Author Archives: AdminDCS

  • 0

The Magic Behind Rapid7 Managed Application Security Services

Category : Rapid7

When I was younger, one of my favorite gifts was a magic kit. My dad did magic tricks with cards and rope, and whenever I asked how he did it, he’d say, “A magician never tells his secrets.” Part of why I loved that gift so much is I got to be the magician—and I got a glimpse of the secrets.

Whenever I spend time with the Managed Application Security team at Rapid7, I feel like I did when I was younger: excited to learn about how the magic works. Here are some of the secrets I’ve learned.

Application Security Services Help Maturing Companies the Most

Organizations who choose Application Security Services often do so because their IT and Security teams are maturing. Rapid7’s Managed Application Security Services offer help and expertise to the team. We’ve found that many younger organizations both recognize the importance of application security and acknowledge that they don’t have adequate people resources to do the work. That’s where we come in.

Rapid7 Does Application Security Better

Rapid7 combines people, process, and technology to do Managed Application Security better. Our team of cybersecurity and development experts sets up and runs scans for customers and then monitors those scans to make sure they run smoothly. Once the scan results come out, they validate vulnerabilities and help the team prioritize remediation and risk. This sounds simple, but it can take many hours or days to perform depending on the number and types of applications. This is why the people matter. The team is made up of true application security experts who know what to look for—and they do it fast. Their experience and expertise significantly cuts the time it takes to review scans and validate vulnerabilities. They then deliver reports to the customers and are available to discuss results and help solve for them. Vulnerability validation is just the beginning.

What the Team Discovered

One of the reasons our team is able to go beyond running web application security scans and validating vulnerabilities is the simple fact that they’re curious people with deep attacker knowledge; in other words, they’re hackers at heart. Recently, something looked off in one of the team’s application scans. It turned out that they had discovered an application vulnerability that was making all customer invoices searchable on the public web. When they realized they could see one invoice, they dug deeper, like any smart attacker would. They knew what to dig for, and as a result, they were quickly able to help the customer resolve it.

Before I asked our magicians to reveal their secrets, I had no idea that it was possible to make all of your invoices public, but exposing sensitive data like this is a huge risk—especially for smaller companies without application security programs. The trick to solving problems for customers is combining excellent tools and an abundance of curiosity in a team of experienced professionals but the real magic comes from having access to this team, and therefore to a world of discovery that was previously hidden behind a curtain.

Source: https://blog.rapid7.com/2017/12/12/the-magic-behind-rapid7-managed-application-security-services/

Author: Kimberlee Bachman


  • 0

Flex your Superpowers, SD-WAN for the Cloud Era

Category : Riverbed

Why SD-WAN?

Traditional Wide Area Networks (WANs) rely on decades old router technology built for an era where networks were static and data needed to be sent simply between client and server. Over the years, they have struggled to keep up with the rapid pace of IT innovation and have become increasingly complex to manage.

In today’s digital world, things have continued to get more complicated.  With the explosive growth of cloud and mobile, enterprises are dealing with hybrid networks, multiple service providers and a loss of control.

Riverbed SD-WAN vs Legacy Routers

Capability Riverbed SD-WAN Legacy Routers
Simple Workflow-based Cloud GUI

simple workflow based cloud GUI

manual command line interfaceManual command-line Interface
Intelligent Path Selection

intelligent path selection

static path rules, limited bandwidth savingsStatic path rules, limited bandwidth savings
Single-click Cloud-ready Architecture

single click cloud ready architecture

3rd party dependent data center backhaul3rd Party dependent, data center backhaul
Integrated WAN Visibility& Optimization

integrated wan visibility and optimization

multiple vendors, product linesMultiple vendors, product lines
Pay-as-you-go Subscription Model

pay as you go subscription model

Huhuge upfront CAPEX and ongoing supportge upfront CAPEX and ongoing support

 

Gain

Automation

Increases network agility by decreasing manual configuration steps through programmability and automation.

Speed

Improves performance of applications by applying network policy intelligently based on application using multiple network paths including faster broadband connections.

Cost-Effectiveness

Lowers costs by eliminating reliance on expensive MPLS connections to remote sites and back haul through data centers.

CALCULATE SAVINGS

Source: https://www.riverbed.com/sd-wan-for-the-cloud-era.html?utm_source=linkedin&utm_medium=social&utm_campaign=sdwan


  • 0

Security Predictions for 2018 Paradigm Shifts

Category : Trend Micro

Skills and resources — these are the two elements that make up an attacker’s arsenal. An attacker, however, cannot set out to break security or even perform sophisticated attacks without finding weak points in a system first. Massive malware attacks, email-borne heists, hacked devices, and disrupted services — all of these require a vulnerability in the network, whether in the form of technology or people, in order to be pulled off.

Increased connectivity and interaction over insecure networks are a given. Unfortunately, poor implementation of technologies adds to the likelihood of threats being realized. Having protection where and when it’s needed will become the backbone of security in this ever-shifting threat landscape.

In 2018, digital extortion will be at the core of most cybercriminals’ business model and will propel them into other schemes that will get their hands on potentially hefty payouts. Vulnerabilities in IoT devices will expand the attack surface as devices get further woven into the fabric of smart environments everywhere. Business Email Compromise scams will ensnare more organizations to fork over their money. The age of fake news and cyberpropaganda will persist with old-style cybercriminal techniques. Machine learning and blockchain applications will pose both promises and pitfalls. Companies will face the challenge of keeping up with the directives of the General Data Protection Regulation (GDPR) in time for its enforcement. Not only will enterprises be riddled with vulnerabilities, but loopholes in internal processes will also be abused for production sabotage.

