Beware of the Cyber Scam related to James bond movie No time to Die

Within a few hours of release of the actor Daniel Craig’s movie ‘No time to Die’, Cybersecurity firm Kaspersky has uncovered a cyber scam that has revolved around the long awaited release of the James Bond movie that is the 5th and final installment of a renowned actor as James Bond 007 spy.

From the past 7-8 days, few threat actors were seen launching email related cyber attack campaigns that dodged victims by downloading a fake video file pertaining to the leaked copy of No Time to Die.

In reality, there is no video file and is instead a malware infected file that leads the victim either to malicious pop-ups, digital advertisements, phishing websites or to ransomware scams.

Therefore, the security analysts of Kaspersky are urging online users to stay cautious while accessing emails sent by unknown senders as they can be laced with Trojans or malicious programs such as adware or credential stealing malware that can give cyber criminals a backdoor to access a victim’s sensitive data.

Nowadays, most of the movie lovers are interested in watching their favorite movies online, as some are being premiered directly through an OTT Platform. So, in order to cash such a trend, cyber crooks are seen duping the public by sending phishing emails to make easy money.

A similar scam has been detected on famous messaging platforms, such as WhatsApp and telegram as well. Here, hackers are seen circulating a simple questionnaire that, when answered, makes them eligible for free movie tickets. But in reality, the questionnaire is a kind of malicious link that leads the victim to a website that can induce espionage related Trojans thereafter onto the targeted device of the victim.

The post Beware of the Cyber Scam related to James bond movie No time to Die appeared first on Cybersecurity Insiders.

October 01, 2021 at 10:59AM

Read More

Cybersecurity related Acquisition news trending on Google

First its Akamai Technologies that hit the news headlines for acquiring Israel-based startup Guardicore. The Massachusetts based company has made it official that it has acquired Cloud based Network Segmentation Company Guardicore for a price of $600 million.

Guardicore offers a software based tool that limits apps from communicating with each other in cloud. Thus, it helps block ransomware attacks spreading from one app to other.

After purchasing the company, Akamai Technologies is planning to beef up its cloud offerings and assist businesses in combating ransomware attacks.

In other news related to acquisition, HUB Security has announced that it is going to buy data security firm Comsec for $20 million that will be paid in half cash and shares. Israel-based tech startup Hub Security that offers military grade encryption for commercial data storage needs has announced that it is planning to complete the deal by March next year and is planning to deepen its business strength in security on a global note.

The 1987 founded company Comsec that pioneers itself in the business of data security is happy to join the board of Hub, having over 400 employees based in offices in Israel and United States.

Third is the news related to US tech companies showing more interest in buying other businesses through their highly expensive shares. It has been observed in the last three years that most US deals in tech sector were concluded using stocks and very less cash.

According to the data provided by Refinitiv, almost six mega deals that took place in between 2016 to 2021 were done through stocks and this includes AMDs $35 billion acquisition of Xilinx Inc and Salesforce agreement to buy Slack Technologies for $27.7 billion.

Trade analysts state that the popularity of purchasing companies by pledging stocks is because of their soaring valuations in the deal making sector that benefits the buyer in all ways- although half of the investments are nowadays slowly diverting to digital currency related trading like BTC and Monero trading.

The post Cybersecurity related Acquisition news trending on Google appeared first on Cybersecurity Insiders.

October 01, 2021 at 10:55AM

Read More

Cybersecurity Case Studies at ContentReads

We all know the situation: As we are researching suitable security solutions, we are looking for hands-on examples of their value add in real-world deployments – like case studies that bring these sometimes abstract solutions to life, so we can see how other organizations are using them.

When we discovered this content repository for cyber case studies, we knew right away we found something very unique: The library is called ContentReads Cybersecurity (powered by Contentree), and it contains over 4,300 cybersecurity case studies searchable by solution type as well as vendor.

Visit the site to learn more – take a look at some of the most popular case studies below:

• How to use cloud security to protect healthcare clients
• How to leverage security to support innovative technology and maintain a great user experience 
• How to better implement network security while improving efficiency and lowering costs

The cyber security section has every top vendor represented for dozens of different cyber categories. In addition, the library has over 2,000 other categories for virtually any industry.

Take a look and share your experience with us.

The post Cybersecurity Case Studies at ContentReads appeared first on Cybersecurity Insiders.

September 30, 2021 at 10:36PM

Read More

Introduction to SAST

This blog was written by an independent guest blogger.

DevSecOps means countering threats at all stages of creating a software product. The DevSecOps process is impossible without securing the source code. In this article, I would like to talk about Static Application Security Testing (SAST).

As development fluency is growing every year, many companies are introducing DevSecOps. Its main message calls for ensuring continuous safety control at every stage of product creation. At the same time, DevSecOps processes are automated as much as possible.

About 90% of security incidents occur because of malicious exploitation of software bugs. Eliminating vulnerabilities at the stage of application development significantly reduces information security risks. To search for vulnerabilities in the applications to be developed, there are specific classes of tools, the markets of which are now growing rapidly. The  Application Security Testing Market — Global Industry Analysis, Size, Share, Growth, Trends, and Forecast 2017 — 2025 report by the Transparency Market Research splits application security testing into the following product classes:

• Static Application Security Testing (SAST) — static analysis of an application with access to the source code (using the white box method).
• Dynamic Application Security Testing (DAST) — dynamic analysis of an application without access to the source code and execution environment (using the black box method).
• Interactive Application Security Testing (IAST) — dynamic analysis of application security with access to the source code and execution environment (using the white box method).

All these systems allow a comprehensive approach to assessing the security of applications. At the initial stage, as a rule, static code analysis (SAST) comes into play.

What is SAST?

SAST (Static Application Security Testing) analyzes code or part of it for vulnerabilities without launching the application to be examined. It ensures compliance with guidelines and standards without actually executing the underlying code. SAST was one of the first auxiliary tools for assessing application vulnerability.

One of the key strengths of SAST is its wide coverage of programming languages ​​and development platforms. For almost any mainstream language, several vendors are offering static code analysis tools. Another plus is that SAST is easy to implement – it's quite easy to add a static scanner to your development pipeline and IDE.

SAST is the stronghold of the Shift Left approach, in which software is extensively tested for coding bugs and security loopholes at early development stages to ensure hassle-free deployment down the line. Even if an application is in its rudimentary state and lacks functionality to run, these tools can scrutinize it for imperfections. That’s the fundamental difference between static and dynamic testing. The former can be used at initial phases of the application lifecycle, and the latter is geared toward vetting full-fledged code in a runtime environment.

Also, since developer teams considerably outnumber security personnel in the average organization, manual reviews of the codebase are incredibly challenging or outright impossible. SAST bridges the gap by scanning millions of code strings in mere minutes. It easily pinpoints critical flaws, such as SQL injection, cross-site scripting (XSS), and buffer overflows without involving humans.

Finally, developers benefit from the static source code analysis as it refers to the exact location of a potential problem. It provides instant feedback about programming slip-ups in an easy-to-interpret way, for instance, by highlighting crude fragments. Some tools also display hands-on recommendations on how to address specific issues that were detected. The ability to build customized reports adds an extra layer of visualization to the process, making risky code easier to track and facilitating the remediation routine.

The main disadvantage of SAST is a large number of false positives or false negatives. According to public data from OWASP, static analysis tools yield up to 50% of false positives. This consumes a good deal of time as developers have to sort and manually check each potentially vulnerable piece.

