Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all 12749 articles
Browse latest View live

Government strategy sets out Australia’s ‘digital future’

$
0
0

The Australian Government has unveiled a new strategy which it says is aimed at developing the country’s digital skills and ensuring the benefits of technology flow to all Australians.

Released on Wednesday, the strategy Australia’s Tech Future - details how the Government says Australians can work together to deliver a “strong, safe and inclusive economy, boosted by digital technology”.

The Minister for Industry, Science and Technology Karen Andrews says the strategy highlights the trillions of dollars in potential economic benefits as well as social opportunities that digital technologies such as artificial intelligence, blockchain, the Internet of Things and quantum computing will bring to benefit all Australians including farmers, teachers, patients and small business owners.

“Embracing digital technologies will ensure Australia can continue our strong record of 27 years of uninterrupted economic growth, improve our quality of life and ensure benefit to all Australians,” Minister Andrews said.

The Minister says the report examines 150 existing programs, policies and strategies that contribute to achieving the vision, and details how Australia can lead and shape the global digital economy.

“We are already well on the way - Australian businesses are improving productivity by adopting and adapting new technologies, such as autonomous systems, robotics and remote sensors.

“As new industries are created, for all sorts of new products and services, both for the Australian market and for the increasingly accessible global market, the Government will work to ensure the adoption of new technologies brings even more quality jobs for people of all qualifications, as well as improvements in quality of life, increased connectedness and consumer benefits. The Liberal National Government’s record on job creation speaks for itself over 300,000 jobs have been created over the last 12 months, most of which are full time.

“We need to maximise opportunities from digital technology across Australia and this report identifies key areas to focus on.

“First and foremost, the Government is focusing on people - getting digital skills and infrastructure right allows us to connect people and places, and to improve productivity, sustainability and adopt new technologies.”

The Liberal National Government is committed to providing Australians with access to government services that are simple, clear and fast. In this way, the report is complemented by the Digital Transformation Strategy.

The Minister says sectors that are particularly likely to benefit from digital development include agriculture, manufacturing, mining, services, tourism and small business.

“For the Australian community, this will also bring benefits to health, emergency services, education, transport and digital services.

“We are also making sure we have the right enabling environment by reviewing our regulatory systems and maintaining our cyber security, to ensure that Australia can not only meet its own security needs but can become a leading exporter of cyber security services.

“The Government will continue to work with stakeholders to drive change and assess Australia’s digital performance, including being involved in developing research infrastructure, data science, Smart Cities plans and space-based technologies.”

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll
be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

Sydney 29-30 November

Brisbane 3-4 December

Melbourne 6-7 December

Register now for YOW! Workshops

Sydney 27-28 November

Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

How does business security get breached?

What can it cost to get it wrong?

6 actionable tips

DOWNLOAD NOW!


Smart security camera maker Lighthouse AI shuts down

$
0
0

Smart security camera maker Lighthouse AI is calling it a day. The news, first reported by The Information , has since been confirmed by CEO Alex Teichman.

“I am incredibly proud of the groundbreaking work the Lighthouse team accomplished delivering useful and accessible intelligence for our homes via advanced AI and 3D sensing,” the executive writes on the company’s homepage. “Unfortunately, we did not achieve the commercial success we were looking for and will be shutting down operations in the near future.”

Teichman also promises the company will provide refund details to those customers who have already bought into the product.

Lighthouse’s offering certainly showed promise. Andy Rubin’s Playground Global was among those companies throwing their support behind the device, helping the startup raise ~$17 million, by Crunchbase’s count.

I was given a demo at Playground’s offices earlier this year and was impressed by its implementation of 3D sensing and artificial intelligence to get a much more focused picture of what the device is recording. From Greg’sinitial writeup:

One aspect of Lighthouse that’s particularly unique is in how you’re meant to peruse your footage; it’s aiming to be less of a security camera and more of an assistant. Rather than scrubbing a timeline, you ask the in-app natural language processing system (think Google Assistant or Alexa, but it only cares about what’s going on in your house) for what you want. You ask it things like “Did the dog walker come on Wednesday?”, or “When did the kids get home yesterday?” and it responds with relevant footage.

Of course, some things just can’t be overcome. An overcrowded market is one. The space is flooded with products, while being mostly dominated by Netgear spin-off, Arlo. And then there was the $300 price tag. That’s well out of the range of much of the competition.

Teichman ends the write-up on a hopeful note, however, “We remain strong believers in a future with AI at your service, and look forward to inventing that future with you.” Perhaps we’ll see the company’s impressive technology implemented on another smart camera in the future?

We’ve reached out to Playground for additional comment.

Kaspersky Lab: Middle East, Turkey and Africa Region Records 4-Fold Increase in ...

$
0
0

In 2018, Kaspersky Lab recorded a 4-fold increase in cryptomining attacks in the Middle East, Turkey and Africa (META) region from 3.5 million in 2017 to 13 million this year, the firm said on December 14.

The increase in cryptomining attacks in META comes at a time when digital threats and cybercriminal activities in the region are on the rise. Banking malware attacks reached almost half a million, or a 17% increase, in 2018, according to the KSN statistics by Kaspersky Lab.

“The META region is becoming more appealing to cybercriminals, with financial and malicious cryptomining attacks taking center stage,” Fabio Assolini, senior security researcher at Kaspersky Lab, said in a statement.

“We discovered six new ATM malware families in 2018. On the other hand, illegal mining of cryptocurrencies has increased dramatically to overtake the main threat of the last few years: ransomware. We believe the reason behind this is that mining is silent and cause less impact that ransomware, making it less noticeable.”

2018 saw the global outbreak in malicious cryptocurrency mining, with the number of attacks increasing by more than 83%, with over five million users attacked online in the first three quarters of 2018, compared to 2.7 million over the same period in 2017, according Kaspersky Lab.

