National Health Information Protection Standards

SEATTLE–(BUSINESS WIRE)–ExtraHop, the leader in cloud-native network detection and response, today announced independent validation for Health Insurance Portability and Accountability Act (HIPAA) policies, procedures, and technology conducted by third-party assessor, CoalFire.

The urgent shift to teleworking, an accelerated move to the cloud, and an influx of security attacks on vulnerable systems have driven healthcare organizations to reassess priorities to ensure they can detect and stop breaches in the ever-evolving threat landscape. Health organizations can now easily utilize ExtraHop Reveal(x) for broad visibility into every device accessing the network, streamlined threat hunting, and detection of often missed threats that move laterally in the east-west corridor.

The assessment of ExtraHop Reveal(x) for HIPAA was conducted and verified by CoalFire, a third-party assessment firm, to help healthcare organizations satisfy their compliance requirements including the Breach Notification Rule as formalized by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the Omnibus Rule of 2013. Compliance with these standards confirms to healthcare organizations that the administrative, physical, technical and organizational regulations and procedures of ExtraHop Reveal(x) meet HIPAA requirements.

“Our commitment to our healthcare customers requires us to hold ourselves to the highest standards and passing the HIPAA assessment is one step on that journey,” said Jeff Costlow, Deputy CISO at ExtraHop. “All organizations are under great pressure to ensure they don’t get breached and network detection and response is proving to be critical to this effort for healthcare organizations.”

In addition to HIPAA, ExtraHop Reveal(x) maintains a comprehensive set of compliance standards and certifications to ensure the highest level of security and privacy assurance for customers around the globe including:

• NIST CSF and NIST SP 800-53 — ExtraHop’s information security policy is based on the NIST Cybersecurity Framework, which offers standards, guidelines and best practices to manage cybersecurity risk.
• SOC 2 and SOC 3 — These are third party audits of a company’s processing controls pertaining to consumer data.
• General Data Protection Regulation (GDPR) — This law is intended to improve the privacy, security, and transparency in the use of personal data for European citizens.
• US Privacy Shield — This is a framework offering a way for US companies to comply with GDPR.

To learn more about how ExtraHop works with Healthcare organizations visit: https://www.extrahop.com/solutions/industry/healthcare/.

To learn more about ExtraHop compliance and certifications, visit: https://www.extrahop.com/compliance/.

About ExtraHop
ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to all cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world’s leading enterprises including The Home Depot, Credit Suisse, Liberty Global and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud. To experience the power of ExtraHop, explore our interactive online demo or connect with us on LinkedIn and Twitter.

© 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc.

The post ExtraHop Announces New Compliance for HIPAA National Health Information Protection Standards appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:11PM

Read More

Attivo Networks Joins IBM Security App Exchange Community

FREMONT, Calif.–(BUSINESS WIRE)–Today, Attivo Networks^®, an award-winning leader in deception for cybersecurity threat detection, announced an integration with IBM Security Resilient, the company’s security orchestration, automation and response (SOAR) platform. This integration enables organizations to respond rapidly to detected threats by reducing false-positive alerts and excessive manual intervention. The Attivo Networks ThreatDefend^® BOTsink^® solution integration for Resilient configures quickly to give organizations the ability to combine early and accurate detection with automated security orchestration.

The BOTsink solution is available to the security community through IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. As threats are evolving faster than ever, collaborative development amongst the security industry helps organizations adapt quickly and speed innovation in the fight against cybercrime.

Attivo BOTSink solution integrates with Resilient, which accelerates incident response with its orchestration and automation capabilities, to investigate and mitigate threats. Leveraging Resilient’s open application programming interfaces (APIs), Attivo BOTSink for Resilient allows Attivo Networks and Resilient customers to automate security orchestration, reduce triage times, and accelerate incident response. Organizations gain accurate detection early in the attack cycle, which can trigger incident response playbooks and leverage automation, for faster response. It also provides forensic evidence collection and attack activity recordings that organizations can leverage for threat intelligence development. Resilient can dynamically deploy decoys from the BOTsink as part of an orchestration playbook to add on-demand deception coverage in response to detected activity.

“Once attackers bypass existing prevention mechanisms, they have the freedom to move around and can remain undetected for extended periods. Organizations need solutions that excel at finding in-network threats without relying on known signatures or attack patterns,” said Tushar Kothari, chief executive officer of Attivo Networks. “The accuracy of this joint solution, coupled with its accelerated response, gives organizations the ability to deal with threats quickly to minimize the time attackers have to remain undetected within the network.”

The Attivo BOTsink integration for Resilient is available on the IBM Security App Exchange ecosystem. To learn more, please visit the Attivo Networks solution page or view the integration partner brief. Register here to attend the webinar entitled, “Be Resilient with IBM and Attivo Networks,” August 19^th at 11:00 am Pacific time.