Therefore, when implementing this type of solution in an enterprise environment, IT professionals should adjust it to the company’s needs by writing new rules or modifying the existing ones to minimize the number of false positives. Thorough analysis of the first scan results can give actionable insights into the areas that could use some fine-tuning to reduce “white noise”.

SAST is required to provide the following features:

• Availability of high-quality technologies and algorithms for deep code analysis and identification of vulnerabilities.
• Regularly updated rule base with flexible customization and extensibility.
• Comprehensive evidence-based reports on the detected vulnerabilities and detailed recommendations for removing them.
• Comparing the analysis results when rescanning the edited code (highlighting patched, unpatched, re-emerging vulnerabilities).
• Support a wide variety of programming languages.
• Compatibility with development environments, version control, and bug tracking systems.
• Communication between developers and security experts.
• The minimum number of false positives.
• Presentation of the analysis results in an easy-to-read form.
• Availability of automatic reporting tools.
• The option to conduct code analysis remotely.

The SAST that fully complies with the requirements set forth will identify problems in the code more accurately and can allow you to spend fewer resources on localization and removal of vulnerabilities.

SAST performs best for finding errors in strings of code but is not very effective for detecting flaws in the data stream.

Global SAST market

According to DevSecOps Market Size, Share, and Global Market Forecast to 2023 by MarketsandMarkets, the DevSecOps market value was estimated at $1.5 billion in 2018 and projected to reach $5.9 billion by 2023, increasing by an average of 31.2% per year.

According to the Grand View Research, the application security market will reach $10.7 billion by 2025, increasing by an average of 17.7% per year. At the same time, within the framework of the code analysis tools, SAST and DAST occupy the same sales positions on a global market scale.

There are many different analyzers on the world market originating both from well-known security vendors and from niche players who develop SAST only.

From a performance point of view, products can be installed directly at the client’s premises (on-premises) or be cloud-based (software-as-a-service). It is worth keeping in mind that while on-premises deployment provides more control over the solution and its features, it usually entails much higher maintenance costs than the cloud scenario.

SAST products

Checkmarx CxSAST

Checkmarx CxSAST automatically detects and identifies vulnerabilities in uncompiled code in the most common programming languages. CxSAST can be installed on its own or integrated into the development cycle (SDLC) to reduce the time it takes to find and remediate vulnerabilities.

Key features:

• Visualization of the code in the form of operating charts of execution routes.
• Based on the scan results, recommendations are given on how to fix problems with linking to a graphic scheme.
• Supports 27 programming languages.
• Integrated with various development environments (Eclipse, IntelliJ, Visual Studio, etc.), build servers (Jenkins, CLI, Bamboo, Maven, TeamCity), version control systems (Bitbucket, etc.), and bug tracking (Atlassian Jira, etc.).

Fortify Static Code Analyzer (SCA)

The product currently supported by Micro Focus has changed ownership several times over its long history. However, it has grown into a powerful source code analysis tool.

Fortify Static Code Analyzer is a static application security testing module within the larger Fortify family of solutions. It identifies the causes of vulnerabilities, prioritizes results, and provides detailed recommendations on fixing the code.

Key features:

• Supports 21 programming languages, including Python, ASP.NET, Ruby.
• Coverage of over 900 categories of vulnerabilities included in SANS Top 25 and OWASP Top 10, compliance with DISA STIG, PCI DSS, and others.
• On-premises and cloud-based threat intelligence model.
• Availability of a mechanism for interaction with continuous integration management systems, which allows automatic generation of error reports.
• Uses machine learning algorithms to reduce the risk of false positives.

HCL Security AppScan Source

HCL Security AppScan Source (formerly IBM Security AppScan) is designed for information security professionals, requires high qualifications, but generates a better picture of vulnerabilities linked to the source code. The product provides interaction between employees responsible for application security and developers. It has means of integration with common development environments, which makes it possible to track vulnerabilities at an early stage. 

Key features:

• 21 programming languages ​​supported.
• General and compliance reports using over 40 different templates are available right out of the box.
• AppScan Standard helps reduce the risk of data breaches and attacks on web applications before deploying the website and performs a risk assessment in the course of operation.
• Fine-tuning and upgrading options are available with the AppScan eXtension Framework.
• Direct integration into existing systems using the AppScan SDK.
• Link categorization functions, the scope of which is not limited to the protection of the application, but allows you to determine the risks for users visiting unwanted sites.
• Helps determine which site technologies can affect AppScan crawl results.

Conclusion

Vulnerabilities and bugs in software under development constitute a major security problem. The application of SAST solutions enables mitigating those risks dramatically without inviting any third-party experts. SAST is a handy developer suite that easily integrates into DevSecOps routines.

A wide variety of software solutions for static code analysis is available on the global market, where both renowned players operating in multiple segments and niche developers working with SAST only are present.

The post Introduction to SAST appeared first on Cybersecurity Insiders.

September 30, 2021 at 09:10PM

Read More

REvil ransomware gang cheat through odious partner programs

Usually we do not encourage such tactics of earning money through cyber frauds. However, in order to warn those interested, we have published this article.

The next time if you are thinking to join a ransomware as a service scheme of REvil group to earn some money through extortion or to take vengeance, you better be aware that such schemes will always dupe the partner first and then the victim next.

REvil Ransomware group is one such malware spreading gang that offers ransomware on lease and earns profits from its partners who launch a ransomware attack on a victim and steal data and then encrypt their database until a ransom is paid.

However, truth is out that REvil hackers have a habit of duping the affiliates by stealing their cryptocurrency gained from ransom.

Cybersecurity Researchers from Flashpoint have discovered that REvil authors always keep a coded backdoor on hand while handing over their file encrypting malware to their associates or affiliates.

Thus, it allows them to negotiate with the victim(if situation favors them) later and hand over the decryption key as soon as the ransom is paid to them, instead of those who leased out the file encrypting malware to make some money.

To understand it in a better way, here’s some explanation for it. Suppose A is a REvil ransomware author who has leased out their malware product to B who then launches a ransomware attack on C(REvil victim) and demands a ransom. A somehow contacts C directly and asks the ransom in exchange for a decryption key.

Flashpoint claims that over 2-3 affiliates lost their plan of extorting $7 million each from the victim as the REvil author took over the negotiations and settled a deal with the victim for just $2-3 million.

Therefore, never trust a ransomware group and especially those from Russia, as there is no guarantee that they will heed to the business conduct.

NOTE- REvil Ransomware group is also known by the name of Sodinokibi Ransomware Group.

The post REvil ransomware gang cheat through odious partner programs appeared first on Cybersecurity Insiders.

September 30, 2021 at 08:41PM

Read More

All Cyber Attacks in US should be reported within 72 hours

United States Senate has passed on a new resolution if/when approved will make it mandatory for owners of critical infrastructures to report cyber attacks within a time frame of 72 hours.

A cyber incident bill dubbed as Defense Authorization Bill was put forward by the leaders of Senate Homeland Security and Governmental Affairs Committee and is waiting for a nod from the senior members of the senate.

After the cyber incident notification act was proposed, the Cyber Incident Review Office belonging to CISA was asked to review and submit a report by next month’s end. And based on the analysis, the Senate will take a tactical decision that will make organizations with over 50 employees, not-for-profit organizations, and government agencies report a cyber incident within 3 days.