These are the threats that will make inroads in the 2018 landscape. As such, they will serve as further proof that the days of threats being addressed with traditional security solutions are behind us. As environments become increasingly interconnected and complex, threats are redefining how we should look at security.

Trend Micro has looked into the current and emerging threats, as well as the security approaches tailored for the landscape. Read on to find out how to make informed decisions with regard to the security focus areas that will figure prominently in 2018.

 THE RANSOMWARE BUSINESS MODEL WILL STILL BE A CYBERCRIME MAINSTAY IN 2018, WHILE OTHER FORMS OF DIGITAL EXTORTION WILL GAIN MORE GROUND.

For 2017, we predicted that cybercriminals would diversify ransomware into other attack methods. True enough, the year unfolded with incidents such as WannaCry and Petya’s rapidly propagated network attacks, Locky and FakeGlobe’s widespread spam run, and Bad Rabbit’s watering hole attacks against Eastern European countries.

We do not expect ransomware to go away anytime soon. On the contrary, it can only be anticipated to make further rounds in 2018, even as other types of digital extortion become more prevalent. Cybercriminals have been resorting to using compelling data as a weapon for coercing victims into paying up. With ransomware-as-a-service (RaaS) still being offered in underground forums, along with bitcoin as a secure method to collect ransom, cybercriminals are being all the more drawn to the business model.

Ransomware maturity as a catalyst for digital extortion campaigns

If the evolution of cybercriminal tactics over the years is any indication, cybercriminals are now going straight for the money instead of tricking users into giving up their credentials. The early online threats were heavy on infostealers and malware that hijacked banking transactions to steal private information. Then, the breed of threats went out to disguise themselves as anti-malware solutions (FAKEAV), whereby users were duped into downloading the software and paying up to regain access to the victimized computers. Emulating this behavior of FAKEAV, ransomware took the stage from then on.

The current success of ransomware campaigns — especially their extortion element — will prompt cybercriminals looking to make generous profits out of targeting populations that will yield the most return possible. Attackers will continue to rely on phishing campaigns where emails with ransomware payload are delivered en masse to ensure a percentage of affected users. They will also go for the bigger buck by targeting a single organization, possibly in an Industrial Internet of Things (IIoT) environment, for a ransomware attack that will disrupt the operationsand affect the production line. We already saw this in the fallout from the massive WannaCry and Petya outbreaks, and it won’t be long until it becomes the intended impact of the threat.

Extortion will also come into play when GDPR gets imposed. Cybercriminals could target private data covered by the regulation and ask companies to pay an extortion fee rather than risk punitive fines of up to 4 percent of their annual turnover. Companies will have ransom prices associated with them that cybercriminals can determine by taking publicly available financial details and working out the respective maximum GDPR fines the companies could face. This will drive an increase in breach attempts and ransom demands. Moreover, we expect GDPR to be used as a social engineering tactic in the same way that copyright violations and police warnings were used in past FAKEAV and ransomware campaigns.

Users and enterprises can stay resilient against these digital extortion attempts by employing effective web and email gateway solutions as a first line of defense. Solutions with high-fidelity machine learning, behavior monitoring, and vulnerability shielding prevent threats from getting through to the target. These capabilities are especially beneficial in the case of ransomware variants that are seen moving toward fileless delivery, in which there are no malicious payloads or binaries for traditional solutions to detect.

CYBERCRIMINALS WILL EXPLORE NEW WAYS TO ABUSE IoTDEVICES FOR THEIR OWN GAIN.

The massive Mirai and Persirai distributed denial-of-service (DDoS) attacks that hijacked IoT devices, such as digital video recorders (DVRs), IP cameras, and routers, have already elevated the conversation of how vulnerable and disruptive these connected devices can be. Recently, the IoT botnet Reaper, which is based on the Mirai code, has been found to catch on as a means to compromise a web of devices, even those from different device makers.

We predict that aside from performing DDoS attacks, cybercriminals will turn to IoT devices for creating proxies to obfuscate their location and web traffic, considering that law enforcement usually refers to IP addresses and logs for criminal investigation and post-infection forensics. Amassing a large network of anonymized devices (running on default credentials no less and having virtually no logs) could serve as jumping-off points for cybercriminals to surreptitiously facilitate their activities within the compromised network.

We should also anticipate more IoT vulnerabilities in the market as many, if not most, manufacturers are going to market with devices that are not secure by design. This risk will be compounded by the fact that patching IoT devices may not be as simple as patching PCs. It can take one insecure device that has not been issued a fix or updated to the latest version to become an entry point to the central network. The KRACK attack proved that even the wireless connection itself could add to the security woes. This vulnerability affects most, if not all, devices that connect to the WPA2 protocol, which then raises questions about the security of 5G technology, which is slated to sweep connected environments.

Devices that will be targeted for disruptions and cybercrime

With hundreds of thousands of drones entering the U.S. airspace alone, the prospect of overseeing the aerial vehicles can be daunting. We expect that reports of drone-related accidents or collisions are only the start of it, as hackers have already been found to access computers, grab sensitive information, and hijack deliveries. Likewise, pervasive home devices such as wireless speakers and voice assistants can enable hackers to determine house locations and attempt break-ins.