As themalicious use of cryptocurrency miners rose this year, ransomware attacks on the other hand decreased as attackers changed strategies, opting instead to perform discreet mining on infected devices rather than demand a ransom and attract attention.

In a report released last month, Kaspersky Lab researchers highlighted that the malicious use of cryptocurrency miners peaked in March with more than 1,169,000 attacks, before decreasing steadily as general interest in cryptocurrencies waned and prices declined.


Kaspersky Lab: Middle East, Turkey and Africa Region Records 4-Fold Increase in  ...
Cryptomining attacks in 2018, November 2018, Kaspersky Lab

Hidden mining software was very popular among botnet owners, the research found. It also revealed that miners mainly infected devices by luring users into installing pirated software and unlicensed content.

“Our analysis of the economic background of malicious cryptomining and the reasons for its widespread presence in certain regions revealed a clear correlation,” said Evgeny Lopatin, security expert at Kaspersky Lab.

“The easier it is to distribute unlicensed software, the more incidents of malicious cryptominer activities were detected. In short, an activity not generally perceived as especially dangerous, the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year malicious cryptomining.”

A cryptomining malware takes over a computer’s resources and use them for cryptocurrency mining without a user’s explicit permission. Cryptominers usually find their way onto user computers and corporate machines along with adware, hacked games, and other pirated content.

Unlike ransomware programs, which are noticeable right away, it might be quite a while before a victim of a cryptominer notices that 70 80% of their CPU or graphics card power is being used to generate cryptocurrencies.

According to separate Kaspersky Lab report, a single cryptocurrency mining botnet can net cybercriminals more than US$30,000 per month.

The most common cryptocurrency among all illegally mined cryptocurrencies is Monero (XMR), primarily due to its anonymous algorithm, relatively high market value, and ease of sale. Palo Alto Networks estimates that a total of US$175 million worth of Monero has been mined illegally, representing around 5% of all Monero currently in circulation.

Freeview launches ‘world first’ online TV platform

$
0
0

Free-to-air (FTA) industry body Freeview is claiming a world first with the launch of a new online television platform where viewers can stream live TV or use it for on demand content needs.

Described as a major milestone for Freeview, the company says FV allows Australian viewers to access live streaming and available Broadcast Video-on-Demand (BVOD) content from FTA networks through one single web platform on their MAC or PC.

“FV on the web rounds out the suite of Freeview viewing products available in Australia, including Freeview Plus for smart TVs and the Freeview FV app available at the Apple App Store and Google Play,” Freeview said on Wednesday.

The new FV for Web is available across current browsers and, in addition to live streaming and BVOD, the “simple-to-use platform” makes viewing more accessible than ever, with features including:

- Content discovery across FTA channels and BVOD

- A TV guide for all FTA channels

- Easy access to your favourite shows

- Program recommendations

Freeview CEO Liz Ross says the addition of the new FV website gives Australians more access to free TV content through more platforms than any other country in the world.

“Now more than ever, people want ease and simplicity when it comes to their TV viewing. With FV on the web now joining the Freeview family, viewers can experience more ways to watch FTA content wherever they choose, across all devices.

“The launch of our FV product on the web is exciting, and Freeview continues to push the boundaries of FTA, constantly evolving our accessible multi-platform experience.”

FV on the web provides access to live-streaming and catch up content from more than 20 FTA channels including: ABC, SBS, Seven, Channel 9, 10, 10 Bold, 10 Peach, ABC COMEDY/ABC KIDS, ABC ME, ABC NEWS, SBS Viceland, SBS Food, NITV, 7TWO, 7Mate, 7food network, 7Flix, Racing.com, 9Gem, 9Go! ,9Life, Extra and TVSN.

Freeview says more live channels will be added as they become available.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll
be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

Sydney 29-30 November

Brisbane 3-4 December

Melbourne 6-7 December

Register now for YOW! Workshops

Sydney 27-28 November

Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

How does business security get breached?

What can it cost to get it wrong?

6 actionable tips

DOWNLOAD NOW!

数据安全治理――教育2.0时代的守护

$
0
0

摘要: 随着教育信息化进入2.0时代,信息安全成为信息化建设的关键领域。 为进一步贯彻落实《中华人民共和国网络安全法》、《网络产品和服务安全审查办法》等文件精神,提高网络产品和服务安全可控水平,防范网络安全风险,中国信息协会在京发起了“2018安全可控技术应用推进大...

随着教育信息化进入2.0时代,信息安全成为信息化建设的关键领域。


数据安全治理――教育2.0时代的守护

为进一步贯彻落实《中华人民共和国网络安全法》、《网络产品和服务安全审查办法》等文件精神,提高网络产品和服务安全可控水平,防范网络安全风险,中国信息协会在京发起了“2018安全可控技术应用推进大会”,汇聚企业的力量,从政策、技术、方案、实践等视角共同探讨组织的安全建设。

年度优秀方案和应用实践推优成果在本次大会公布,安华金和落地教育部安全建设的《教育部数据安全治理实践》案例荣获优秀解决方案奖。


数据安全治理――教育2.0时代的守护

“教育部数据安全治理实践”案例是安华金和将数据安全治理技术路线落地到部委级项目的一次有益尝试,也是安华金和将专业的安全产品与服务融入数据安全治理理念,以体系化解决方案赋能组织数据安全建设的成果交付。我们将这个实践案例做个简单的回顾:

1、教育部业务种类众多,信息化系统涉及数百个应用系统和数据库做支撑。对存在海量数据资产的教育部来说,如何发现有价值数据,做到全量盘点和梳理,对敏感数据使用情况管理来说尤为重要。