Interestingly, US Senate will also implement the same law for those companies that are affected by ransomware and will apparently force them to consider data recovery tactics rather than paying the attackers.

Similarly, Australia’s Federal Parliament’s Security and Intelligence Committee has also urged the government to take a quick decision on the Cybersecurity Executive Order 2021 that allows Australian Signals Directorate equip with special powers to defend the critical infrastructure against cyber attacks.

For your information, from the past two years, the government of Australia has added new industries into the list of Critical Infrastructure and so it now includes grocery sector, agriculture produce, universities, finance, banking, health, food & communication besides energy, defense, and transport sector.

Note– The Australian Council of Trade Unions has objectified the proposal as it envisions the new act as a privacy invasion bill for people across the economy

The post All Cyber Attacks in US should be reported within 72 hours appeared first on Cybersecurity Insiders.

September 30, 2021 at 10:34AM

Read More

iPhone Vulnerability allows hackers to fraudulently make contactless payments

Cybersecurity researchers have found vulnerability on iPhone’s Apple Pay and Visa payments feature that allows hackers to make fraudulent contactless payments without the knowledge of the owner.

A video proving this cyber incident is being circulated on the YouTube from the past 2 days and it claims that the cyber crooks can use simple radio equipment to make a payment in ‘express transit mode’, when in fact it is being paid to a nearby card.

Security experts from the Birmingham and Surrey Universities were the ones who first discovered the flaw and concluded that the flaw was actually a kind of weakness in the Apple pay and Visa Systems when combined and doesn’t affect other combination of payments choices such as MasterCard in iPhones and Visa on Samsung Pay.

Meanwhile, highly placed sources report that some iOS 14 users who are trying to upgrade to iOS 15 are experiencing strange problems like camera bugs, failure to wake up screen, unresponsive screens, slowdown of the mobile operations, freezing of core apps and some issues with Time and date.

Released on Sept 20th, 2021 to all users using iPhone 6 and after models, Apple wanted its device lovers to go through a seamless transition. However, things are going the other way round as almost all iPhone 13 users who are using a brand new device have reported of suffering from issues that do not seem that easy to resolve.

Note- So, all those who are not willing to go for a long wait for their latest iPhone 13, it is better you think twice before booking it online. As the tech giant is facing supply shortage-to the actual demand, as the manufacturing and assembling units in Vietnam are facing labor shortage because of a spike in COVID-19 cases in the said region. So, why buy now and face troubles after upgrading the handset to the recent version of operating system. Better wait for a while until the American Tech giant fixes the issue.

The post iPhone Vulnerability allows hackers to fraudulently make contactless payments appeared first on Cybersecurity Insiders.

September 30, 2021 at 10:32AM

Read More

D.A. Davidson Releases The Herd 2021 Featuring the Top 100 Privately-held Emerging Technology Companies in the U.S.

NEW YORK–(BUSINESS WIRE)–D.A. Davidson & Co. has released its annual The Herd report featuring the top 100 privately-held technology companies based in the U.S. largely falling within D.A. Davidson core areas of expertise; application software, infrastructure and security software, vertical software and financial technology. These companies were selected based upon growth rate, market awareness, scale, capitalization and other proprietary analytics generated by D.A. Davidson.

“The velocity of transactions in 2021 is truly remarkable. We’ve seen tremendous activity in the public equity markets highlighted by over 20 software IPOs since the first of the year and 60% of the companies in The Herd have raised a meaningful round since Q4 of 2020. We do not expect these trends to slow down in the near future,” said Greg Thomas, managing director, technology investment banking at D.A. Davidson. “The high profile success of several Herd companies, such as Snowflake, UiPath and Confluent, will continue to pull exciting growth stories to the public capital markets.”

This year’s The Herd report highlights highly recognized leaders of rapidly emerging software segments such as Attentive, Klaviyo and Outreach in customer engagement; Arctic Wolf, Cybereason and Venafi in cybersecurity; Cockroach Labs, Neo4j and Redis in next-gen database technologies; Addepar, MX and Stripe in financial technology; and ServiceTitan, SpotOn and Udemy in vertical software. In addition, several new and emerging members were added in 2021 including Harness, a CI/DC platform for developers, OneStream, a financial performance management platform and OneTrust, a privacy, security and data governance management platform.

“As we speak with management teams across The Herd landscape, we continue to be impressed with both the momentum and market opportunities these companies possess,” said Joe Morgan, D.A. Davidson’s co-head of technology investment banking. “Thematically, an area we are focusing our practice on is the intersection of vertical solutions and payments. A driving force on the Marlin acquisition for us was the belief that vertical focused software will continue to differentiate and grow through the integration of payments and data.”

D.A. Davidson’s annual The Herd report exhibits our commitment to helping rapidly growing companies achieve their strategic and financial goals. Our investment banking division is a leading full-service investment bank that offers comprehensive financial advisory and capital markets expertise. The group has extensive transaction experience serving middle market clients worldwide across four industry verticals: consumer, diversified industrials, financial institutions and technology. D.A. Davidson’s technology investment banking practice is one of the most active middle market groups in the United States having advised on over 50 advisory and public equity transactions representing more than $20 billion in value since January 2021.

A copy of the 2021 The Herd report can be accessed here.

About D.A. Davidson Companies

D.A. Davidson Companies is an employee-owned financial services firm offering a range of financial services and advice to individuals, corporations, institutions and municipalities nationwide. Founded in 1935 and headquartered in Montana, with corporate offices in Denver, Los Angeles, Portland and Seattle, the company has approximately 1,400 employees and offices in 28 states.

Subsidiaries include: D.A. Davidson & Co., the largest full-service investment firm headquartered in the Northwest, providing wealth management, investment banking, equity and fixed income capital markets services, and advice; Davidson Investment Advisors, a professional asset management firm; D.A. Davidson Trust Company, a trust and wealth management company; and Davidson Fixed Income Management, a registered investment adviser providing fixed income portfolio and advisory services.

For more information, visit dadavidson.com.

The post D.A. Davidson Releases The Herd 2021 Featuring the Top 100 Privately-held Emerging Technology Companies in the U.S. appeared first on Cybersecurity Insiders.

September 30, 2021 at 09:10AM

Read More

How to shift into a new approach to cybersecurity asset management

This blog was written by an independent guest blogger.

The effects of the global pandemic pushed organizations to accelerate their digital transformation strategies. Because of this, companies in all industries were faced with an array of new technologies like cloud and containers that support the shift to edge computing and remote workers. With so much focus on these factors, companies often overlook some of the repercussions that come along with such rapid innovations. One of which is the need for a new approach to asset visibility. 

Inventory, software support, and license oversight are traditional asset management responsibilities that can be addressed using IT tools. But now many organizations are realizing that the lines between network perimeters have become blurry and asset inventory has become unwieldy and harder to control. A new approach to asset management is required to address the lack of visibility and security risks therein. 

What is cybersecurity asset management

Cybersecurity asset management is a process that involves identifying the IT assets such as PCs, servers, IoT devices, and databases that are owned by an organization. Any device or resource that is a part of your organization’s network ecosystem could be subject to vulnerabilities, eventually resulting in a breach of data. 

Containerized applications are often used during a cloud migration to ensure the safety of the assets involved. They also come in handy with shared virtual machines and movement within the cloud. But containerization is not enough to ensure that vulnerabilities are not developed over time. Container monitoring is crucial for organizations as the IoT continues to expand.

