Monthly Archives: July 2017

  • 0

Tackle and Simplify IT – Adopt a Secure Digital Workspace

Category : Citrix

As a member of the Cloud Services team at Citrix, I hear a lot of questions about Citrix Cloud and Citrix Cloud services. After Citrix Synergy, the most common questions have been around the Citrix secure digital workspace. I’ve been collaborating with my Cloud Services colleagues Ken Oestreich and Steve Wilson on a fantastic webinar to help address these questions – I think you’ll find it to be very interesting. They’ll help you sort out how to make adopting cloud services part of your strategy for the future, and you’ll learn about the concepts of the Citrix secure digital workspace.

Simplifying IT: Adopting a Secure Digital Workspace

August 3, 9am Eastern Time  – Register now

August 3, 2pm Eastern Time – Register now

Citrix secure digital workspace – the embodiment of Citrix

IT departments need to securely deliver apps and data to their employees in a world that is becoming more mobile and more dependent on cloud services – on any device, in any location, from any cloud. We can help you do this through the Citrix secure digital workspace.


Here are the components of the Citrix secure digital workspace:

  • The Citrix workspace experience: By eliminating the fragmented way in which users access their applications and data – and instead provide them with secure, single sign-on – your users free up time to be more productive and spend less time seeking helpdesk support. For the IT administrator, the Citrix workspace experience helps you to combat the challenges caused by cloud service sprawl (take a look at this infographic for more information on cloud service sprawl). You gain more control as the need to support multiple systems is eliminated, and you are able to securely aggregate, deploy and manage all apps, cloud services, network and identity services into one control plane. 
  • Software-defined perimeter: In a digital world where people move across varied locations and security domains, the Citrix Software-Defined Perimeter is a critical component of secure digital workspaces. It provides you with a continuous, consistent security posture, adapting to new devices, user behaviors, networks, and service sources. This is unlike competitive point-products, which are unable to offer multiple vantage points or enforcement actions across multiple apps, networks and devices.
  • Security and performance analytics: Here we combine the power of NetScaler Management and Analytics System (MAS), which monitors network traffic, with advanced user and entity behavior detection, insights, and proactive risk resolution capabilities via Citrix Analytics service (CAS) analytics. Both serve to help you track and analyze security, behavior, user performance/experience, connected devices, networking, and data use. 

How you can buy the Citrix Secure Digital Workspace

You can get the Citrix secure digital workspace by purchasing the Citrix Workspace Service, powered by Citrix Cloud. Citrix Cloud simplifies management of the Citrix technologies portfolio contained within the Citrix Workspace Service. Unify virtual apps, desktops, data, device management, and networking on any cloud or infrastructure. This integrated approach gives you the simplest way to securely create and deliver digital workspaces and gain a view into actionable insights.

Join us on August 3 to take a deeper dive into the Citrix secure digital workspace.

Simplifying IT: Adopting a Secure Digital Workspace

August 3, 2017, 9am Eastern Time – Register now

August 3, 2017, 2pm Eastern Time – Register now


Webinar Sponsored by Intel.

The Citrix and Intel partnership continues to ensure your cloud solution is optimized to deliver powerful, efficient cloud solutions that deliver better virtualization, security, and analytics.

No matter where you are in your cloud journey—on premises, hybrid cloud, or public cloud – Citrix and Intel partner to meet you there. Leading cloud provider data centers run on Intel architecture.


Author: Hannah Conrad

  • 0

The Art of the Ethical Hack: A Q&A with CyberArk’s Head of Red Team Services

Category : Cyber-Ark

Today’s highly motivated cyber attackers continually hone their skills. After all, their job is to know your network better than you do, exploiting even the smallest vulnerability to carry out a mission. In order to stay a step ahead of advanced maneuvers, it’s critical to adopt an attacker’s mindset. For many organizations, a Red Team plays an integral role in continuously improving security practices.

CyberArk Red Team services provide a safe way for security operations teams to test their ability to effectively defend against cyber attacks. The CyberArk Red Team uses a variety of tactics, techniques and procedures (TTPs) that are used in real world attacks to help clients uncover vulnerabilities, test security procedures and identify areas of improvement.