2、当前教育部信息安全主要的防护已经建立起了相对完善的网络安全层面的防护体系。为了健全安全体系建设,需要进一步建立起深入数据库层面的数据安全防护体系,把信息安全防护的重心向数据安全转移。

安华金和的方案是使用数据安全治理框架来解决组织数据安全问题,通过对数据分级分类、数据使用状况梳理、访问控制及定期稽核来实现数据的使用安全。


数据安全治理――教育2.0时代的守护

考虑到教育部数据安全建设规划紧迫程度、难易程度,数据安全治理计划分成两期目标逐步建设,最终实现教育部的数据安全治理目标。第一期目标是完成数据安全治理体系的数据资产摸底、数据使用管控的存储环节安全。

第一步:数据梳理。针对教育部的数据资产以及敏感数据加以梳理和定位,并从教育部海量数据资产中,梳理数据资产的分布、发现有价值的数据、敏感数据,理清数据资产使用情况,数据量级、访问权限,敏感数据权限等内容。

在教育部数据安全治理实践过程中,采用了数据资产梳理产品,通过动静态结合的梳理方式,帮助教育部摸清自身资产和数据情况,掌握需要重点关注的敏感数据,为实行针对性的管控策略打下基础。同时,安华金和还理清了教育部数据库的用户、角色、系统权限、敏感数据的权限、应用所访问对象权限信息等。

第二步:数据访问管控。安华金和基于教育部系统部署、数据量更新、业务系统使用习惯、数据备份流程等情况,完成系统评估,选择Oracle TDE加密技术,预防因明文存储引起的数据内部泄密、高权限用户数据窃取,保障教育部数据存储的绝对安全性。而数据访问、运维、外发、测试等场景下的安全性计划也会在项目各个规划阶段逐步完成。

Oracle TDE加密技术的优势在于:①国密算法;②满足教育部庞大数据量的加密速度要求;③不会改变现有业务系统操作习惯,应用系统无需改造,即可实现透明加解密;④加密速度不影响系统正常运行,部署加密产品后不影响应用系统日常查询等。


数据安全治理――教育2.0时代的守护

整个加密过程基于数据块层面的底层加密实现,突破传统数据库安全加固产品的技术瓶颈,真正实现数据高效访问,适合数据规模大、密文数据存在复杂查询和统计分析、性能要求高的复杂场景。OLTP场景下教育部教师网的性能损耗低于7%。

教育部数据安全治理过程为教育行业重要数据保护和隐私保护改革提供示范经验,并带动了各地教育单位数据安全的建设和发展,为教育2.0时代保驾护航。

相关文章 数据安全治理中的数据资产梳理技术 数据安全治理的技术支撑框架 数据安全治理的技术挑战 数据安全治理中的定期稽核策略 数据安全治理中的数据分级分类建议


数据安全治理――教育2.0时代的守护

Security Think Tank: Align security strategy to business objectives

$
0
0
One thing predicted for 2018 that did not happen

The EU’s General Data Protection Regulation (GDPR) compliance deadline of 25 May 2018 did not cause the end of humanity as predicted. What should have happened is that organisations would embrace changes to data protection brought in by the GDPR and take the time to reconnect with their information assets, truly understanding their purpose and value.

One thing that happened in 2018 that was not predicted

It was not predicted that December would see news of some of the biggest data breaches, with lost records this month alone in the hundreds of millions. Is there anything left to lose? Also, who could have predicted that the Financial Conduct Authority (FCA) would get involved in a data protection issue, or that the Information Commissioner’s Office (ICO) would use non-data protection legislation (Computer Misuse Act) to secure a conviction .

One thing that should happen in 2019 but probably will not

Businesses in 2019 should align security strategy to business objectives, destroy the security silos, embrace neuro diversity , make security risk a business risk, take the talking spoon off the techies, reconnect with the information, reprogram thinking to respect and value their staff, fully understand the concept of defence in depth protecting information appropriately, build technical security solutions that are contextual and user supportive, write policies that are outcome-based instead of rule-based, introduce decent role-based, culture-enhancing education, and stop getting breached.

CW Security Think Tank contributors’ wish list for 2019 Prioritise multifactor authentication in 2019. Let’s get back to basics in 2019.

曾梦想仗剑走天涯,却因成为安全工程师而实现了

$
0
0

诗酒趁年华,

仗剑走天涯。

有了剑,才能有诗和远方。

――许巍《曾经的你》

剑是什么?是努力,是成长,是见识,是格局,是颇丰的收入,拥有这些、身体和灵魂总有一个在路上。

年少轻狂的我们,有一颗躁动不安的心,想看看世界的繁华,却因钱包那么小,哪也去不了。当你的钱包撑不起四海流浪的野心时,就是你应该停下来努力的时候。

有这么一群人,他们是大三大四的学生,是从业1-3年的工作者,是网络安全爱好者,是计算机/信息安全等相关专业的专科生、本科生、甚至研究生,他们经过重重筛选,通过谷安三轮(基础+技术+综合)测试,成功进入谷安网络安全就业班。


曾梦想仗剑走天涯,却因成为安全工程师而实现了

他们最高年薪18万,平均年薪12万,当同龄人月薪4000时,他们月薪已经10000了。三个月的时间让他们从对职业的向往变成了现实,成为了安全服务工程师、安全运维工程师、渗透测试工程师、售前支持经理、安全分析工程师等。


曾梦想仗剑走天涯,却因成为安全工程师而实现了

@刘**:谷安网络安全就业班三个月培训结束顺利工作,整体感受不亏。在没来之前我对培训班的看法就是会有门路而不是一个学东西的地方,然而我错了,因为我学到了非常多的东西。三个月的时间其实很短,但是学习的效率非常的高,不但是因为学习的氛围与压力等原因,老师给的方向也很明确。我是信息安全专业出身的,非常明白高校对信息安全专业教育上的不足,而就业班恰好就是一个与企业接轨的一个非常好的平台,在全国范围里谷安就业班可以说是数一数二了。当然谷安网络安全就业班也不能说是完美,因为步入了就业班就会发现需要学习的东西越来越多而培训的时间非常短暂。但这也是一件好事,说明了就业班已经把我领进门了,我已经可以自己确定学习的方向与需要学习的内容。值!