Continuous real time monitoring of assets and any potential security risks that might affect them is essential. In light of rapid digital transformation 8 in 10 executives are investing in IT infrastructure in order to keep up with evolving customer expectations. Additionally, implementing increased numbers of devices, software, and other tools has highlighted the need for cybersecurity asset management. 

Why is cybersecurity asset management important

While many smaller companies might think that data breaches only affect larger enterprises, this is not the case. In fact, 60% of businesses that have experienced a data breach were small businesses. Cybersecurity asset management empowers security teams by providing the visibility that is necessary in order to create comprehensive security strategies. 

A proactive approach to cybersecurity asset management ensures that teams can detect vulnerabilities and threats before they become major issues. If an attack does occur, then cybersecurity asset management will be able to provide teams with real-time data and an accurate asset inventory in order to discover the best remediation routes. 

Ultimately, the repercussions of not implementing cybersecurity asset management could lead to financial ruin. It's smart for small business owners to have a good insurance plan as financial security in the event that assets are compromised. 

Without cybersecurity asset management businesses are at serious risk of falling victim to any number of attacks. And if essential data is held ransom or otherwise made unavailable during a breach, then serious disruptions will occur. 

A poor implementation of cybersecurity asset management can be just as harmful to an organization. Without a continuous inventory of IT resources, there is no way for security teams to accurately determine where vulnerabilities may lie or even if an attack is being carried out. 

Asset inventory challenges

There process of conducting asset inventory can be cumbersome and time consuming and there are a number of challenges that can cause inaccuracies:

• Increased attack surface – With more IoT comes the potential for larger and more insidious cyber attacks. 
• Collecting data across multiple sources – Both cloud and container technologies allow for large amounts of data to exist within multiple sources causing challenges when it comes to locating and securing data. 
• Compliance validation – Regulatory frameworks now require organizations to maintain a security architecture that utilizes technologies and standards that remain effective, compliant and auditable.

Let’s not forget the growing knowledge gap. Because of technology’s rapid evolution of the cloud and IoT connectivity, there is a widespread lack of knowledge of the current state of cybersecurity asset management. Fortunately, online technical courses are able to teach students vast amounts of information valuable to today’s IT and cybersecurity asset management implementations.

In fact, enrollment in such courses has increased by 2,000% in the last decade alone. This demonstrates that the industry is growing and the rapid rate of digital transformation has created a significant gap in cybersecurity understanding. 

Implementing cybersecurity asset management

When implementing cybersecurity asset management, there are certain qualities that are necessary in order to maintain a complete and continuously updated inventory of IT assets residing on-premises, in the cloud or at mobile endpoints:

• Complete visibility including all hardware and software
• Continuous and automatic updates of security data
• Zero trust authentication model
• Flexible and rapidly scalable without the need to add hardware
• Customizable reporting features
• Flag vulnerabilities according to their threat level

Finally, the most important factor when it comes to implementing cybersecurity asset management is a commitment to cybersecurity. Instead of seeing cybersecurity as a distraction or an additional responsibility, organizations should view cybersecurity as an empowering process that allows full visibility and control of assets. 

Conclusion

Implementing cybersecurity asset management as the primary foundation for IT security operations is crucial in today’s connected environment. With applications running in the cloud, employees working remotely, and the expanding IoT, it's becoming increasingly difficult for network administrators to keep track of devices and data. 

Moving forward, companies must operate with a security-first mindset in order to reduce the likelihood of costly disruptions. This means successfully implementing cybersecurity asset management in addition to cyber hygiene education and remediation planning. Traditional asset management needs to evolve in order to accommodate a growing IoT environment and replace outdated approaches to cybersecurity.

The post How to shift into a new approach to cybersecurity asset management appeared first on Cybersecurity Insiders.

September 29, 2021 at 09:10PM

Read More

How Continuous Monitoring is a Driver of Effective Risk Management

Continuous Monitoring (CM) as the ability to maintain ongoing awareness of information security, vulnerabilities, and threats to facilitate risk-based decision making. The ultimate objective of CM is to determine if the security and privacy controls implemented by an organization continue to be effective over time considering the inevitable changes that occur in the environment in which the organization operates.

Continuous Monitoring removes the limitations of manual or one-time assessments and facilitates real-time risk management through automating monitoring processes. CM benefits businesses in many ways by providing visibility into undiscovered system components, misconfigurations, vulnerabilities, and unauthorized changes, which can potentially expose organizations to increased risk if not addressed.

Discover why continuous monitoring is important, the implementation considerations and the benefits in the full article.

The post How Continuous Monitoring is a Driver of Effective Risk Management appeared first on Cybersecurity Insiders.

September 29, 2021 at 09:09PM

Read More

CCSP vs. EXIN Cloud Certifications: What are the Differences?

Worldwide end-user spending on public cloud services is forecast to grow 23.1% in 2021 to total $332.3 billion, up from $270 billion in 2020, according to the latest forecast from Gartner. Spending on cloud management and security services, specifically, is expected to grow 12% in the next year, from approximately $16 billion in 2021 to about $18 billion in 2022.

Demand for cybersecurity experts specializing in cloud security is skyrocketing worldwide. But with so many cloud certifications out there, how do you know which one is right for you?

(ISC)² Certified Cloud Security Professional specifically focuses on cloud security, testing candidates’ skills and knowledge across six cloud security domains. It validates your ability to design, manage and secure data, applications, and infrastructure in the cloud, while also following the best practices established by (ISC)².

Security is a limited focus in three of the broader-focused EXIN Cloud Certifications. CCC Professional Cloud Administrator includes cloud security fundamentals as one of eight topics covered; CCC Professional Cloud Developer includes it as one of 13 modules. CCC Professional Cloud Solutions Architect covers cloud security issues as a subset of one of 11 modules. CCC Professional Cloud Service Manager does not explicitly include cloud security as a topic covered in any of its nine modules.

Read more in the full article.

To discover more about how the CCSP credential can help you gain expertise in the cloud and advance your career, download our Ultimate Guide to the CCSP or our latest white paper Cloud Security Skills Can Take Your Career to Infinity (And Beyond).

The post CCSP vs. EXIN Cloud Certifications: What are the Differences? appeared first on Cybersecurity Insiders.

September 29, 2021 at 09:09PM

Read More

How Will $1.9 Billion for Cybersecurity Protect American Infrastructure?

The U.S. House of Representatives is scheduled to vote on a $1 trillion bipartisan infrastructure bill on September 30, 2021. Back in August, the U.S. Senate passed the bill, which included $1.9 billion for cybersecurity initiatives. According to The Hill, the funds will go toward securing critical infrastructure against attacks, helping vulnerable organizations defend themselves and providing funding for a key federal cyber office, among other initiatives. The House is now set to vote on the bill, and if passed, it will go to the President for his signature.

But what exactly are the cybersecurity provisions within the Infrastructure Investment and Jobs Act (H.R. 3684)? The (ISC)² Advocacy Team did some digging and pulled together the following comprehensive list of cybersecurity initiatives that would receive funding if the bill is passed.

What do you think? What are your thoughts on the brighter light being shone on cybersecurity and its inclusion in the latest infrastructure spending proposals? What do you think of $1.9 billion investment in comparison to the overall $1 trillion proposed in the current bill? Join the conversation on the (ISC)² Community.