We also expect cases of biohacking, via wearables and medical devices, to materialize in 2018. Biometric activity trackers such as heart rate monitors and fitness bands can be intercepted to gather information about the users. Even life-sustaining pacemakers have been found with vulnerabilities that can be exploited for potentially fatal attacks.What adopters and regulators should recognize now is that not all IoT devices have built-in security, let alone hardened security. The devices are open to compromise unless manufacturers perform regular risk assessments and security audits. Users are also responsible for setting up their devices for security, which can be as simple as changing default passwords and regularly installing firmware updates.

GLOBAL LOSSES FROM BUSINESS EMAIL COMPROMISE SCAMS WILL EXCEED US$9 BILLION IN 2018.

According to the Federal Bureau of Investigation (FBI), BEC scams have been reported in over a hundred countries and have a marked increase of 2,370 percent in identified exposed losses between January 2015 and December 2016. This isn’t surprising since BEC scams are to cybercriminals what burglary is to “offline” criminals. BEC scams are quick, require very little scouting, and can yield big gains depending on the target, as evidenced by the US$5 billion recorded losses.

We predict that BEC incidents will only multiply in 2018, leading to more than US$9 billion* in global losses. This hike in the projected reported losses will be brought on partly by a growing awareness around BEC and the tactics used, which will result in better identification and increased reporting of the scams. Mainly, it will be rooted in how BEC scams bank on phishing approaches that time and again have proved to be effective. We will continue to see BEC scams that involve company executives being impersonated to wire sums of money. We’ve been observing it in the increase of BEC attack attempts involving CEO fraud. It’s also interesting to note that instead of planting keyloggers, BEC scammers are turning to phishing PDFs and sites, which are cheaper than keyloggers with crypting services. With phishing, they can still compromise accounts, and at lower costs at that.

The simplicity of knowing a target organization’s hierarchy (which may even be publicly available on social media and corporate websites) and the brevity of the emails make a case for an efficient ploy to funnel money. There is, however, another financially driven enterprise threat expected to still be wielded by cybercriminals who are willing to do the long con: Business Process Compromise (BPC). With BPC, cybercriminals learn the inner workings of the organization, particularly in the financial department, with the aim of modifying internal processes (possibly via corporate supply chain vulnerabilities) and hitting the mother lode. However, given that it requires long-term planning and more work, BPC is less likely to make headlines in 2018, unlike the much simpler BEC.

BEC can be deflected if employee training is in place, as it is reliant on social engineering. Companies should implement strict protocols on internal processes, especially when making any kind of transaction. Small- and medium-sized businesses, as well as enterprises, should employ multiple verifications, whereby another established communication channel, such as a phone call, is at one’s disposal for double-checking. Web and gateway solutions that provide accurate detection of social engineering tactics and forged behaviors may also be able to block BEC threats.

*US$9 billion is based on computing the monthly average of reported losses from June to December 2016 and multiplying it by 12. This only assumes that there is a flat growth for reported BEC incidents and victims.

CYBERPROPAGANDA CAMPAIGNS WILL BE REFINED USING TRIED-AND-TESTED TECHNIQUES FROM PAST SPAM CAMPAIGNS.

The fake news triangle consists of: motivations the propaganda is built on, social networks that serve as a platform for the message, and tools and services that are used to deliver the message. In 2018, we expect cyberpropaganda to spread via familiar techniques: those that were once used to spread spam via email and the web.

Do-it-yourself (DIY) kits in the form of software, for instance, can perform automated social media spamming. Even black hat search engine optimization (SEO) has been adapted to social media optimization (SMO), with a user base of hundreds of thousands able to provide traffic and numbers to different platforms. From spear-phishing emails sent to foreign ministries to the blatant use of documents to discredit authorities, dubious content can spread freely and spark forceful opinions or even real protests.Fabricated information, additionally, can put businesses in a bad light and even hurt their performance and reputation. Researchers are even looking into audio and video manipulation tools that allow realistic-looking footage to further blur the line between authentic and fake. Manipulated political campaigns will continue to mount smear tactics and deliberately shift public perception, as allowed by the tools and services readily available in underground marketplaces.It is likely that the upcoming Swedish general election will not be exempt from attempts to influence the voting outcome through fake news. The interest will also be hot on the heels of the U.S. midterm elections, as social media can be wielded to amplify divisive messages, as in the alleged meddling in the previous U.S. presidential election and the “troll farm” behind a Twitter influencer.Each time fake news gets posted and reposted, a reader encountering the same content grows familiar with it and takes it as truth. Having the eye to distinguish fake news from not will be tough, as propagandists use old techniques that have proved effective and reliable.Fake news and cyberpropaganda will press on because there has been no dependable way to detect or block manipulated content. Social media sites, most notably Google and Facebook, have already pledged a crackdown on bogus stories propagating across feeds and groups, but it has had little impact so far. That being the case, the final screening will still be dependent on the users themselves. But as long as users are not educated in flagging false news, such content will continue to permeate online and be consumed by unsuspecting and undiscerning readers.

THREAT ACTORS WILL RIDE ON MACHINE LEARNING AND BLOCKCHAIN TECHNOLOGIES TO EXPAND THEIR EVASION TECHNIQUES.