@黄**:来到谷安网络安全就业班其实是一个意外。同学报了名,想拉个伴,然后我就跟着做了三轮测试。第一轮基础摸底好多都不会,勉强拿了个50分,也是很绝望。第二轮视频面试,双方了解很多,还算顺利。第三轮是技术的电话面试,这个更紧张了,问了很多东西都不会,挂了电话我觉得我应该是凉了。还好等待了几天,有幸通过了综合评估,收到了培训邀请函和开班时间。开班前的半个月,恶补linux的基础,争取能跟得上就业班的课程。开班前一天才到的北京,记得那天天气格外的炎热。也有总对陌生环境的恐惧吧,头天晚上就开了两个小时的班会,相互认识,相互熟悉,为了求学来自全国各地。第二天的开学典礼也是比较正式,接着就是实打实的开始学习了,头天就开始搭建Linux服务,很是愁,完全不知如何下手,因为大学所学的东西都偏理论,实际操作比较少。然后天哥,我们的教学负责人,给我说,得学会使用百度,在网上找到我们想要的东西,这是很重要的一个能力。然后就跟着天哥的建议,跟着网上的文档慢慢的自己敲键盘,写出每条命令。并做好笔记,慢慢的积累,到最后是一份很大的财富。刚开始的日子是很苦的,不过我们都一起熬过来了,到后面可以很快的定位错误,很快的搭建出想要的服务。接着我们还学习了Pyhon,javascript等一些语言,学会写一些爬虫。还有渗透测试方面的东西,以及IT审计、等级保护等一些规范。

让我们在最短的时间里全方面的接触到网络安全方面的东西,提前培养我们今后工作中所需要的技能。最后一周的时间,就业班尹姐会给我们讲面试礼仪,以及着装等需要注意的地方,明确了大家职业方向,清晰了解自己的优劣势,能让我们顺利的通过面试,能够进入想要进的企业。现在的我进了一直想进的企业,很满意。也很感谢谷安网络安全就业班,感谢那里的每个人,感谢那时坚持学习到1点的自己,为自己骄傲。

@何**:在谷安就业班的三个月,学习知识是永远没有改变的坚定信念,大家心里都有那么一个目标,但都不是很有把握。幸运的是在老师一次次的授课后,我们的信心逐渐的聚集起来。特别是和同学们一起讨论各种技术问题时,那种沉浸其中的感觉甚至忘掉了时间。Gooann带给我的学习氛围是从未有过的,每一个人都在这条路上努力,没有人知道自己的今后的样子,但无论如何这些都是我们正想做的事!

@王**:来谷安就业班之前,我对信息安全行业仅仅是向往,在触碰门槛的边缘。在我心中,一直缺乏体系化的系统学习,谷安三个月课程的安排,非常系统的讲述了信息安全的各个方面,让我们对信息安全行业有了全面的了解。同期班同学,同甘苦,共患难,交流学习,一起生活,共同进步,彼此坚信,我们一定会成为信息安全行业的一颗颗新星。谷安三个月,学习了技术,交到了朋友,找到了工作,我非常感谢谷安,在我心中这不仅仅是一个培训班,而是一个温暖的大家庭。

@何**:非常高兴,从谷安天下毕业并且找到自己喜欢的工作,刚到谷安时自己的基础知识并不扎实,在谷安天下的培训中对整个信息安全有了一个系统的了解并且提高了自己的专业技能,在这里我看到了大家那种对知识的渴望。三个月的就业班培训,让我从一个信息安全爱好者变成了一个信息安全从业者,这是我以前想都不敢想的。在专业技能方面,不管是运维还是网络攻防技术,还有安全管理技术,老师都讲得很系统很细致。让我在双选会上如鱼得水,收获12家企业的就职意向书,这不仅是我就业生涯的转折点,更是我人生的转折点,非常感谢当初尹老师给了我这个机会能让我来谷安天下就业班学习,成为真正的安全从业人员。

很多人说,同学之间的差距在毕业五年后、十年后才发生。其实,差距在大三大四的时候已经发生了。

在你的同学中,有人大三大四在做家教,有人找各种时间做校园代理小兼职、赚外快补贴学费生活费,有人沉浸于美好的恋爱中,有人三点一线的虚度大学时光,有人专心准备考研,有人却在这个时间提升自己的实战技能、渡过毕业即失业的劫,成功收获十几万年薪,碾压一切同学!有的同学还在日常点赞集赞刷朋友圈和微博。差别对比立见分晓!想年薪突破10万,欢迎加入谷安网络安全就业班第七期,不妨先来测试看看自己的基础在哪个层级!

谷安网络安全就业班承诺,保障一线城市就业年薪10万起,二线城市就业年薪8万起,不就业退还学费,入学有门槛,成功通过谷安三轮测试方可参加培训。想知道自己适不适合学习,能不能顺利进入网络安全就业班培训,测评结果说了算。

扫码回复暗号进行“基础测试”
曾梦想仗剑走天涯,却因成为安全工程师而实现了

Kyle: My favorite articles of 2018 (Notice the security theme!)

$
0
0

I joined BrianMadden.com nearly halfway through this year. It’s been an eye-opening and brain-stuffing experience as I get up to speed on the EUC industry that many people have lived and breathed for years. As Jack loves to mention, my first week on the job involved flying down to Anaheim and covering Citrix Synergy . I’ve got a decent handle on the mobility and security aspects, but hope to grow my knowledge base in areas where I’m still lacking in 2019.