We recently spoke with Shay Nahari, our Head of Red Team Services, to learn more about the process and goals of simulated attacks. Here are some highlights from our discussion. Additional information about the Red Team is available here.

Q: Why do organizations request adversary simulation?

A: Organizations hire us to test their teams’ ability to detect and respond to targeted attacks against their infrastructure. By thinking and acting like real attackers, we give our customers a way to face a real attack and learn from it.

Q: How do you prepare for a simulation?

A: Before any simulation, we focus on reconnaissance, trying to learn as much as we can about the target organization, its employees and the security measures in place. To do so, we employ a number of methods, such as collecting information from public sources like LinkedIn, Shodan and other lesser-known sources. Armed with this information, we typically utilize custom malware to evade their security measures, then either exploit a vulnerability, an external server or use social engineering to gain an initial foothold in the network.

Q: How easy is it to breach a typical network? And what do you do once you get inside?

First, there are always ways to get inside a network. That’s why it’s important for organizations to change their mindsets around cyber attacks. It’s not a matter of “if” but a matter of “when.” Organizations have to adopt an “assumed breach” mindset – assume that one (or more) of their resources is already compromised. 

Once we’re inside, we always try to exploit built-in trust as a first step. Trust usually translates to some type of credential – passwords, hashes, SSH keys, tickets.  We can abuse this trust to impersonate real users and typical user behavior, which makes it very hard for the defenders to detect the intrusion.

Q: What happens after you breach a network? 

A: Once we have a foothold in the network, we take time to familiarize ourselves with our surroundings. At this point, most of the information we need can be gathered by abusing inherent trusts in the target environment, without necessarily requiring admin rights. For example, with standard user privileges, we can query the Active Directory and learn the network topology, map out users and group membership, and also see what privileges users have within the network. We can see their last login time, where they logged in to, and with what privileges.

At this point, we can build a map of the network and create an attack path. During these simulations, we ideally only target internal resources that can either help us escalate privileges or that have the access to the “crown jewel” we’re after – whether it’s financial, intellectual property or something else.

In Windows environments, AD contains a lot of useful information. Even if my “crown jewels” aren’t in the Windows environment, user group and system information can be extremely helpful in mapping out the most direct attack path.

Q: What happens after you establish an attack path?

AOnce we have an attack path, we need to start pivoting in the network. Before we can do this, we need to escalate privileges or abuse some sort of inherit trust on the local target. Once we do that, we can start looking for passwords, hashes, SSH keys, tokens, Kerberos tickets, or anything else that we can leverage for pivoting. Credentials are everywhere. Unless you maintain very strict operational security, one remote login can allow me to take over your entire AD forest.

Next, we try to “live off the land” – which means we try to abuse native tools in order to reuse the credentials we’ve found. With every new system we compromise, we repeat the process, which in turn, allows us to gain access to another set of machines, until we’re able to gain domain admin. Once we achieve domain admin, the main goal is to persist and stay hidden in the network until we can reach the “crown jewels.”

Q: How do you stay hidden?

We try to make sure our actions generate the fewest and smallest footprints possible. For example, WMI or PowerShell remoting are much better options during lateral movement because they leave much less forensic evidence than, let’s say, PSexec.

We leverage native tools to avoid defensive tactics. For example, PowerShell gives you access to the entire .NET language, and other built in tools allow you to compile code natively on Windows without introducing external binaries on the system. By avoiding touching disk and injecting into memory, you can make hunting and IR much harder for the defender.

Q: So how can organizations stop this?

A: It’s important for organizations is to have an “assume breach” mindset regarding their security posture. Assume your internal network is as hostile as your external network.  One major way organizations can reduce risk is by limiting internal users’ abilities to gather information from AD. In most cases, you can limit what types of information regular users are able to gather. If you can limit what attackers can learn, it’s much harder for them (and us!) to build an attack path.

Additionally, use two-factor authentication everywhere you can. Rotate and randomize passwords on a regular basis to make cracking them time-consuming for the attacker.

Avoid giving standard users local admin rights, make local admin accounts unique, and keep privileged accounts to a bare minimum. By doing that, you’re significantly raising the bar and making lateral movement much harder for the attacker.