Knowing what is unknown. That’s one of the key promises of machine learning, the process by which computers are trained but not deliberately programmed. For a relatively nascent technology, machine learning shows great potential. Already, however, it’s become apparent that machine learning may not be the be-all and end-all of data analysis and insights identification. Machine learning lets computers learn by being fed loads of data. This means that machine learning can only be as good and accurate as the context it gets from its sources.

Going into the future, machine learning will be a key component of security solutions. While it uncovers a lot of potential for more accurate and targeted decision-making, it poses an important question: Can machine learning be outwitted by malware?

We’ve found that the CERBER ransomware uses a loader that certain machine learning solutions aren’t able to detect because of how the malware is packaged to not look malicious. This is especially problematic for software that employs pre-execution machine learning (which analyzes files without any execution or emulation), as in the case of the UIWIX ransomware (a WannaCry copycat), where there was no file for pre-execution machine learning to detect and block.

Machine learning may be a powerful tool, but it is not foolproof. While researchers are already looking into the possibilities of machine learning in monitoring traffic and identifying possible zero-day exploits, it is not far-fetched to conjecture that cybercriminals will use the same capability to get ahead of finding the zero-days themselves. It is also possible to deceive machine learning engines, as shown in the slight manipulation of road signs that were recognized differently by autonomous cars. Researchers have already demonstrated how machine learning models have blind spots that adversaries can probe for exploitation.

While machine learning definitely helps improve protection, we believe that it should not completely take over security mechanisms. It should be considered an additional security layer incorporated into an in-depth defense strategy, and not a silver bullet. A multilayered defense with end-to-end protection, from the gateway to the endpoint, will be able to fight both known and unknown security threats.

Another emerging technology that is poised to reshape businesses and that we see being abused is the blockchain. Blockchain technology has generated a lot of buzz in the context of digital cryptocurrencies and as a form of no-fail security. Adoption of the decentralized ledger is projected to be widespread in five to 10 years. Currently, however, many initiatives are already being built on blockchain, ranging from technology and finance industry startups and giants to entire governments – all with the goal of revolutionizing business models.

Blockchain works by having a required consensus among the participants, which makes unauthorized changes or deliberate tampering with the blockchain difficult to do. The more transfers there are, the more the series becomes complex and obfuscated. This obfuscation, likewise, can be seen as an opportunity by cybercriminals looking into enhancing their attack vectors. They have already managed to target the blockchain in the Ethereum DAO hack, which led to over US$50 million worth of digital currency lost.

Like most promising technologies that were thought secure at one point, machine learning and blockchain warrant close attention.

MANY COMPANIES WILL TAKE DEFINITIVE ACTIONS ON THE GENERAL DATA PROTECTION REGULATION ONLY WHEN THE FIRST HIGH-PROFILE LAWSUIT IS FILED.

The European Union (EU) will finally be rolling out GDPR in May 2018, with an expected extensive impact on data handling of companies that engage with EU citizens’ data – even if the said companies are outside Europe. In our research, we found that the majority of C-level executives (in 57 percent of businesses) shun the responsibility of complying with GDPR, with some unaware of what constitutes personally identifiable information (PII) and even unbothered by potential monetary penalties.

Laggards will fully heed the brunt of GDPR only when the retributions are imposed by the regulators. Data privacy watchdogs can interfere with business operations by altogether banning companies from processing certain data. There is also the possibility that lawsuits, both from the authorities and from the citizens themselves, will come into the picture.

The American credit reporting agency Equifax, for instance, would have faced a staggering fine, as some U.K. consumers were reportedly affected too, if the breach had happened after the GDPR implementation had gone into effect and it hadn’t come forward with the incident sooner than it chose to. A considerable penalty would have also been imposed on the international ride-hailing company Uber, which announced a data breach over a year after the fact. Noncompliance with breach notification will prompt regulators to issue fines of up to €20 million, or up to 4 percent of the company’s global annual turnover of the preceding financial year, whichever is greater.

Companies waking up to the GDPR enforcement, therefore, will find the importance of having a dedicated data protection officer (DPO) who can spearhead data processing and monitoring. DPOs are particularly needed in enterprises and industries that handle sensitive data. Companies will be required to review their data security strategy, including classifying the nature of data and distinguishing EU data from data associated with the rest of the world.

Other regions will have to catch up with their data regulations by having a similar framework of wide-ranging scope and tougher penalties for compliance failure. The U.S. Food and Drug Administration (FDA) has already recognized several European drug regulatory authorities to improve its inspections. Australia is gearing up to enact its own data breach notification laws based on the Privacy Amendment (Notifiable Data Breaches) Act 2017, while U.K.’s Data Protection Bill is getting updated to match EU’s laws after Brexit. Meanwhile, the EU-U.S. Privacy Shield deal will have to prove how binding it is in spite of concernsexpressed by the EU.

ENTERPRISE APPLICATIONS AND PLATFORMS WILL BE AT RISK OF MANIPULATION AND VULNERABILITIES.

In today’s environment, where the Industry 4.0 makes cyber-physical systems and production processes increasingly interconnected and software-defined, risks can stem from several areas within. The notion of having a digital twin, a virtual replica or simulation of the real-world production or process, is enabling enterprises to address performance issues that may arise in real physical assets. However, we believe that while it’s poised to transform operations, the production network can be infiltrated by malicious actors aiming to manipulate the system and cause operational disruptions and damages. By manipulating the digital twin itself, these actors can make production processes look legitimate when they have, in fact, been modified.