About Attivo Networks
Attivo Networks^®, the leader in cyber deception and lateral movement attack detection, delivers a superior defense for revealing and preventing unauthorized insider and external threat activity. The customer-proven Attivo ThreatDefend^® Platform provides a scalable solution for derailing attackers and reducing the attack surface within user networks, data centers, clouds, remote worksites, and specialized attack surfaces. The portfolio defends at the endpoint, Active Directory and throughout the network with ground-breaking innovations for preventing and misdirecting lateral attack activity. Forensics, automated attack analysis, and third-party native integrations streamline incident response. The company has won over 130 awards for its technology innovation and leadership. For more information, visit www.attivonetworks.com.

The post Attivo Networks Joins IBM Security App Exchange Community appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:11PM

Read More

Onapsis to Demonstrate Importance of SAP Security During Black Hat USA 2020

BOSTON–(BUSINESS WIRE)–Onapsis, the leader in mission-critical application cybersecurity and compliance, today announced that members of Onapsis Research Labs are presenting significant SAP cybersecurity research at Black Hat USA 2020. In its 23^rd year, Black Hat USA is the world’s leading information security event, which brings together the best minds in the industry. This year’s virtual format will provide remote attendees with the latest security research, developments, and trends.

During the event, Onapsis will showcase its latest threat research for SAP Solution Manager (SolMan). Onapsis researchers will take attendees through a security assessment of SAP SolMan, critical vulnerabilities found by Onapsis and reported to SAP, exploitation examples, how SAP has fixed these issues, and what organizations can do to detect and protect these threats moving forward.

“SAP SolMan is the technical heart of an SAP landscape. It is highly connected and can perform various administration activities remotely on all connected SAP systems,” said Juan Pablo Perez-Etchegoyen, CTO at Onapsis. “However, when speaking about protecting SAP systems, landscapes tend to be large and complex, so SAP SolMan can often go overlooked. Our research highlights critical vulnerabilities and dangerous threats connected to SAP SolMan and why it’s crucial to keeping the rest of your SAP system secure.”

More information on the session can be found here, and below:

Title: An Unauthenticated Journey To Root: Pwning Your Company’s Enterprise Software Servers

Presenters: Pablo Artuso, Security Researcher, Onapsis; Yvan Genuer, Senior Security Researcher, Onapsis

When: Wednesday, August 5, 2020 from 11:00 am – 11:40 am PT

Abstract: SAP’s software relationship with the enterprise is well established, often responsible for processing billions of dollars, but with such a vital role in business, what would the impact be if serious flaws were exploited? At the heart of every SAP deployment there is always one core mandatory product that’s connected to many other systems: The SAP SolMan. Given the criticality of this component, Onapsis Research Labs conducted a thorough security assessment of SAP SolMan to understand the threat model, how attackers could compromise it and how customers should protect themselves.

About Black Hat

For more than 20 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia. More information is available at: blackhat.com. Black Hat is organized by UBM, which in June 2018 combined with Informa PLC to become a leading B2B information services group and the largest B2B Events organizer in the world. To learn more and for the latest news and information, visit www.informa.com

About Onapsis

Onapsis protects the mission-critical applications that run the global economy. The Onapsis Platform uniquely delivers actionable insight, secure change, automated governance and continuous monitoring for critical systems—ERP, CRM, PLM, HCM, SCM and BI applications—from well-known vendors such as SAP, Oracle and leading cloud applications.

Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina. We proudly serve more than 300 of the world’s leading brands, including 20% of the Fortune 100, 6 of the top 10 automotive companies, 5 of the top 10 chemical companies, 4 of the top 10 technology companies and 3 of the top 10 oil and gas companies.

The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 800 zero-day vulnerabilities in mission-critical applications. The reach of our threat research and platform is broadened through leading consulting and audit firms such as Accenture, Deloitte, IBM, PwC and Verizon—making Onapsis solutions the de-facto standard in helping organizations protect their cloud, hybrid and on-premises mission-critical information and processes.

For more information, connect with us on Twitter or LinkedIn, or visit us at https://www.onapsis.com.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis Inc. All other company or product names may be the registered trademarks of their respective owners.

The post Onapsis to Demonstrate Importance of SAP Security During Black Hat USA 2020 appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:11PM

Read More

The Impact of the COVID-19 Pandemic on Cybersecurity

MILFORD, Mass. & VIENNA, Va.–(BUSINESS WIRE)–The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, and cybersecurity professionals saw a 63 percent increase in cyber-attacks related to the pandemic, according to a survey released by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG). As the global impact of COVID-19 manifested itself in the middle of March, ESG and ISSA conducted an in-depth survey in April 2020 as a point in time assessment of challenges posed by the pandemic.