Division A: Title I: Subtitle E: Section 11510: Cybersecurity Tool – No later than 2 years after the date of enactment of this Act, the Administrator (Federal Highway Administration) shall develop a tool to assist transportation authorities in identifying, detecting, protecting against, responding to, and recovering from cyber incidents.

Requirements—In developing the tool, the Administrator shall— (A) use the cybersecurity framework established by the National Institute of Standards and Technology relating to improving critical infrastructure cybersecurity); (B) establish a structured cybersecurity assessment and development program; (C) coordinate with the Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency; (D) consult with appropriate transportation authorities, operating agencies, industry stakeholders, and cybersecurity experts; and (E) provide for a period of public comment and review on the tool.

Cybersecurity Coordinator – No later than 2 years after the date of enactment of this Act, the Administrator shall designate an office as a ‘‘cyber coordinator’’, which will be responsible for monitoring, alerting, and advising transportation authorities of cyber incidents.

Requirements —The office designated shall, in coordination with the Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency— (A) provide to transportation authorities a secure method of notifying the Federal Highway Administration of cyber incidents; (B) share the information collected with the Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency; (C) monitor cyber incidents that affect transportation authorities; (D) alert transportation authorities to cyber incidents that affect those transportation authorities; (E) investigate unaddressed cyber incidents that affect transportation authorities; and (F) provide to transportation authorities educational resources, outreach, and awareness on fundamental principles and best practices in cybersecurity for transportation systems.

Division B: Title V: Section 25022: GAO Cybersecurity Recommendations – No later than 3 years after the enactment of this Act, the Secretary (of Transportation) shall implement the recommendation for the Department of Transportation made by the Comptroller General of the United States in the report entitled ‘‘Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges’’, (1) by developing a cybersecurity risk management strategy for the systems and information of the Department; (2) by updating policies to address an organization-wide risk assessment; and (3) by updating the processes for coordination between cybersecurity risk management functions and enterprise risk management functions.

(B) Work Roles – Not later than 3 years after the date of enactment of this Act, the Secretary shall implement the recommendation of the Comptroller General of the United States in the report entitled ‘‘Cybersecurity 22 Workforce: Agencies Need to Accurately Categorize Positions to Effectively Identify Critical Staffing Needs’’, by (1) reviewing positions in the Department and (2) assigning appropriate work roles in accordance with the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework.

(C) GAO Review – Not later than 18 months after the date of enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Transportation and Infrastructure of the House of Representatives a report that examines the approach of the Department to managing cybersecurity for the systems and information of the Department. The report shall include an evaluation of— (A) the roles, responsibilities, and reporting relationships of the senior officials of the Department with respect to cybersecurity; (B) the extent to which officials of the Department establish requirements for, share information with, provide resources to, and monitor the performance of managers with respect to cybersecurity; and 3 (ii) hold managers accountable for cybersecurity within the components of the Department.

Division D: Energy: Title 1: Subtitle B: Cybersecurity

Section 40121: Enhancing Grid Security through Public-Private Partnership – The Secretary (Energy), in consultation with the Secretary of Homeland Security  and the heads of other relevant Federal agencies, State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, shall carry out a program— (A) to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities; (B) to assist with threat assessment and cybersecurity training for electric utilities; (C) to provide technical assistance for electric utilities subject to the program; (D) to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks; (E) to advance the cybersecurity of third-party vendors that manufacture components of the electric grid; (F) to increase opportunities for sharing best practices and data collection within the electric sector; and (G) to assist, in the case of electric utilities that own defense critical electric infrastructure, with full engineering reviews of critical functions and operations at both the utility and defense infrastructure levels— (i) to identify unprotected avenues for cyber-enabled sabotage that would have catastrophic effects to national security; (ii) to recommend and implement engineering protections to ensure continued operations of identified critical functions even in the face of constant cyber-attacks and achieved perimeter access by sophisticated adversaries.

Report – Not later than 1 year after the of enactment of this Act, the Secretary shall submit to Congress a report that assesses— (1) priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems to address threats to, and vulnerabilities of, electricity distribution systems; and (2) the implementation of the priorities, policies, procedures, and actions assessed under paragraph (1), including— (A) an estimate of potential costs and benefits of the implementation; and (B) an assessment of any public-private cost-sharing opportunities. 

Section 40122: Energy Cybersense Program —The Secretary, in consultation with the Secretary of Homeland Security and the heads of other relevant Federal agencies, shall establish an Energy Cyber Sense program to test the cybersecurity of products and technologies intended for use in the energy sector, including in the bulk-power system.

Program Requirements.—The Secretary, in consultation with the Secretary of Homeland Security and the heads of other relevant Federal agencies, shall— (1) establish a testing process under the program to test the cybersecurity of products and technologies intended for use in the energy sector, including products relating to industrial control systems and operational technologies, such as supervisory control and data acquisition systems; (2) for products and technologies tested under the program, establish and maintain cybersecurity vulnerability reporting processes and a related database that are integrated with Federal vulnerability coordination processes; (3) provide technical assistance to electric utilities, product manufacturers, and other energy sector stakeholders to develop solutions to mitigate identified cybersecurity vulnerabilities in products and technologies tested under the program; (4) biennially review products and technologies tested under the program for cybersecurity vulnerabilities and provide analysis with respect to how those products and technologies respond to and mitigate cyber threats; (5) develop guidance that is informed by analysis and testing results under the program for electric utilities and other components of the energy sector for the procurement of products and technologies; (6) provide reasonable notice to, and solicit comments from, the public prior to establishing or revising the testing process under the program; (7) oversee the testing of products and technologies under the program; and (8) consider incentives to encourage the use of analysis and results of testing under the program in the design of products and technologies for use in the energy sector.

Section 40123: Incentives for Advanced Cybersecurity Technology Investment – Not later than 180 days after the date of enactment of this section, the Commission, in consultation with the Secretary of Energy, the North American Electric Reliability Corporation, the Electricity Subsector Coordinating Council, and the National Association of Regulatory Utility Commissioners, shall conduct a study to identify incentive-based, including performance-based, rate treatments for the transmission and sale of electric energy subject to the jurisdiction of the Commission that could be used to encourage— (1) investment by public utilities in advanced cybersecurity technology; and (2) participation by public utilities in cybersecurity threat information sharing programs.

Incentive Based Rate Treatment—Not later than 1 year after the completion of the study, the Commission shall establish incentive-based, including performance-based, rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by public utilities for the purpose of benefitting consumers by encouraging— (1) investments by public utilities in advanced cybersecurity technology; and (2) participation by public utilities in cybersecurity threat information sharing programs. *All rates under this program shall be just and reasonable and not discriminatory or preferential. *

Section 40124: Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program – Not later that 180 days after the enactment of this act, the Secretary shall establish a program to be known as the ‘Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program’’, to provide grants and technical assistance to, and enter into cooperative agreements with, eligible entities to protect against, detect, respond to, and recover from cybersecurity threats. The objective of the program is to deploy advanced cybersecurity technologies for electric utility systems and to increase the participation of eligible entities in cybersecurity threat information sharing programs. In awarding grants and providing technical assistance under the Program, priority will be given to an eligible entity that, as determined by the Secretary, has limited cybersecurity resources, owns assets critical to the reliability of the bulk-power system, or owns defense critical electric infrastructure.