It’s also important to understand what is normally running on your network – and create baseline of internal traffic. Without a baseline, you don’t know if what you are seeing is suspicious or not. Lastly block machine-to machine-communication, to the greatest extent possible.



  • 0

Are Your Apps Stressing Out Users with Poor Performance?

Category : F5

A recent survey finds 27% of users claim poor performance is not only frustrating, but it stresses them out.

Years ago, the comedian Louis CK offered up what is now a classic lament (for some of us, anyway), which has been dubbed, “Everything is Amazing and Nobody is Happy.” If you’ve seen it, bear with me for those who haven’t. In it, Louis watches those around him become frustrated with using technology in an airplane, and points out the amusing reality of our impatience with slow WiFi onboard while flying through the air – an amazing feat of engineering in the first place.

The lament is one that perhaps those of us who cut our teeth on dial-up and inordinately slow web pages can understand. It is fascinating to watch ‘digital natives’ contort their faces with anguish when an app or web page takes more than the blink of an eye (about 400ms) to load. Perhaps the patience of we, uh, more experienced users stems from suffering through multi-hour long downloads of Red Hat slackware that tied up our phone-lines and computers only to be corrupted five minutes from completion by digital garbage injected by call-waiting thanks to yet another urgent telemarketing call.

Youngins today have no idea how good they have it. The Internet (and technology in general) is actually amazing. And yet nobody is happy. It turns out they’re not only not happy, they are stressed out.

But we can’t go back (and honestly, who really wants to?) so all we can do is deal with the world as it is, not as it was or we’d like it to be. And that means users that are increasingly sensitive to variations in performance.

Thus, when a performance-matters-2017report like that from AppDynamics arrives detailing the devastating impact of poor performance, we ought to pay attention. Because poor performance is a serious issue that can dramatically impact your ability to enjoy a piece of the global app economy, now estimated to surpass $6 trillion in 2021.

The potential impact is not trivial. On the contrary, it turns out today’s users are more loyal to an app than they are a brand. One might then conclude that in the app economy, your app is your brand, for better or worse.

Worse, it turns out, is worser than you might expect. Poor performance not only frustrates users, it stresses them out.

Given that many of us rely on apps – both mobile and otherwise – to perform a hundred different tasks during a typical day at work, this isn’t just about your external facing apps, either. It’s about both those apps designed for profit and productivity.

The truth is that in the digital economy, apps are opportunity to grow the corporate domestic product (CDP) with improved productivity and increased profits through convenience. But poor performance can bring that growth to a screeching halt.

When 8 of ten users have DELETED an app because of performance issues, you have lost an opportunity. The sad reality is that, based on this report, they’ve probably already gone to a competitor.

The good news is that there are a variety of app services designed to improve performance. And organizations are using them.


The problem is, of course, that you don’t always (rarely, in fact) have complete control over the performance of your app. There’s the last mile – that sinuous stretch of cable between you and the user. There’s the app platform, itself, which may or may not already be tweaked and tuned as much as it can be. If it’s in the public cloud, you have no control over the network, itself. And then there’s the app. Language choice, database connectivity, logic. The factors that contribute to poor performance are voluminous, and not always under anyone’s control. App services, which sit upstream in the data path, are able to provide an excellent counterweight to those issues bogging down app performance and, in many cases, give it a leg up to perform better than you might have hoped.


Techniques like compression and acceleration (minification, image optimization, etc..) improve performance by manipulating content to deliver it faster – inside the organization and out. Protocol-focused services like HTTP2 and “fast HTTP” focus on eliminating those pesky aspects of text-based protocols that get in the way of delivering apps faster. While HTTP2 usage remains sluggish, we found in our State of Application Delivery 2017 survey that a significant percentage of organizations (16%) planned on deploying HTTP2. Other performance related services fared well, vying with security-related performances for the title of “most likely to be deployed in the next year.”

SSL offload and TCP multiplexing means servers focus on serving content, not performing cryptographic and connection-related acrobatics on every request and response, an increasingly burdensome task when serving up apps constructed from hundreds of API calls.

App services provide a robust set of options for improving the performance of apps, in the cloud or in the data center. Their focus is purely on how to make apps go faster, regardless of their location or construction.