In addition, production data that is directly (or indirectly) handed over via manufacturing execution systems (MES) to SAP or other enterprise resource planning (ERP) systems is also in danger of being compromised. If a manipulated piece of data or wrong command is sent to an ERP system, machines will be liable to sabotage processes by carrying out erroneous decisions, such as delivery of inaccurate numbers of supplies, unintended money transfers, and even system overloads.

Enterprise systems will not be the only ones targeted; in 2018, we expect to continue to see security flaws in Adobe and Microsoft platforms. What’s going to be particularly interesting, however, is the renewed focus on browser-based and server-side vulnerabilities.

For years, the vulnerabilities of well-known browser plug-ins like Adobe Flash Player, Oracle’s Java, and Microsoft Silverlight have been targeted. We predict that in 2018, however, weaknesses in JavaScript engines will beset the modern browsers themselves. From Google Chrome’s V8 crashing issues to Microsoft Edge’s Chakra being open sourceJavaScript-based browser vulnerabilities will make more appearances in 2018 given the wide use of the script on the web.

Attackers will also take a renewed focus on using server-side vulnerabilities to deliver malicious payloads. We predict that the use of Server Message Block (SMB) and Samba exploits that deliver ransomware will be more pronounced in 2018. SMB vulnerabilities, in particular, can be exploited without any direct interaction with the user. In fact, an SMB vulnerability was used in the EternalBlue exploit that crippled many networks running on Windows during the WannaCry and Petya ransomware attacks, and in the more recent Bad Rabbit attacks that exploited EternalRomance. The open-source Samba on Linux, similarly, is capable of exploiting vulnerabilities in the SMB protocol.

Attacks against production processes through SAP and ERP mean that enterprises will need to take the security of related applications as priority. Access to the applications will need to be managed and monitored to avoid any unauthorized access.

Users and enterprises are advised to routinely check for software updates and apply patches once they are available. However, as administrators can stumble over immediate deployment of updates, we recommend integrating vulnerability shielding into systems so that platforms are protected against unpatched and zero-day vulnerabilities. Network solutions should also secure connected devices from potential intrusions through virtual patching and proactive monitoring of web traffic.


Tackling Security in 2018
Given the broad range of threats the landscape currently bears and will expect to face in 2018 – from vulnerabilities and ransomware to spam and targeted attacks – what enterprises and users alike can best do is to minimize the risk of compromise at all layers.

Better visibility and multilayered security defense for enterprises

To combat today’s expansive threats and be fortified against those yet to come, organizations should employ security solutions that allow visibility across all networks and that can provide real-time detection and protection against vulnerabilities and attacks. Any potential intrusions and compromise of assets will be avoided with a dynamic security strategy that employs cross-generational techniques appropriate for varying threats. These security technologies include:

  • Real-time scanning. Active and automatic scans allow highly efficient malware detection and improved machine performance.
  • Web and file reputation. Malware detection and prevention through web reputation, anti-spam techniques, and application control protect users from ransomware attacks and exploits.
  • Behavioral analysis. Advanced malware and techniques that evade traditional defenses are proactively detected and blocked.
  • High-fidelity machine learning. Human inputs augmented with threat intelligence data allow rapid detections and accurate defenses against known and unknown threats.
  • Endpoint security. Security that employs sandboxing, breach detection, and endpoint sensor capabilities detect suspicious activities and prevent attacks and lateral movement within the network.

Best practices and sustained protection for end-users

Having different devices and applications to access information is becoming second nature in today’s increasingly connected world. Regardless of device, application, or network, users will be able to fill the security gaps with proper configurations:

Change default passwords. Use unique and complex passwords for smart devices, especially for routers, to significantly reduce the possibility of attackers hacking into the devices.

Set up devices for security. Modify devices’ default settings to keep privacy in check and implement encryption to prevent unauthorized monitoring and use of data.

Apply timely patches. Update the firmware to its latest version (or enable the auto-update feature if available) to avoid unpatched vulnerabilities.

Deflect social engineering tactics. Always be mindful of emails received and sites visited as these can be used for spam, phishing, malware, and targeted attacks.

Enterprises and users are better positioned if protections in place are able to cover the entire threat life cycle with multiple security layers. From the email and web gateway to the endpoint, having a connected threat defense ensures maximum protection against the constantly evolving threats of 2018 and beyond.

Source: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2018?utm_source=trendlabs-socal&utm_medium=socal&utm_campaign=12-2017-security-predictions


  • 0

10 Good Reasons to Choose NetApp for Machine Learning

Category : NetApp

Artificial intelligence (AI) can help your team get greater insight from enterprise data and enhance digital services to increase customer engagement. But it’s such a new field that the right infrastructure choices for AI / Machine Learning (ML) aren’t always clear.

Whether you do AI work on-premises or in the cloud, as you ramp up processes and move them into production, bottlenecks inevitably occur. Lack of I/O performance stalls your AI pipeline. Moving, copying, and managing rapidly growing data sets eats up valuable staff time. The methods that worked during proof of concept become impractical if not impossible at scale.

This is where NetApp can help. NetApp Data Fabric solutions and services accelerate and simplify your AI / ML efforts—from the edge of your network, to the core of your data center, to the cloud. Here are ten reasons to partner with NetApp for your AI / ML needs.

Source: https://blog.netapp.com/infographic-10-good-reasons-to-choose-netapp-for-machine-learning/

Author: Matt Watts

 


  • 0

Palo Alto Networks Now a Six-Time Gartner Magic Quadrant Leader!