Section 40125: Enhanced Grid Security – The Secretary, in consultation with other groups, shall develop and carry out a program— (A) to develop advanced cybersecurity applications and technologies for the energy sector— (i) to identify and mitigate vulnerabilities, including— (I) dependencies on other critical infrastructure; (II) impacts from weather and fuel supply; (III) increased dependence on inverter-based technologies; and (IV) vulnerabilities from unpatched hardware and software systems; and (ii) to advance the security of field devices and third-party control systems, including— (I) systems for generation, transmission, distribution, end use, and market functions; (II) specific electric grid elements including advanced metering, demand response, distribution, generation, and electricity storage; (III) forensic analysis of infected systems; (IV) secure communications; and (V) application of in-line edge security solutions; (B) to leverage electric grid architecture as a means to assess risks to the energy sector, including by implementing an all-hazards approach to communications infrastructure, control systems architecture, and power systems architecture; (C) to perform pilot demonstration projects with the energy sector to gain experience with new technologies; (D) to develop workforce development curricula for energy sector-related cybersecurity; (E) to develop improved supply chain concepts for secure design of emerging digital components and power electronics. There are $250,000,000 appropriated for the period of fiscal years 2022 through 2026 for this section.

Energy Sector Operational Support for Cyberresilience Program – The Secretary may develop and carry out a program— (A) to enhance and periodically test (i) the emergency response capabilities of the Department; and (ii) the coordination of the Department with other agencies, the National Laboratories, and private industry; (B) to expand cooperation of the Department with the intelligence community for energy sector-related threat collection and analysis; (C) to enhance the tools of the Department and E-ISAC (Electricity Information Sharing & Analysis Center) for monitoring the status of the energy sector; (D) to expand industry participation in E-ISAC; and (E) to provide technical assistance to small electric utilities for purposes of assessing and improving cybermaturity levels and addressing gaps identified in the assessment. There is authorized to be appropriated to the Secretary to carry out this subsection $50,000,000 for the period of fiscal years 2022 through 2026.

Section 40126: Cybersecurity Plan – Any recipient of an award or funding under this division may be required to submit a plan to the Secretary that shows Cybermaturity of the recipient as well as establishing a plan for maintaining and improving cybersecurity throughout the life of the solution of the project. Plans will be reviewed by the Office of Cybersecurity, Energy Security, and Emergency Response of the Department of Energy.

Division E: Title I: Section 50113: Cybersecurity Support for Public Water Systems – No later than 180 days after the enactment of this section, the Administrator (EPA) and Director (of Cybersecurity and Infrastructure Security Agency) will develop a framework that will identify public water systems that if damaged or became inoperable, would lead to significant public health and safety issues. When identifying these systems, the Administrator will consider whether (A) cybersecurity vulnerabilities for a public water system have been identified; (B) the capacity of a public water system to remediate a cybersecurity vulnerability without additional Federal support; (C) whether a public water system serves a defense installation or critical national security asset; and (D) whether a public water system, if degraded or rendered inoperable due to an incident, would cause a failure of other critical infrastructure.

Division G: Title VI: Cyber Response and Recovery Act: Subtitle C: Declaration of a Significant Incident: Section 2231 – The purpose of this subtitle is to authorize the Secretary (Homeland Security) to declare that a significant incident has occurred and to establish the authorities that are provided under the declaration to respond to and recover from the significant incident. The Secretary is also enabled to provide voluntary assistance to non-Federal entities impacted by a significant incident.

Section 2234 – Cyber Response and Recovery Fund: There is established a Cyber Response and Recovery Fund, which shall be available for— (1) response and recovery support for the specific significant incident associated with a declaration to Federal, State, local, and Tribal, entities and public and private entities on a reimbursable or Non-reimbursable basis, including through asset response activities and technical assistance, such as— (A) vulnerability assessments and mitigation; (B) technical incident mitigation; (C) malware analysis; (D) analytic support; (E) threat detection and hunting; and (F) network protections; (2) grants for, or cooperative agreements with, Federal, State, local, and Tribal public and private entities to respond to, and recover from, the specific significant incident associated with a declaration.

The post How Will $1.9 Billion for Cybersecurity Protect American Infrastructure? appeared first on Cybersecurity Insiders.

September 29, 2021 at 09:09PM

Read More

CEO of Group IB that prevents ransomware attacks arrested for treason charges

Group IB, a security company from Russia that helps prevent ransomware spread, is in news for wrong reasons. The CEO of the said company Ilya Sachkov was arrested by the intelligence services of Moscow and put in jail for the next two months.

Highly placed sources say that the founder of Group IB was arrested on the charges of treason, that is for passing vital information to intelligence services of foreign soil.

However, a spokesperson from the company that specialized in preventing cyber crime and ransomware spread said that the arrest of the founder of Group IB was true and the charges pressed against the Ilya Sachkov were completely false and baseless. The spokesperson also assured that the company will release a press update on the issue by early next week.

Till Mr. Sanchkov is in prison, the leadership responsibility will be assumed by Dmitri Volkov, the co-founder of Group IB that is now headquartered in the central region of Singapore now.

Note 1- The 20-year-old company in discussion is an official cyber security partner for Interpol and Europol and has hosted many International Law enforcement conferences in Moscow.

Note 2- Russia’s Federal Security Service Bureau, a successor to KGB(Committee for State Security) has arrested over 12 dignitaries in the past few months on treason charges and that includes scientists, cyber security officers, journalists and now Ilaya Sanchkov.

Note 3- Treason meaning is to betray a country/state by passing on critical information to foreign governments. This is done out of vengeance or with a motive to overthrow the current political governance. And the Vladimir Putin led nation pronounces a 12-20-year term of imprisonment for those found guilty.

The post CEO of Group IB that prevents ransomware attacks arrested for treason charges appeared first on Cybersecurity Insiders.

September 29, 2021 at 08:41PM

Read More

Cyber Attack news headlines trending on Google

London based Giant Group has confirmed that its IT infrastructure was suffering repercussions gained through a cyber attack on September 24th,2021 and all its phone, email and other payroll related servers were facing digital disruption.

A statement on this note was posted on the website of GiantPay that confirms that the UK based Payroll firm was hit by a sophisticated attack that is being investigated by the security experts from the International Law Firm Crowell & Morning.

NCSC, ICO and the insurers of GiantPay are aware of the incident and are working closely with the company in finding who is behind the attack.

Although Giant Screening and Giant Finance+ services remain unaffected, sources report that the backend servers recording the backup information were partially disrupted in the incident.

Salary dispensing by the payroll giant remains unaffected and so all those receiving the pay via the online accounting services of Giant Group will receive their usual salary by Friday this week. So, no worries if you are waiting a fuel station for your turn to fill your car tank as the salary credited will reach you on time, provided nothing goes awry from here.

Meanwhile, in a second incident that took place on a separate note, Honolulu Payroll Processing company has released a press statement that its servers were hit by a ransomware last week exposing social security numbers, date of births, full names of clients and bank account numbers.

What’s interesting about the find is that the incident took place in mid-February this year, when a security audit conducted by Hawaii Payroll Services LLC discovered hackers targeted its database by first stealing data and then locking it up with encryption.

Third, the other news that is trending on Google and is related to cyber attack is about an online communications provider that offers text and voice related to communication services.