Performance has always been important, but it’s never been quite as critical as its becoming in the app economy. With a lower tolerance for poor performance (one might even suggest users are highly sensitive to jitter these days) it is more important than ever to take advantage of all the tricks in your toolbox to make sure your app goes fast enough to satisfy even the most demanding of users.

If you need a test subject for that, I’ll rent you my 9 year old. If you can satisfy his twitchy app finger, you’ve got a winner.



  • 0

Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science

Category : FireEye

Many attackers continue to leverage PowerShell as a part of their malware ecosystem, mostly delivered and executed by malicious binaries and documents. Of malware that uses PowerShell, the most prevalent use is the garden-variety stager: an executable or document macro that launches PowerShell to download another executable and run it. There has been significant development and innovation in the field of offensive PowerShell techniques. While defenders and products have implemented greater PowerShell visibility and improved detection, the offensive PowerShell community has adapted their tools to avoid signature-based detections. Part of this response has come through an increased use of content obfuscation – a technique long employed at both the binary and content level by traditional malware authors.

In our Revoke-Obfuscation white paper, first presented at Black Hat USA 2017, we provide background on obfuscated PowerShell attacks seen in the wild, as well as defensive mitigation and logging best practices. We then make the case for the inefficiencies of static detection by exploring the many layers of obfuscation now available to attackers for launching PowerShell scripts, shortening and complicating commands contained within the scripts, manipulating strings, and using alternate and obscure methods to evade defenders. We then present a number of unique approaches for interpreting, categorizing, and processing obfuscated PowerShell attributes in order to build a framework for high fidelity obfuscation detection. To support our research, we collected an unprecedented PowerShell data corpus comprised of 408,000 scripts – including 7,000 manually-reviewed and labeled scripts – from a vast set of sources, both public and previously unavailable. In addition to releasing the PowerShell data corpus, we have released the Revoke-Obfuscation framework, which has been used in numerous Mandiant investigations, to assist the security community in classifying PowerShell scripts’ obfuscation at scale.

Download the Revoke-Obfuscation white paper today.


Author: Daniel Bohannon, Lee Holmes 

  • 0

Riverbed Launches Industry’s Most Complete Digital Experience Management Solution

Category : Riverbed

Riverbed Technology announced the launch of the most complete and integrated Digital Experience Management solution in the market with the latest release of SteelCentral. With companies continuing to invest heavily in digital business initiatives, their ability to measure and control the quality of user experience remains a challenge. Riverbed SteelCentral now empowers customers to measure and troubleshoot all parts of the digital experience, from the user’s experience on the device to the back-end network, infrastructure, cloud and application.

According to a recently published report from analyst firm EMA, 59% of enterprise leaders agree that IT and the business share the responsibility for Digital Experience Management.[1] At the same time, analyst firm Gartner’s research found that fewer than 5% of global enterprises have strategically implemented Digital Experience Monitoring.[2] The latest update to Riverbed SteelCentral delivers an integrated, business focused and user-centric solution for managing the digital experience of end users. Moreover, it offers new integrated monitoring and analysis of the complete end user service – from the business activity on the user’s device, across the network, app servers, down to application code – to provide a fast and effective solution for ensuring reliable and high quality end user experience.

The latest release of SteelCentral:

  • Delivers enriched end user performance monitoring and provides integrated visibility into Digital Experience
  • Reduces the risk during application migrations, both on and off the Cloud
  • Enables businesses to manage outcomes across the application lifecycle
  • Delivers integrated network and infrastructure troubleshooting and monitoring

SteelCentral Digital Experience Management Release Ensures Your Digital Transformation Delivers

“Our customers are making big ticket, highly strategic investments in digital business transformation initiatives to drive customer intimacy and employee/partner productivity. Delivering a flawless digital experience couldn’t be more critical to their success. But with the adoption of cloud and mobile technologies, they are finding that traditional tools are unable to holistically measure and manage a user’s digital experience,” said Mike Sargent, Senior Vice President and General Manager of SteelCentral at Riverbed. “SteelCentral now delivers the most complete, modular and integrated Digital Experience Management solution in the market, helping enterprises deliver a reliable and consistently high quality end user experience. With the breadth and depth of insight we now provide – down to the individual transaction level – we are taking visibility to a whole new level to help our customers achieve their strategic goals.”