Category : Palo Alto

Gartner’s 2017 Magic Quadrant for Enterprise Network Firewalls has been released, and Palo Alto Networks is proud to be positioned in the Leaders quadrant for the sixth consecutive year. I invite you to read the 2017 Magic Quadrant for Enterprise Network Firewalls report.

Gartner’s Magic Quadrant provides a graphical competitive positioning of technology providers in markets where growth is high and provider differentiation is distinct. Leaders execute well against their stated visions and are well-positioned for tomorrow. Gartner researchers continue to highlight both our ability to execute and the completeness of our vision. You can find more details in the report.

More than 39,500 customers in more than 150 countries have chosen Palo Alto Networks to realize the benefits of a truly next-generation security platform, safeguard critical assets, and prevent known and unknown threats. To protect our customers and stay ahead of sophisticated cyberattackers, we maintain a steadfast commitment to innovation. We recently introduced several more disruptive capabilities:

  • Application Framework: With a SaaS-based consumption model, Palo Alto Networks Application Framework allows customers to use new apps to solve the most challenging security use cases with the best technology available, without the cost and operational burden of deploying new infrastructure.
  • GlobalProtect cloud serviceGlobalProtect cloud service eases your next-generation firewall and GlobalProtect deployment by leveraging cloud-based security infrastructure operated by Palo Alto Networks.
  • Logging Service: Palo Alto Networks Logging Service is a cloud-based offering for context-rich, enhanced network logs generated by our security offerings, including those of our next-generation firewalls and GlobalProtect cloud service.

Source: https://researchcenter.paloaltonetworks.com/2017/07/palo-alto-networks-now-six-time-gartner-magic-quadrant-leader/

Author: 


  • 0

Secure Access in the Virtual Landscape

Category : Pulse Secure

Whether supporting “workstyle innovation” initiatives in Japan or supporting higher order compliance requirements for the financial sector, our mission to deliver Secure Access solutions for people, devices, things and services is improving the productivity of enterprises all over the world at an increasing rate. Central to our Secure Access mission is the core belief that “Security must be about ACCESS and NOT (just) about CONTROL”.

Our design goal priorities:

  1. Simpler and more integrated user experiences
  2. Designing for “inherently” mobile users and
  3. Supporting hybrid deployments

To date, the majority of our Secure Access deployments have been on industry standard appliances, known for high-performance, ease of maintenance and superior ROI.  I have the good fortune of meeting customers across the world to understand their needs and determine how Pulse Secure, and partner, solutions are ideally suited to deliver their success. Routinely, the following challenges and considerations emerge:

  • Access sprawl – different technologies and applications with custom access solutions leading to Security holes and administration overhead
  • Too many clients leading to management challenges – mobile, network access, remote access etc.
  • Complexity that leads to higher IT costs and a decrease in administrator productivity
  • The question of “how best to leverage cloud/hybrid deployments in a Secure manner”

Our exclusive focus on Secure Access and our more than 800 talented Pulsers have been, and are dedicated, to addressing each of the above – and emerging – customer needs. We have made rapid progress since our inception and our latest improvements are aimed at giving our customers more CHOICES by supporting virtual editions and cloud delivery options.

Our recently announced software releases present customers the opportunity to enable Secure Access for their changing data center, allowing them to:

  • Procure and deploy virtual editions of our industry leading Secure Access Solutions. We support a broad, and ever growing, range of virtual environments for the data center
  • Optionally deploy in various cloud environments. Customers and partners can procure from various cloud marketplaces, including Bring Your Own Licenses (BYOL) configurations
  • Flexibly procure virtual editions as subscriptions. This gives them the option of choosing between CapEx and OpEx deployments

We have ensured complete feature parity between our virtual, cloud and physical editions – an important consideration for deployment flexibility. Customers can mix and match physical,  virtual and cloud deployments as their Hybrid IT needs dictate and leverage common clients, licensing servers and management platforms to integrate their access solutions and enhance the productivity of their employees from any device and from any location, all while enjoying the flexible deployment and pricing options. Our Customer Success and Support offerings are all available with these new virtual and cloud editions.

Pulse Secure remains relentlessly focused on customer success. As we accelerate the Secure Access journey, supporting cloud and virtual deployment models and other emerging technologies, our core belief will always be the basis of Secure Access solutions, the belief that security must be about Access and NOT just control.

Source: https://blog.pulsesecure.net/secure-access-virtual-landscape/

Author: Sudhakar Ramakrishna


  • 0

Don’t Settle for “GOOD ENOUGH” Mobility

Category : Mobile Iron

Modern enterprises are rapidly shifting core business processes away from legacy technologies and standardizing on mobile devices and cloud services. As a result, these organizations are quickly outgrowing basic MDM capabilities and apps like email and calendar. Building a secure mobile and cloud architecture now requires a comprehensive approach to EMM to protect business apps and data running on any device, network, or cloud service.

The good news is, organizations don’t have to settle for “good enough” mobile management solutions that don’t scale to support rapidly changing mobile requirements. MobileIron is recognized leader in mobile and cloud security, and our comprehensive platform helps customers improve security, enable a more productive user experience, and scale to meet future mobile business requirements. In addition to being the enterprise choice for secure mobility, we rank in the top five for all categories of the Gartner Critical Capabilities for High-Security Mobility Management.