I’ve already written over 50 articles in my seven months here. To bring this year to a close, here are my favorite articles that I wrote in 2018.

Articles covering vendors

Speaking with the vendors and digging deeper into their new products to provide in-depth articles has been an interesting experience. It allows me the chance to familiarize myself with the existing products to understand whether the new product or update is worth anyone caring. Some of these involved simple phone call interviews, while others articles provided me a chance to visit vendor offices.

One of the first deep dives I did was around theCitrix Workspace Hub, which largely hit general availability this year. I jumped on calls with Gunnar Berger and Dane Young to ensure I came away with a thorough understanding. I also learned about Citrix’s past love of innovative ideas that don’t always make it to market. This article also marked the first time something I wrote made someone mad enough to email us!

Another thing I enjoyed was when Jack and I took a trip down to Palo Alto before Thanksgiving where we got to learn more about VMware’s latest EUC products and features. It was a full day of meetings that allowed us to ask about Mobile Flows functionality and the newer Workspace ONE Intelligent Hub . Additionally, we got more information around the brand-newDell provisioning for Workspace ONE that uncovered some interesting aspects of this product few outside VMware likely knew about: no-touch restore and always up to date.

Other vendor-specific articles that I enjoyed researching and writing includemeeting SimpleMDM, a smaller Apple MDM vendor, and covering Ping Identity at Identify 2018 , their regional customer event.

Security-focused articles

Coming to work at BrianMadden.com was essentially my introduction to the EUC industry . With Jack being experienced in EMM and desktop virtualization, I was able to turn my focus to some deeper security and mobility topics, with the former already an interest of mine (granted from a largely consumer focus before).

I started out by researching and writing articles around security issues that caught Jack’s eyes in the past, but that he hadn’t yet found the time to look into (he was on his own for five months!). This started with digital voice assistants, relevant as Google, Amazon, and others work to gain enterprise acceptance. Data loss prevention is a big issue and we wanted to learn how difficult it is to for IT to manage each voice assistant, starting withAlexa for Business andcontinuing with Siri.

From there, I looked into how safeChrome extensions and otherbrowser extensions were since they kept popping up in the news as more extensions were found to either be outright malicious or collecting user data.

Data breaches remain frustratingly common, with news of Quora and Marriott breaches coming to light in just the past month with hundreds of millions of users affected. In August, I took a look at how users and organizations can more easily discover if their passwords have been compromised with Troy Hunt’sPwned Passwords API. In the same article, I also looked at the 2017 NIST password regulations, which we feel could improve user experience, while simultaneously securing identity more effectively.

In the more recent months, Jack and I have been researching the mobile security landscape. This started with how we should break down mobile security statistics and what mobile malware really is . Due to the different ways security vendors define “malware,” MitM attacks, and more, I started speaking with individual security vendors in an effort to learn about mobile security threats.

I started out with an article showing off publicly available data fromGoogle and Lookout, which include data from both consumer and enterprise customers. More recently, I got to visit Wandera (praise be the centrally located TechTarget office) and speak with VP of product Michael Covington about corporate mobile security , which provided a locked-down, business-only view of mobile security.

Expect more mobile security articles in the near future; already have several other vendors I’m going to speak with on their available data.

Mini-hardware reviews

As Jack likes to say, “We’re a blog, we can write about what we want,” so occasionally we tried our hands at offering a review of hardware, most often devices we could acquire cheaply or already owned. When Jack was working on his Samsung Tab S4 review , he threatened to take away my laptop and force me to work on the Tab for a week―thankfully he didn’t make good on this particular threat.

The first review I did was onYubico’s Yubikey NEO, which tied into our security and identity conversation at the time as more companies started looking at adding multi-factor authentication. Google would even go on to announce their own branded key, theTitan Security Key, at Cloud NEXT.

The other review I wrote covered my newly purchased iPhone and Apple Watch . Wasn’t about to say no to an opportunity to play with my new tech toys (especially since I was new to the Apple Watch) for work!

Onward to 2019

I feel like I’ve got off to a good start at BrianMadden.com and hope you’re enjoying my articles, too. I look forward to what 2019 brings and hope you’ll stick around for our continued coverage of EUC and opinions.


Stop printing your personal photos via online websites

$
0
0

There are plenty of online shops which offer to print your photos, visiting cards and t-shirts. But do they protect the photos or personal information you share with them? We will find out.

We discovered a security vulnerability in Inkmonk.com (India’s first print marketplace) which leaks all the photos you have uploaded, via a simple API:


Stop printing your personal photos via online websites
Vulnerable API

The ids used in the above API is serially iterable and the response looks like this:


Stop printing your personal photos via online websites
API response

And if you click on one of the URLs in the above response, you will see the pictures uploaded by the users of the website. They do not require any kind of authentication at all. Some examples below:


Stop printing your personal photos via online websites

This security bug was reported to the InkMonk on 19th November, 2017. They acknowledged the existence of the issue and promised a fix in coming days. They even sent goodies for finding the issue.

I contacted them again after a month saying that it is still vulnerable but got no response. Even after a year and a month being passed as of writing this (19th December, 2018) and it is still not fixed.

Sadly, security vulnerabilities take back seat amongst other aspects of running a company.

Key Takeaway

For now, stop uploading your personal photos and personal information like visiting cards online if you care about your privacy.

To technology companies, please prioritize security of your users above everything else.