Riverbed SteelCentral: Integrated Digital Experience Management

SteelCentral Delivers Enriched End User Performance Monitoring and Provides Integrated Visibility into Digital Experience

This new release features the integration between SteelCentral Portal, SteelCentral Aternity, and SteelCentral AppInternals. This means that SteelCentral users can now incorporate the device-based view of end user experience providing IT and business executives with a single-pane-of-glass view of IT performance and its impact on end users. In addition, the integrated workflow between SteelCentral Aternity and AppInternals provides an integrated monitoring system for the entire end user service and allows IT to rapidly troubleshoot business-critical applications across devices and applications. This results in a one-stop-shop for the variety of teams involved in Digital Experience Management, from end user services, to app developers and operations, to IT and business executives.

Riverbed SteelCentral Digital Experience Management Explainer

SteelCentral Reduces the Risk During Application Migrations – On and Off the Cloud

As companies continue to migrate applications to the cloud, understanding the impact on application and network performance is challenging. Cloud performance, particularly as it relates to the network, is a common blind spot for most enterprises. With this release, SteelCentral introduces application migration planning and prediction. This enables network planning and architecture teams to simulate and predict traffic behavior and impact on the network prior to application migrations – from data center to data center, from data center to cloud, and between cloud providers. As a result, companies are able to leverage data, not hunches, when planning cloud migrations for applications.

SteelCentral Enables Businesses to Manage Outcomes Across the Application Lifecycle

As organizations adopt DevOps, Development, QA and operations teams are streamlining, integrating and automating processes to increase agility and quality of application releases. SteelCentral AppInternals now enables IT teams to consume performance insights and diagnostics across the application lifecycle. Leveraging new REST API’s, development and QA teams can add performance testing to their build tool chain and ensure that releases are optimized for production; operations teams can consume alerts on popular collaboration tools like Slack and HipChat; and support teams can automatically open tickets on incident management tools to log issues, their root causes and diagnoses. In addition, teams can use the API to extract metrics and enrich existing reports and tools.

SteelCentral Delivers Integrated Network and Infrastructure Troubleshooting

Riverbed is also introducing a new integration between NetProfiler and NetIM that helps network managers understand the impact of network infrastructure on network performance. This integration is another example of how SteelCentral is enabling cross domain collaboration, breaking down the communication barriers created by the deployment of disjointed point monitoring solutions.

steelcentral products after latest launch

“Being able to track the end user experience is only one part of the puzzle, and although it provides very valuable information, I wanted to see the whole performance and experience picture on one pane of glass,” said Baker Donelson CIO John D. Green. “This release, integrating the technology further into the SteelCentral product line, is able to give me that single pane of glass view. With the Riverbed and Aternity combination, there is now a mix of tools, that when combined into a single pane of glass, gives you total visibility across your network, from the servers to the circuits.”

steelcentral platform image


“End user experience is critical to the success of many digital business initiatives.  Poor application performance impacts brand perceptions and customer satisfaction, yet, many organizations struggle to understand how all the infrastructure, software, and end user device elements of the application delivery chain impact end user experience,” said Mary Johnston Turner, IDC Research Vice President, Enterprise Systems Management Software. “The latest release of SteelCentral offers blended device-based end user experience monitoring which provides customers with an end to end view of application performance spanning from the user’s experience on the device to the back-end network and infrastructure. This capability delivers value to business strategies as well as IT teams as they work to execute digital transformation strategies.”


[1] EMA: User, Customer, and Digital Experience: Where Service and Business Performance Come Together, Dennis Drogseth, Julie Craig, February 2017

[2] Gartner: Innovation Insight for Digital Experience Monitoring, Will Cappelli, Oct 14, 2016



  • 0

SentinelOne Expands Business Development Practice With Launch of S1 Nexus Technology Alliance and Integration Program

Category : Sentinel One

New Program Will Create Extended Ecosystem of Partners Able to Leverage SentinelOne’s Advanced Endpoint Protection Technologies

SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today announced S1 Nexus, the company’s technology alliance and integration program. This formal business development program expands on an initial partnership with Fortinet and will create an extended ecosystem of partners who can integrate or enable interoperability with the SentinelOne Endpoint Protection Platform (EPP).