Based on the data gathered for this project, the report highlights the following:

• Organizations were only fairly prepared for the global pandemic. Thirty-nine percent of respondents claim that they were very prepared to secure WFH devices and applications while 34 percent were prepared. Twenty-seven percent were underprepared. Therefore, the pandemic drove rapid changes, changing workloads, and new priorities.

• COVID-19 and WFH are driving improved collaboration. Slightly more than one-third of organizations have experienced significant improvement in coordination between business, IT, and security executives as a result of COVID-19 issues and 38 percent have seen marginal relationship improvements.

• COVID-19/WFH have had an impact on cybersecurity professionals and their organizations alike. The research indicates that COVID-19 has forced cybersecurity professionals to change their priorities/activities, increased their workloads, increased the number of meetings they have had to attend, and increased the stress levels associated with their jobs. Meanwhile 48 percent say that WFH has impacted the security team’s ability to support new business applications/initiatives.

• Most organizations don’t believe the pandemic will increase 2020 cybersecurity spending. Only 20 percent believe that COVID-19 security requirements will lead to an increase in security spending in 2020, while 25 percent think their organizations will be forced to decrease security spending this year. Where they expect their spending to increase, at least half pointed to priority areas being identity and access management, endpoint security, web and email security, and data security.

• COVID-19 may impact cybersecurity priorities. ESG/ISSA believes that while it is noteworthy that 30% of the cybersecurity professionals participating in this project say that cybersecurity will be a higher priority, 70% report that they don’t know or don’t believe that this crisis will lead to cybersecurity becoming a higher priority.

Finally, is COVID-19 causing cybersecurity professionals to be concerned about their jobs or career choice? Overall, the answer seems to be “no” to both questions, however, the data seems to indicate that there is more uncertainty in the short-term about current cybersecurity jobs.

“COVID-19 had a wide-ranging impact on individuals on the security staff. With 84 percent of cybersecurity professionals working exclusively from home during the pandemic and almost two-thirds believing that their organizations will be more flexible with work-at-home policies moving forward, COVID-19 has personally impacted cybersecurity professionals in their jobs and in their lives. This is in addition to the ongoing impact on organizations and security teams from the yearly worsening problem of the cybersecurity skills shortage,” Jon Oltsik, Senior Principal Analyst and ESG Fellow.

“While it’s promising to see that the majority of organizations were able to handle the COVID-19 pandemic fairly well, it is surprising that we are not seeing an increase in cybersecurity spending or prioritization following this event. If anything this should serve as a wakeup call that cybersecurity is what enables businesses to remain open and operational. Organizations prioritizing cybersecurity as a result of the pandemic will likely emerge as leaders in the next wave of cybersecurity process innovation and best practices,” said Candy Alexander, Board President, ISSA International.

Downloads

• The full report, “The Impact of the COVID-19 Pandemic on Cybersecurity,” represents 364 cybersecurity and IT professionals from the global ISSA member list and contains further research on the effects COVID-19 had on the cybersecurity profession. It can be downloaded here.
• Press Release
• Resources

About ISSA

The Information Systems Security Association (ISSA)™ is the community of choice for international cyber security professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. ISSA members and award winners include many of the industry’s notable luminaries and represent a broad range of industries – from communications, education, healthcare, manufacturing, financial and consulting to IT – as well as federal, state and local government departments and agencies. Through regional chapter meetings, conferences, networking events and content, members tap into a wealth of shared knowledge and expertise. Follow us on Twitter at @ISSAINTL. Learn more about ISSA.

About ESG

Enterprise Strategy Group (ESG) is an integrated technology analyst, research, and strategy firm providing market intelligence and actionable insight to the global technology community. ESG is increasingly recognized as one of the world’s leading and most influential independent analyst firms.

The post  The Impact of the COVID-19 Pandemic on Cybersecurity appeared first on Cybersecurity Insiders.

July 31, 2020 at 09:10AM

Read More

Finding problems that matter

This blog was jointly authored with Ed Amoroso. See their previous blog for more!
Towards the end of the 19th century, large cities like New York were facing a vexing problem so devastating that many questioned whether such cities could be sustained at all. People could no longer cross the street without assistance, stumbling was a common problem, disease was spreading, and even those issues had nothing on the horrendous stench emanating from every corner. 
We are talking, of course, about horse manure.
150,000 horses in service to pull streetcars, freight wagons, and private carriages resulted in millions of pounds of manure carpeting the city streets with a wet muck every day. All manner of ingenuity was used to remedy the situation: City drainage was improved; Manure was sold as fertilizer; Men with shovels were employed to constantly clear the streets; There were even “crossing sweepers…

Posted by: Roger Thornton

Read full post

      

The post Finding problems that matter appeared first on Cybersecurity Insiders.

July 30, 2020 at 09:11PM

Read More