2018年高薪专业排名,信息安全居榜首

$
0
0

根据《2018应届生专业背景与行业选择新趋势报告》显示,2018 应届生平均招聘薪资 5183 元;理工科出身求职者平均期望薪资 9177 元,较文科人才高16%;一万元成为文科人才月薪增长瓶颈点。在专业选择方面, 2018 年毕业生TOP15 高薪专业中, 信息安全排在第一 ,软件工程第二,计算机科学与技术第三。据分析,选择对口的行业和岗位仍然是主流,其中产品类岗位从业者学科背景最为均衡。


2018年高薪专业排名,信息安全居榜首

在行业趋势方面,从 2018 年第二季度十大行业人才新引力指数来看,互联网行业吸引力最高,其次是文化娱乐行业。


2018年高薪专业排名,信息安全居榜首

在信息安全如此捞金的行业里,如何提高职场的竞争力呢?没有一种技能,没有学历证书,就算你说破天没用,你想从事的工作就必须得到证书,证书就像敲门砖,是畅行无阻在职场遨游的钥匙,也是和你的薪资息息相关,也是价值体现的基石。Security+认证在国际上影响力很大,和CISSP一样同属国际十大认证之一。目前拿到Seurity+认证的专业人员遍布全球 147 个国家/地区,受到了全球的广泛认可。

美国国防部高度重视 Security + 认证,因此将其纳8570.01-M 指令。中国各大企业也逐渐开始高度重视Security + 认证,并逐渐开始培养Security +人才,持有Security +证书人才的职业发展前景无限好。 Security+认证,是对你网络安全、应用/数据/主机安全,访问控制、身份管理、以及加密等基础技术能力的证明。

随着近几年出现的各种勒索事件,网络安全问题已经刻不容缓。目前安全行业技术人才匮乏,最受认可的信息安全认证,如CISP和CISSP,内容层面都更偏向信息安全管理的。而技术知识讲的较为宽泛,考试内容点的分布上也是一带而过。同时,CISSP还要求取证人员具有5年以上信息安全行业的工作经验,CISP也有大专学历也有4年以上的类似要求。这些要求,无疑会给那些有技术能力的年轻人的持证之路造成困扰。

众所周知,无论是找工作还是升职加薪,或是投标报人员,其员工的认证都是非常重要的。由于Security+偏重信息安全技术,所以对从业年限没有特别的要求。它的出现能够部分程度减轻“从业年限”对这些年轻人职业发展的约束。

目前,国内的信息安全相关的权威认证基本上都是针对具备数年工作经验从业者,偏理论、偏框架、偏指导性,缺乏一个基础级的,偏操作的、实用性的,且含金量较高的安全认证,Security+的出现填补了这一方面的空缺。无论是毕业生,还是没有经过正统安全教育的小白帽,甚至是信息安全管理岗位的资深人士和非安全岗位的运维及开发人员,Security+都不失为一门优秀的安全技术实操类培训。迄今为止,Security+在全球147个国家受到广泛认可,国内包括北上广深等50多个大中型城市均设有考点。诚邀您参见Security+认证免费公开课,时间12月26日晚上7点,了解更多可以联系牛油果,祝您成为国际信息安全专业人才!

The Top 5 Third-Party Cyber Gaps of 2018

$
0
0

As the end of the year approaches, we at Panorays wanted to share what we found to be the top five cyber gaps affecting third-party vendors in 2018.

The Fab Five

Panorays has the unique ability to evaluate the cyber posture of a large number of third parties from numerous industries over long periods of time. In our evaluation of over 2,000 suppliers, we extracted the findings that appeared in a large percentage of the companies and omitted obvious low-risk findings that recur in all companies (e.g. HTTP headers). We focused on the top five cyber gaps that may have a real effect on the resilience of the vendors, and thus the organizations themselves.

And now for the list!


The Top 5 Third-Party Cyber Gaps of 2018
5. Open port with high risk service

Despite the frequent news of breaches originating from publicly accessible databases (Mongo, Elastic), we identified 13% of the vendors as having high-risk services open to the world. Not surprisingly, the “Computer Software” industry leads the pack with 19%. This can be attributed to the heavy adoption of new technologies and a growth-over-security mindset.


The Top 5 Third-Party Cyber Gaps of 2018
4. Not using HTTPS for significant web assets

You don’t see many critical sites that still allow unencrypted HTTP traffic, but apparently there are still sites that don’t support HTTPS at all. In fact, 13% of the vendors had significant web assets; for example, sites with login forms, with no possibility for HTTPS. The insurance industry has a much higher percentage of 26%. This could be because these companies maintain older assets that haven’t been brought up-to-date with security standards.


The Top 5 Third-Party Cyber Gaps of 2018
3. Significant web assets not protected by Web Application Firewall

Websites and apps are targeted by a wide range of attacks―from scraping and DDoS to injections and cross-site scripting. Web Application Firewalls (WAF) have become a must-have for basic protection. The high price, complexity and intrusiveness of WAF can explain why 32% of vendors choose to try their luck without it.


The Top 5 Third-Party Cyber Gaps of 2018
2. Untrusted certificate for significant web assets

Companies leave around assets with untrusted certificates like socks on the living room floor. These could be self-signed, expired or invalid certificates. The fact is they are not performing their authentication duties. Over 80% of vendors have assets with untrusted certificates, meaning they don’t see this as a high priority issue―probably because these are unused or unofficial assets. However, often these are the entry points hackers are looking for: unmonitored and unpatched servers inside the organizational network.


The Top 5 Third-Party Cyber Gaps of 2018
1. Unpatched technology with known high severity vulnerabilities

We finally reached the most common cyber gap in third parties for 2018: unpatched technologies. Not only are these products outdated, but their used versions have known vulnerabilities and exploits available for all.

On the other hand, anyone who had to manage patching in a production environment can understand why 92% of the companies are affected by technologies with known high severity vulnerabilities.

This is also an opportunity to give a negative shout-out to the telecommunications industry, which performed below average in all five cyber gaps. Let’s hope they do better next year.