“The creation of S1 Nexus will further amplify the profound impact that our endpoint technologies have on keeping businesses secure,” said Tomer Weingarten, chief executive officer of SentinelOne. “Expanding our ecosystem via technology alliances and integrations will enable other best-of-breed security, networking and cloud companies to embed additional layers of security within their products, ultimately creating a more secure end-user environment.”

The S1 Nexus program will enable integration partners to incorporate SentinelOne technologies into their products and solutions by providing access to SentinelOne APIs. Integration partners will leverage the SentinelOne EPP engines to bolster the security functionality of their products. Alliance and platform partners will be provided interoperability with SentinelOne solutions for strengthened security posture. Partners will also receive co-marketing support and promotion of joint offerings.

SentinelOne has brought Daniel Bernard on board as vice president of business development to lead the S1 Nexus program. In his role, Bernard will source and manage global alliance and technology integration partners to complement the go-to-market team. Previously, Bernard was a founding member of Dropbox’s partnership team, creating and leading its partnership with one of the world’s largest PC manufacturers. He also helped lead the build-out of Cylance’s international field operations during its global expansion.

“SentinelOne has hit a number of significant milestones this year which strongly position the company as the ideal solution for threat prevention, automated response and remediation — all in a singular portable agent,” said Bernard. “Through our use of AI engines to power both static and behavioral analysis, SentinelOne’s technology is the most advanced and extensible technology in this space. Now that we are offering a robust set of APIs to develop a full ecosystem, there’s significant opportunity for partners to benefit from integrating our technology.”

Fortinet was SentinelOne’s first integration partner. Together, Fortinet and SentinelOne provide unparalleled visibility of threats by pairing Fortinet’s network security solutions with SentinelOne’s advanced endpoint capabilities. Threat intelligence from the endpoint is automatically generated and shared to FortiGate enterprise firewalls using Fortinet’s FortiClient Fabric Agent, giving IT unified visibility and control over their entire security infrastructure using FortiOS.

  • 0

Introducing Check Point SandBlast Mobile for Microsoft Intune

Category : Check Point

If your enterprise is using Microsoft EMS and is looking to further secure mobile devices while ensuring employee’s privacy and productivity, you’d be happy to know that Check Point has teamed with Microsoft Intune to secure enterprise mobility.

Today, Check Point announces the collaboration with Microsoft which allows Check Point’s SandBlast Mobile security solution to integrate with Microsoft Intune.  The integration is the latest in a line of joint efforts between Check Point and Microsoft to serve customers together and secure modern enterprise infrastructure – from cloud to mobile. Previous joint work includes Check Point vSec Cloud Security for Microsoft Azure.


Why is another security layer needed? While EMMs are essential for a successful enterprise mobile deployment, as they are used for policy management and enforcement, they were not designed to detect and protect against advanced mobile threats. As a result, integrating with SandBlast Mobile, a product designed to protect from known and unknown mobile threats, is paramount to protecting enterprise data.


What you should know about this integration: The integration with Microsoft Intune is enabled by Check Point Infinity, the first unified security architecture to enable businesses to protect their networks, cloud and mobile deployments with a single security infrastructure. Infinity leverages unified threat intelligence and open interfaces, helping all environments to stay protected against targeted attacks.

In addition, Infinity provides rich integration capabilities through flexible APIs and simplifies how customers can apply SandBlast Mobile’s threat intelligence, as an additional input to Intune’s device compliance settings. Once a threat is detected, SandBlast Mobile immediately applies on-device protections and notifies Intune to enforce device status changes and conditional access controls to ensure that company data stays protected until the threat is remediated.

This allows Check Point SandBlast Mobile and Microsoft Intune to provide enterprises with an integrated, comprehensive security solution that protects against advanced mobile cyberattacks and secures corporate data and access to internal resources, while ensuring employees’ privacy and productivity.