Raleigh Technology Company, named Bandwidth, that offers VOIP services, was hit by a DDoS attack, causing deep disruption to its services from the past three days. The company witnessed the outage last week and although its staff were working round the clock, Bandwidth customers were still facing intermittent connectivity issues even till Tuesday- September 28th,2021.

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.

September 29, 2021 at 12:14PM

Read More

Google hits its own headlines because of privacy issues

Google, the internet juggernaut, is hitting its own news headlines for reasons related to privacy and its newly developed digital advertising system.

The California based web search giant is facing a legal trouble with a privacy movement started by Open Web that claims that the tech giant’s new ad policy will restrict open web competition and vitiate fraud detection.

A lawsuit has been filed by some advertisers and publishers with the European Union against the decision of Google to replace the third-party cookies with a new ‘Privacy Sandbox. Therefore, if the decision of the Alphabet’s subsidiary turns real, then advertisers will be forced to take help of Google developed software coverts instead of the traditional cookies that can help track their website user visit’s to a specific location.

Open Web movement claims that the new tech from Google will cut down the amount of data being shared with other tech firms, ad firms and publishers; thus monopolizing the existence of the Android OS maker from then on.

Note 1- Open Web submitted a similar complaint in November last year to the UK’s Competition and Markets Authority and the latest seems to be just a follow up to its data privacy concerns.

Note 2- From the past 18 months, companies having websites have displayed random pop-ups on screen that warn the user that they will track their website visits. However, if Google restricts such scenarios by replacing cookie tracking tools with some other home-grown tools, then it will start charging ad firms and news publishers that offer free content over the web; thus taking a control of the displayed content on its search engine from then on.

Note 3- Google’s decision to ban Cookie tracking tools is only restricted to those using its Chrome browser and doesn’t extend to other browsers such as Edge, Firefox and such.

The post Google hits its own headlines because of privacy issues appeared first on Cybersecurity Insiders.

September 29, 2021 at 12:11PM

Read More

The Bitglass Blog

Is the Federal government ready for Zero Trust?  

With President Biden’s executive order on Improving the Nation’s Cybersecurity specifically mentioning Zero Trust, Fed IT leaders have prioritized the implementation of this technology as part of their digital transformation efforts. 

Recently, former Transportation Department CIO Ryan Cote joined our very own Ed Lopez on Federal Drive with Tom Temin to share their unique perspectives on how Federal agencies are approaching Zero Trust. 

Here are some key quotes from the podcast:

The post The Bitglass Blog appeared first on Cybersecurity Insiders.

September 29, 2021 at 09:10AM

Read More

Considerations when choosing an XDR solution

Introduction

Cybersecurity is a fast-moving space.  In fact, it’s hard to think of a time that security has been moving more quickly. As we continue to move into the cloud, work from home, and otherwise continue the digital transformation of our businesses, additional capabilities are needed as new threats are discovered.

One of these needs is greater integration of our existing sets of security tools.  While the security industry has done a good job of addressing threats, we have often done so with point solutions.  These silos are now making it harder to solve our problems.  How do we combine the visibility provided by our endpoint detection and response tool with that provided by our network intrusion detection tool?  How do we use our firewall to mitigate a threat discovered by our DNS security tool? 

This is the idea behind XDR.

What is XDR?

Extended Detection and Response (XDR) is one of the latest security industry buzz words and, like most emerging product spaces, it means different things to different organizations.  Frankly, it is evolving very much like SASE, with vendors using the term as a way to explain how their particular collection of security technologies could fit together.

For example, for many network-focused SIEM vendors, adding an endpoint detection and response agent extends their ability to detect and respond to malware.  Endpoint detection and response vendors adding network discovery and network intrusion abilities are similarly expanding their capabilities to detect threats before they get on endpoints.

Both of these product expansions can be helpful to customers.  But many, or even most, companies have already deployed multiple solutions from multiple different vendors to solve these problems.  In our role advising companies and managing their security programs, our customers are beginning to ask how XDR should change their plans.  Let’s take a look at the current state of XDR and some things to consider before you take the leap.

A survey of XDR capabilities

What’s in a name?  In the case of XDR, we’d expect it to be an extension of “Detection and Response.”  What an extension means, of course, varies from vendor to vendor based on that vendor’s inherent technology strengths.  Most vendors claiming to have an “XDR” solution are either network or endpoint vendors that are expanding their product line in some way.  Here in table 1 is a survey of common XDR capabilities:

Table 1

In addition to these capabilities, we are also seeing vendors assert that other security tools must be part of an XDR solution.  These pieces vary by vendor but include cloud firewall/secure web gateway, email security, DDoS response, and more.

The “best” XDR solution for a given customer depends on the needs of that customer, the security products that are already deployed there, and the threats the customer is most concerned about.  Instead of shopping for an “XDR” solution, it’s best to enumerate your individual protection and detection needs. In general, vendors that are just expanding into a market aren’t the strongest players in that market.  So, if endpoint is the area you are most worried about, it’s probably best to look at XDR solutions from endpoint vendors, knowing that the network discovery and response features may not be as complete.  Better yet, shopping for hybrid solutions (we’ll get to that in a second) may be your best bet.

Platform and “location” coverage

The types of devices on your network and where they live also play a key role in the selection of an XDR solution.  Most XDR solutions that have evolved out of an endpoint detection and response solution have this well covered, but network-focused vendors may face more challenges here.  Does the solution do a good job protecting and remediating Windows, Mac, and Linux assets?  Does that include the versions of Linux that your organization has standardized on?

In addition to platform coverage, the “locations” that are protected are equally important.  Can the solution protect systems in public clouds?  One area to look at is how the products collect and use cloud data.  This is where network security vendors may do a better job by directly collecting cloud data using APIs. 

How about your own private cloud?  Can the solution support VMWare or your chosen virtualization vendor?  Don’t forget about workloads that run in containers, too.

“Native vs. hybrid” XDR – Avoiding vendor lock-in

One of the more confusing concepts in XDR is “native” vs. “hybrid.”  Not to be confused with any of the other uses we have for these terms in IT security, in the XDR world, “native” refers to a single vendor solution.  As you might have guessed, “hybrid” then must refer to a multi-vendor solution. 

We’ve generally used the term “best of breed” or “vendor agnostic” to describe this hybrid solution, and this is probably the single most important axis of any decision around XDR: Do you love your preferred security vendor enough to repurchase all XDR solution components from them?  Or would you prefer a solution that works with your existing security tools?

Managed service vs. product

Another big decision point in looking at XDR is: do I want to completely manage my own detection and response program, or do I want the help of a managed Security Operations Center (SOC) service ?  

Modern detection and response tools are much easier to use than traditional SIEMs.  Products like AT&T’s USM Anywhere and SentinelOne’s Endpoint Detection and Response come equipped with threat intelligence designed to quickly surface both new and old threats.  However, there will still be a need for subject matter expertise, and manning a SOC 24×7 requires a certain number of staff regardless.  So if you haven’t already staffed up for a SOC, or if you need additional expertise to help your current SOC,  using a managed service like AT&T’s Managed Extended Detection and Response can save time and money vs. trying to do everything in house.

The bottom line

AT&T believes that security should work for you, not the other way around. Our XDR solution combines our own Managed Threat Detection and Response service, powered by our home-grown USM Anywhere platform, with the industry-leading EDR solution from SentinelOne through our AT&T Managed Endpoint Security with SentinelOne.  This tight integration across both technology and management capabilities gives complete visibility into network and endpoint threats and one of the most complete sets of response capabilities.  This means AT&T can leverage your existing security controls to make better, faster detections and use the capabilities of these security products to respond to threats.  See table 2 for details.