  • 0

Generating Compliance History Reports

Category : McAfee

When you’re managing a large environment with thousands of endpoints, assuring consistency can be a huge challenge. Imagine that you want every endpoint to be upgraded to a specific software version, for example. In many cases, you’re forced to rely on manual tracking, where errors and omissions are commonplace. And, if you want to demonstrate how you’re progressing towards that goal over time, you’re looking at a large manual effort to track which systems have been updated and when.

In my previous blogs, I talked about sometimes-overlooked features in McAfee ePolicy Orchestrator (ePO) that can make managing your endpoint environment a whole lot simpler. Now, I’m going to cover one more: using ePO to show compliance history over time.

Tracking Compliance

Out of the box, you can use ePO to see the percentage of your systems that comply with a given criteria, such as McAfee Endpoint Security (ENS) software version. You may already be using that feature. But what you might not realize is that, in addition to showing a snapshot of systems that do and don’t meet that criteria right now, you can also track compliance over time. Effectively, you can use ePO to set a starting point for your migration project, and then generate reports showing your day-to-day progress towards the project goal.

For example, say you want to migrate all endpoints to McAfee ENS 10.5 by the end of this quarter. And imagine that, right now, 50 percent of your endpoints are running that software version. By next week, 60 percent of endpoints may be in compliance. The following week, you may be up to 75 percent. With ePO compliance history reporting, you can generate hard numbers to track your progress towards 100 percent compliance for that migration.

Software migrations are just one example of when compliance reporting comes in handy. You could use the same reporting to track endpoint systems that have a specific set of McAfee endpoint tools or components installed. Or, you could use it to help enforce a rule that no system should be using antivirus definitions older than 10 days. If you have any compliance goal for the McAfee products and tools on your endpoints, and you can express it as a Boolean query, you can generate a graph showing your progress towards that goal and export it to an Excel spreadsheet.

Creating the Report

Generating a compliance history report in ePO involves three basic steps: creating a Boolean managed system query, creating a server task, and creating a compliance history query.

The first step, a Boolean managed system query, creates a pie chart to show which systems are compliant with your criteria and which are not. ePO features a wizard to take you through the process. To get started, click “Create new managed system query” in the Queries & Reports section of the main ePO dashboard. Select Boolean Pie Chart as the chart type, and click the “Configure Criteria” button. The properties listed here configure which attributes the query will check for compliance. So in our software migration example, if you want to see which systems are running ENS 10.5, you would add that as a compliance attribute. ePO will then show all systems that are not running software version 10.5 as non-compliant for the purposes of this query.

Using the same tool, you can also label the Boolean pie chart with your compliance criteria. And you can configure the Filters tool to exclude any systems that you don’t need to be in compliance for the purposes of your query. (So in the software migration example, you could decide that servers are out of scope for this update and exclude them from your query.)

Finally, save the Boolean Managed System Query. I’d recommend naming the report with “Compliance” in the query name for easier referencing later.

Configuring Server Tasks and Compliance Queries

The next step is to create a new server task. Go to Server Tasks in ePO and click “Create Server Task.” For simplicity’s sake, you may want to include “Compliance” in the server task’s name. For the Action field, select “Run Query.” In the Query field, select the Boolean Managed System Query you created in the previous step. In the Sub-Actions field, select, “Generate Compliance Event.” Then, set a schedule to run the server task once per day, or as often as you’d like to track. Remember: the goal here is not simply to see a snapshot of how many systems are in compliance, but to be able to track your progress towards full compliance over time. So you will want this server task to run on an ongoing basis.

For the final step, you create a new compliance history query. Go back to Queries & Reports in ePO and click “Create Compliance History Query.” For the chart type, select “Single-Line Chart.” Select “Day” for the Time Unit (unless you’ve chosen a different time interval for your server task to run). For the Line Values field, select “Average of,” and in the second field, select “Percent Compliant.” Save the chart. Then, in the filter section, add a filter for “Server Task Used to Generate Compliance Event” and assign it the Server Task that you just created.

View Progress Over Time

Illustrating compliance history over time can be extremely useful for anyone undertaking a large-scale software migration, or seeking to ensure that all systems’ McAfee components are configured consistently. But it can also be helpful for illustrating the progress of a given project to others.

If an executive wants to know how a software migration is progressing, for example, and you show them a point-in-time snapshot showing 70 percent compliance, they may want to know why 30 percent of systems are still running older software. With ePO compliance history reporting, you could demonstrate that just two weeks ago, 60 percent of systems were non-compliant, and you’ve cut that figure in half. It’s just one more way that ePO can make large-scale endpoint management easier.

 

Source: https://securingtomorrow.mcafee.com/business/generating-compliance-history-reports/#sf175360588

Author: Ted Pan

 


  • 0

DevOps in the Cloud: How Data Masking Helps Speed Development, Securely

Category : Imperva

Many articles have discussed the benefits of DevOps in the cloud. For example, the centralization of cloud computing provides DevOps automation with a standard platform for testing and development; the tight integration between DevOps tools and cloud platforms lowers the costassociated with on-prem DevOps automation technology; and cloud-based DevOps reduces the need to account for resources leveraged as it tracks the use of resources by data, application, etc. With all these benefits, cloud-based DevOps seems to provide more flexibility and scalability to organizations, allowing software developers to produce better applications and bring them to market faster.