Why now? Check Point brings long-standing cyber security leadership, the most advanced security architecture with Check Point Infinity, and over 900 enterprise customers using SandBlast Mobile to protect against mobile threats. Together with Microsoft’s market presence in the EMM space, the integration of SandBlast Mobile with Microsoft Intune provides enterprise customers a sweeping offering with global coverage and support to protect their mobile workforce from advanced cyberattacks.


How does it work? SandBlast Mobile provides a centralized security solution that safeguards against progressive mobile cyberattacks, while ensuring employees’ privacy. SandBlast Mobile, the only mobile threat defense solution to detect and block 100% of tested threats (Miercom MTD Industry Assessment Report, March 17’), protects employees’ devices from: malware attacks via infected apps, man-in-the-middle attacks through compromised Wi-Fi networks, operating system vulnerabilities, and malicious links sent via SMS messages.

The integrated solution with Microsoft Intune makes it easy to apply SandBlast Mobile’s threat intelligence as an additional input into Intune’s device compliance settings. Once a threat is detected, SandBlast Mobile immediately applies on-device protections and notifies Intune to enforce device status changes and conditional access controls to ensure that company data stays protected until the issue is remediated.


This integration is now generally available. Read the solution brief

Learn more about Check Point SandBlast Mobile


  • 0

The Weather Report: Seamless Campaign, LuminosityLink RAT, and OG-Miner!

Category : Cisco

In our first ever Cisco Umbrella Security Weather Report, we break down the Seamless Exploit Kit Campaign, discuss the LuminosityLink Remote Access Trojanand Open Graphiti Miner!



  • 0

Disrupting the Disruptors, Art or Science?

Category : McAfee

Security professionals are in a fight every day to track down criminals who would disrupt governments, businesses, institutions, and lives. Attackers nearly always have the element of surprise in their favor.

But is there a way to turn the tables on these digital thieves? Can we learn how to disrupt the disruptors? New evidence shows that, as security operations teams add proactive
threat hunting capabilities and mature their security infrastructure with an automated and analytics-driven approach, they can begin to throw the attackers off their footing.

A study of more than 700 IT and security professionals around the world provides some useful insights and lessons for organizations that are looking to better understand and
enhance their threat hunting capabilities. Threat hunting is loosely defined in practice, and most organizations believe they have threat hunters, though many lack formal programs
and prioritize other activities over hunting.

Disrupting the Disruptors

  • 0

App Wrapping and Containerization by AppConnect

Category : Mobile Iron

MobileIron AppConnect containerizes apps to protect corporate data-at-rest without touching personal data. Once applications are wrapped with the MobileIron AppConnect wrapper they become integrated into the secure container on the device. Each app becomes a secure container whose data is encrypted, protected from unauthorized access, and removable.

Because each user has multiple business apps, each app container is also connected to other secure app containers. This allows the sharing of policies, like single sign-on, and the sharing of data, like documents, between secure applications. Application containers are integrated with MobileIron Core for policy management. AppConnect-enabled applications can also leverage MobileIron Sentry to exchange information with enterprise back-end systems using per app VPN solutions or AppTunnel.

AppConnect and AppTunnel

AppTunnel is a component of AppConnect that provides secure tunneling and access control to protect app data-in-motion. Fine-grained app-by-app session security protects the connection of each app container to the corporate network. MobileIron supports third party VPN, but AppTunnel is particularly useful in BYOD settings where organizations do not want to provide VPN access to all apps on the device and would rather offer access to specific applications and related data. An app that is protected by AppTunnel opens like any other app on the mobile device. The extensive security is invisible to the end user.

AppConnect Ecosystem

Our ecosystem includes applications developed by customers and third-parties using our AppConnect technology. Through our AppConnect ecosystem we actively engage application vendors and customers to further increase the number of applications integrated with our platform and offer a more comprehensive solution to our customers. Platform effects include our ecosystem partners accelerating enterprise adoption of their products that use AppConnect, and customers choosing our platform because of our ecosystem of AppConnect partners.   The availability of a rich ecosystem of secure third-party apps is essential for a successful enterprise mobility program. Partners leverage our SDK, our wrapper and our APIs to improve the user experience for devices connecting to enterprise network resources.