Conclusion

While these are the most common cyber gaps we discovered, many more exist. Improving third parties’ cyber posture requires identifying attack surfaces, continuous monitoring and staying updated about industry best practices. An effectivethird-party management solution that implements these processes can make all the difference.

We look forward to a more secure 2019!

ThreatX Strengthens Executive Team with Addition of David Roshak as CFO and Mike ...

$
0
0
Cybersecurity Industry Veterans Join SaaS-Based Web Application
Firewall Provider To Capitalize on Revolutionary Shift in Web
Application Protection

DENVER (BUSINESS WIRE) lt;a href=”https://twitter.com/hashtag/WAF?src=hash” target=”_blank”gt;#WAFlt;/agt; ThreatX, the leading provider of SaaS-based web application firewall

(WAF) solutions, today announced that cybersecurity industry veterans

David Roshak and Mike Reagan have joined its executive team as CFO and

COO, respectively. The appointments are the latest in a series of moves

demonstrating the company’s unparalleled combination of innovative

technology and industry expertise that makes it the ideal solution to

today’s complex web application security challenges.


ThreatX Strengthens Executive Team with Addition of David Roshak as CFO and Mike ...

The WAF industry is undergoing a rapid shift to cloud-based solutions,

with major analyst firms predicting that more than 70 percent of WAF

deployments will be delivered as a cloud service or virtual appliance by

2020. Analyst firms also predict 2020 will see over half of all

public-facing web applications protected by cloud-based WAF platforms,

combining CDN, DDoS protection, and bot mitigation. ThreatX offers these

capabilities via a single solution, providing a behavior-based

application security approach that unlike other next-gen WAF’s, provides

complete visibility, reduces false positives, and prevents legitimate

traffic from being blocked.

The appointment of Roshak and Reagan positions ThreatX to build upon its

strong growth foundation and capitalize on the market shift to

cloud-based security solutions. A seasoned technology veteran with more

than 20 years of leadership experience, Roshak joins ThreatX from Optiv,

which was created in 2015 as a result of the Accuvant and FishNet

Security merger. With a strong financial, operational and channel

background and experience helping organizations seize market

opportunities, Roshak will play a pivotal role in ThreatX’s next phase

of growth.

A 30+ year industry veteran, Reagan comes to the company from leading

SIEM provider LogRhythm where he played a pivotal role in growing the

business from <$1M to over $150M in annual sales. Reagan has held

executive management roles in sales, marketing, business development,

and channel and product management and will lead the company’s strategy

development and drive the customer experience.

The new hires will work closely with ThreatX’s co-founder and CEO, Bret

Settle, and the rest of the executive team to build on the company’s

momentum as more organizations shift applications to the cloud and look

for accurate, adaptable, and easily deployable security solutions to

meet their needs.

Quotes

“The market is undergoing a rapid and fundamental

shift, and we’re helping more and more companies to securely migrate

their application architectures to the cloud. Bringing David and Mike on

board allows us to ramp up these efforts and tap their wealth of

industry knowledge to accelerate ThreatX’s growth and WAF market

leadership.”

Bret Settle, Co-Founder and CEO, ThreatX

“As enterprises continue to connect applications and migrate them to the

cloud, they must also focus on securing a large attack surface from a

continually advancing threat landscape. ThreatX has amazing momentum and

its behavior and risk-based web application firewall will fundamentally

transform how enterprises deploy and protect their web and cloud

applications from malicious threats. I am looking forward to helping the

company further capitalize on this opportunity and continue its rapid

growth.”

David Roshak, CFO, ThreatX

“ThreatX’s attacker centric, SaaS-based WAF is setting a new standard

for website and application protection. The company’s unique solution is

empowering enterprises around the globe to address the increasingly

sophisticated threat landscape and the simultaneous shortage of

cybersecurity professionals. I’m thrilled to be joining this team of

highly skilled and passionate security experts and establishing ThreatX

as a leader in this billion dollar market experiencing double-digit

growth.”

Mike Reagan, COO, ThreatX

About ThreatX

ThreatX is the only SaaS-based web application

firewall (WAF) solution that enables enterprises to confidently secure

all their web applications against a rapidly evolving threat landscape.

Purpose built for the hybrid-cloud, ThreatX delivers complete visibility

and the most precise threat detection and neutralization capabilities

available by combining progressive behavior profiling, collective threat

intelligence, and deep analytics with a managed service. ThreatX

eliminates the false positives and maintenance burdens associated with

1st generation WAFs and static, rule-based solutions.

Contacts

For ThreatX

Claire Rowberry, 617-785-5571

claire@clearcommsc.com
ThreatX Strengthens Executive Team with Addition of David Roshak as CFO and Mike ...
Do you think you can beat this Sweet post? If so, you may have what it takes to become a Sweetcode contributor...Learn More.

IPSec Over Palo Alto FW Static NAT

$
0
0

I spent about 2 hours on the following scenario and located the root cause was lacking a static route on Palo Alto, so I decided to summarize every step here for further reference. Here is the topology:


IPSec Over Palo Alto FW Static NAT
EVE-NG Topology The left part is the office, and the right part is Internet 10.0.56.5 of R6 was NATed to IP: 10.0.17.3 by Palo Alto which establishes IPSec tunnel with R8: 10.0.78.8 Traffic from 5.5.5.0/24 to 8.8.8.0/24 will be forward over the #1 IPSec All device in ‘LAN’ could access ‘Internet’ via Port Translation

Procedure:

1. Initial Palo Alto

Console access Palo Alto with username/password: admin/admin, and configure MGMT IP 172.16.185.132 (I have bridged the mgmt interface of Palo Alto to my laptop). Here are the commands for the initialization:

configure edit deviceconfig system set ip-address 172.16.185.132 netmask 255.255.255.0 commit

Note: Remember to execute ‘commit’ on CLI or Web GUI after the modification.