However, moving the entire application testing, development, and production process to the cloud may cause security issues. In this post, we discuss the security issues associated with a fast-moving, cloud-based DevOps environment and ways to mitigate those issues without impacting speed to market.

Protect Data from Breaches

If the recent Uber data breach taught us anything, it’s that protection around production data disappears as soon as you make a copy of that data. In the case of the Uber breach, the hackers worked their way in via the software engineering side of the house. Software engineers then became compromised users as their login credentials were stolen, giving hackers access to an archive of sensitive rider and driver data (a copy of production data).

Get the Realistic Data You Need, When You Need It

As a developer, you may get frustrated with security restrictions placed around using production data for testing and development. But if you think about it for a moment, a data breach could cost you and the security folks their jobs when the finger of guilt points your way. Nonetheless, while it is important to prevent sensitive data from breach, it is also critical for companies to deliver software faster to the market and maintain high quality, especially when competitors are adopting cloud to increase the pace of software development. As a developer, your mission is to deliver quality code on time and in order to do so, you need realistic data to put your code through its paces. And yet it can be time consuming to get approvals from the security team and wait for DBAs to extract data from production databases.

Data Masking Removes Sensitive Information

The good news is there’s technology available to balance the needs from both ends. Data masking has proven to be the best practice in removing sensitive information while maintaining data utility. Data masking (or pseudonymization) has been referenced by Gartner (account required) and other industry analysts as required elements for data protection. This technology replaces sensitive data (access to which should be limited to a need-to-know basis) with fictional but realistic values to support DevOps in the cloud without putting sensitive data at risk. The masked data maintains referential integrity and is statistically and operationally accurate. For example, let’s say a data record shows that Terry Thompson is 52 years old and that his social security number (SSN) is 123-00-4567. After the data is masked, that record may then become John Smith whose SSN is 321-98-7654. The masked data retains the exact format of the original (real) data, maintaining the data richness that allows developers to do their jobs.

data masking example

Data masking replaces original data with fictitious, realistic data

Security and Productivity Go Hand in Hand

With data masking, companies don’t have to choose between security and productivity, which tends to be one of the most common dilemmas. Data masking ensures the data being used is anonymized and always protected—regardless of how it is being used, by whom, and how often it is copied. It’s the key for developers to embrace all the benefits associated with the cloud. Masking sensitive information in the cloud gives developers peace of mind when producing better applications and allows you to truly bring those apps to market faster without getting a red light from the security team. Better still, the finger of guilt can’t point in your direction in the event a hacker breaks in because you never had the data to begin with.

Watch our whiteboard video session to learn more about data masking and how it works

Source: https://www.imperva.com/blog/2017/12/devops-in-the-cloud-how-data-masking-helps-speed-development-securely/?utm_source=linkedIn&utm_medium=organic-social&utm_content=devops-data-masking&utm_campaign=2017-Q4-linkedin-awareness

Author: Sara Pan


  • 0

Gemalto eSIM technology enables Always Connected experience for new Microsoft Surface Pro with LTE Advanced

Category : Gemalto

Advanced integration of eSIM into Windows 10 delivers an enhanced user experience

Gemalto, the world leader in digital security, is supplying the eSIM (embedded SIM) solution for Microsoft’s Surface Pro with LTE Advanced, the most connected laptop in its class1 which will begin shipping to business customers in December 2017. Gemalto’s partnership with Microsoft enabled Surface to become the first fully integrated embedded SIM PC in the Windows​ ecosystem.

Gemalto’s advanced technology supports seamless activation of mobile subscriptions for users of the innovative Surface Pro with LTE Advanced. This smooth experience leverages Gemalto’s remote subscription managementsolution in conjunction with Windows 10. Surface customers expect their products to deliver advanced technology and with Gemalto’s eSIM solution, all possible connectivity options are available out-of-box, including the purchase of cellular data from the device itself.

 

Compliant with the GSMA Remote SIM Provisioning​specifications, Gemalto’s eSIM solution is fully integrated with Windows 10. This integration enables the Gemalto solution to have a complete servicing model so that patching and lifecycle management features are available as the technology and standards evolve over time. This capability extends the value promise of Surface as new experiences and capabilities will be available to today’s purchasers of the Surface Pro with LTE Advanced.

“The Surface Pro has redefined the laptop category,” said Paul Bischof, Director, Devices Program Management at Microsoft. “Gemalto’s eSIM solution is helping us to materialize our vision of an uncompromised customer experience.”

“Adoption of eSIM technology is growing rapidly. Mobile operators recognize the potential of seamless connectivity and increased convenience as a way of expanding their customer reach to additional devices” said Frédéric Vasnier, executive vice president Mobile Service and IoT for Gemalto. “We are at the beginning of a significant technology transformation and the Surface Pro with LTE Advanced represents the start.”

DISCLAIMERS:

  1. Comparison of supported bands and modem speed for Surface Pro with LTE Advanced vs. 12″ and 13″ LTE-enabled laptops and 2-in-1 computers. Service availability and performance subject to service provider’s network. Contact your service provider for details, compatibility, pricing and activation. See all specs and frequencies at surface.com.

Always Connected Service availability and performance subject to service provider’s network.  Contact your service provider for details, compatibility, pricing,​​​  and activation.  See all specs and frequencies at surface.com.

Source: https://www.gemalto.com/press/Pages/Gemalto-eSIM-technology-enables-Always-Connected-experience-for-new-Microsoft-Surface-Pro-with-LTE-Advanced.aspx


Support