We also believe that XDR will be an important part of every company’s security journey.  Attacks have become so sophisticated that we need to be able to use all our intelligence to detect them, and all the tools at our disposal to respond to them.  The combination of USM’s single pane of glass for detection and response, combined with the protection and remediation capabilities of Sentinel One and our other partners, backed by the AT&T world-class SOC team and AT&T Alien Labs threat intelligence represent the best defense for your business.

Contact us to learn more about how we can help your organization drive more efficient security operations through improved threat detection and response.

 Table 2

Security Capability	MXDR Compatibility
Endpoint protection	Sentinel One (built-in), Carbon Black, Cisco Secure Endpoint, McAfee EPO, Microsoft Defender, Sophos
Firewalls, Secure Web Gateways, SASE	AT&T SWG, Palo Alto Networks, Fortinet, Zscaler, Cisco, Checkpoint
Vulnerability Scanning	Built-in, Qualys, and DDI Frontline
Mobile Security	MobileIron (Ivanti)
DNS Security	Akamai ETP, Cisco Umbrella
Other security controls	SpyCloud, Cloudflare,
Workflow, ticketing, and automation solutions	Jira, Box Notes, Salesforce, Service Now
Zero Trust	Okta

The post Considerations when choosing an XDR solution appeared first on Cybersecurity Insiders.

September 28, 2021 at 09:16PM

Read More

How can eSIM help overcome the challenges of IoT connectivity activation?

Connected IoT devices and smart solutions are quickly expanding into every industry and aspects of our lives, and the numbers back this up. By 2025, it has been predicted that 75 billion IoT devices will be connected with a potential market value of around $1.6 trillion. With the ability to leverage real-time data and analytics from connected devices, enterprises can gain powerful insights to help boost efficiency and productivity. 

However, the benefits that these devices can provide are dependent upon strong and reliable connectivity. Ensuring that IoT devices remain connected around the clock can be a challenge for many service providers. The complexity can be due to different Mobile Network Operator (MNO) specific product variants, complicated installation logistics or ensuring resilience and keeping the promises set in service level agreements (SLAs).  

However, with the power of eSIM technology and some additional “magic” ingredients from Thales, service providers can ensure that their connected devices, such as smart meters or other fixed IoT installations like security cameras, receive consistent connectivity regardless of the challenges thrown their way. 

But, before we go into detail how eSIMs can solve IoT connectivity activation challenges, we must understand which barriers stand in the way of seamless connectivity. Here’s just a few that many service providers face: 

1. Different devices for different MNO networks 

In the context of a diverse, global market, many service providers use different product variants of their connected devices which are tailored to support specific MNO networks in their destination countries. The downside to this wide spectrum of similar products is that manufacturing and managing the logistics for multiple product variants (or “SKUs”) poses a set of cost-heavy, time-intensive tasks. 

1. Maintaining connectivity over a device’s lifecycle 

Once an IoT device is installed, it must be maintained across its lifetime. However, while IoT devices can remain in the field for 10 to 15 years, contracts with MNOs only usually last 5-6 years. Consequently, the expiration of one of these contracts has the potential to disrupt the connectivity between these devices and their networks. As a result, maintaining IoT connectivity and SLAs over the long haul currently requires device or SIM card updates which can be both costly and time-consuming. 

1. Complex and lengthy installation

Traditionally, before installing devices at deployment sites, technicians needed to test connectivity to discover which MNO network would be optimally suited to that site. This would then inform the technician of which MNO-specific device should be installed. To compound this already lengthy task, each installation technician would have to carry a whole range of MNO-specific devices so that they could install the correct device for the optimal network, further complicating the installation process.  

So, how can service providers streamline IoT connectivity activation? 

Through the power of eSIM technology, combined with the capabilities of an IoT module, a secure digital ID device and a device lifecycle management solution, service providers have the opportunity to simplify IoT device activation while saving the cost and time associated with developing and manufacturing different products for different MNOs. Here are three core ways an all-encompassing solution can help service providers when it comes to IoT connectivity activation: 

• Simplified manufacturing processes and logistics: Thanks to eSIMs, any device installed by a service provider can connect to any MNO network, regardless of the product type. For service providers, this removes the need to manufacture multiple product variants to support different MNO networks. 
• Remote maintenance: Instead of regularly sending out technicians to update both devices and SIM cards at the expiration of MNO contracts, eSIM technology gives service providers the ability to update their devices remotely. Using a web portal, technicians can update a device’s network provider from the comfort of their office, saving costs and time from unnecessary maintenance trips. 
• Streamlined installation: Devices with embedded SIMs can automatically select the optimal MNO network for any given deployment site. As a result, technicians no-longer need to spend hours travelling to sites and testing devices for their connectivity requirements. 

The IoT industry is still constantly evolving. With new connections being made every day, we are still progressing to a smarter world. However, maintaining strong and reliable connectivity will be critical if we are to reap the benefits of IoT. With the help of eSIM technology, we can simplify the activation and management of IoT devices for many across the business landscape.

Curious to learn how a chat in a wine bar led to the creation of an award-winning IoT solution? Watch our recent virtual launch party to find out more. 

Discover our award winning IoT Suite Connectivity Activation solution on our dedicated webpage here. 

Follow us at @ThalesIoT for the latest on IoT technology. 

The post How can eSIM help overcome the challenges of IoT connectivity activation? appeared first on Cybersecurity Insiders.

September 28, 2021 at 09:15PM

Read More

CCSP vs. AWS Cloud Certified: Which One for Cloud Security?

Organizations worldwide are facing new security challenges presented by cloud computing, as most legacy security tools fail to meet the requirements of dynamic, distributed, virtual cloud environments. In fact, 81% of organizations say traditional security solutions don’t work at all in cloud environments or have only limited functionality, according to the 2021 Cloud Security Report by Cybersecurity Insiders.

To fill the gaps, global opportunities for cybersecurity professionals specializing in cloud security are many. But with so many certifications out there, which option most effectively demonstrates the broad knowledge and skills required to secure any cloud environment? Let’s compare three leading certifications: (ISC)² Certified Cloud Security Professional (CCSP) vs. AWS Certified Solutions Architect-Associate and AWS Certified Developer-Associate.

CCSP is a vendor-neutral certification that demonstrates the broad knowledge to successfully secure any cloud environment, regardless of vendor affiliation. It proves expert skills and experience in cloud security design, implementation, architecture, operations, controls, and compliance with the full range of regulatory frameworks. The globally recognized certification is available from (ISC)², the creators of the Certified Information Systems Security Professional (CISSP) Common Body of Knowledge.

AWS Certified Solutions Architect-Associate and AWS Certified Developer-Associate are vendor-specific certifications that show expertise specifically and exclusively in Amazon Web Services’ cloud platform.

Read more in the full article.

To discover more about how the CCSP credential can help you gain expertise in the cloud and advance your career, download our Ultimate Guide to the CCSP or our latest white paper Cloud Security Skills Can Take Your Career to Infinity (And Beyond).

The post CCSP vs. AWS Cloud Certified: Which One for Cloud Security? appeared first on Cybersecurity Insiders.

September 28, 2021 at 09:15PM

Read More