2. Navigate https://172.16.185.132 in the browser, login with the username/password: admin/admin


IPSec Over Palo Alto FW Static NAT
Palo Alto-Dashboard

3. Configure Interface Profiles: Permit ping traffic from both LAN and Internet to Palo Alto interfaces for connectivities testing


IPSec Over Palo Alto FW Static NAT
Palo Alto-Interface management profile

4. Configure interface: ethernet1/1


IPSec Over Palo Alto FW Static NAT
Palo Alto-Interface configuration-Zone-1
IPSec Over Palo Alto FW Static NAT
Palo Alto-Interface configuration-Zone 2
IPSec Over Palo Alto FW Static NAT
Palo Alto-Interface configuration-IP Address-1
IPSec Over Palo Alto FW Static NAT
Palo Alto-Interface configuration-IP Address-2
IPSec Over Palo Alto FW Static NAT
Palo Alto-Interface configuration-Management Profile

5. Configure interface: ethernet1/2, almost same steps to ethernet1/1 but with different IP and Zone IP: 10.0.17.1/24, Zone: Internet.

6. Configured IPs, routing protocol on R5, R6, R7, R8 then run connectivity testing.

R5: Ethernet0/0 10.0.56.5/24, Ethernet0/1 10.0.15.5/24, Loopback0: 5.5.5.5/24, Default route with gateway: 10.0.15.1

R6: Ethernet0/0 10.0.56.6/24, Default route with gateway: 10.0.56.5

R7: Ethernet0/0 10.0.78.7/24, Ethernet0/2 10.0.17.7/24

R8: Ethernet0/0 10.0.78.8/24, Loopback0 8.8.8.8/24, Static route to 10.0.17.0/24 with next hop: 10.0.78.7

7. Configure routing on Palo Alto

Default route with next hop: 10.0.17.7

Static route to 10.0.56.0/24 with next hop 10.0.15.5


IPSec Over Palo Alto FW Static NAT
Palo Alto-Route

8. Configure PAT for Requirement #4: traffic from LAN to Internet


IPSec Over Palo Alto FW Static NAT
Palo Alto-PAT-1
IPSec Over Palo Alto FW Static NAT
Palo Alto-PAT-2
IPSec Over Palo Alto FW Static NAT
Palo Alto-PAT-3

9. Creating Service group before the Security policy for IPSec traffic: UDP 500 and UDP 4500


IPSec Over Palo Alto FW Static NAT
Palo Alto-Service
IPSec Over Palo Alto FW Static NAT
Palo Alto-Service Group

10. Configure NAT for requirement #3 IPSec


IPSec Over Palo Alto FW Static NAT
Palo Alto-NAT-1 : Servie-IPSec

Note: The destination Address is the IP of Peer IP, the IP is: 10.0.78.8/32 in my case.

Optional: Set Service to ‘Any’ for all applications


IPSec Over Palo Alto FW Static NAT
Palo Alto-NAT-Optional: Service Any
IPSec Over Palo Alto FW Static NAT
Palo Alto-NAT-3
IPSec Over Palo Alto FW Static NAT
Palo Alto-NAT/PAT-Overall view of Step 9 and Step 10

11. Since LAN and Internet are two different zones, security policies are required for the traffic. From LAN to Internet:


IPSec Over Palo Alto FW Static NAT
Palo Alto-Security Policy-1
IPSec Over Palo Alto FW Static NAT
Palo Alto-Security Policy-2
IPSec Over Palo Alto FW Static NAT
Palo Alto-Security Policy-3
IPSec Over Palo Alto FW Static NAT
Palo Alto-Security Policy-4

12. Security policy for IPSec


IPSec Over Palo Alto FW Static NAT
Palo Alto-Security Policy

13. Verify connectivities on all routers

Note: Security policy for Ping traffic in two different Zones, Ping will fail if only the application: ICMP was permitted, the service: ‘Ping’ is also required.

14. Configure IPSec on R6 and R8. Check all routers configuration from here .

15. On R5, execute ‘ping 8.8.8.8 source 5.5.5.5’

LAN-R5#ping 8.8.8.8 source 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Packet sent with a source address of 5.5.5.5 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/7 ms LAN-R5# LAN-R6#show crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id status 10.0.78.8 10.0.56.6 QM_IDLE 1001 ACTIVE IPv6 Crypto ISAKMP SA

Internet-R8#show crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id status 10.0.78.8 10.0.17.3 QM_IDLE 1001 ACTIVE IPv6 Crypto ISAKMP SA

AI security solutions are popular with executives -- but are they really working ...

$
0
0

AI security solutions are popular with executives -- but are they really working ...

According to a new study released by ProtectWise , AI has already established a strong foothold in the security space, with 73 percent of respondents reporting that they have implemented security solutions that incorporate at least some aspect of AI.

Most organizations cite AI's ability to improve the efficiency of security staff members and make investigation of alerts faster as top priorities.

But it's executives, not the people who manage security, who are the biggest advocates for AI. 55 percent of respondents say that the strongest advocates for AI-based security products in their organization are IT executives, while 38 percent say non-IT executives as the biggest internal champion.

"The marketing of AI is extremely effective," says Gene Stevens CTO and co-founder of ProtectWise. "The reality is executives are dealing with resource constraints and are looking for automation. They are not necessarily believing in the mythology of a 'silver bullet' they are just hoping for something new that they have not purchased before that can give their team an opportunity to scale and to catch things they might have missed."

AI-enabled security products are delivering mixed results in the real world too. According to respondents AI-enabled security solutions have significantly more security alerts and false positives on a typical day. 46 percent agree that rules creation and implementation are a burden, and 25 percent said that they don't plan to implement additional AI-enabled security solutions in the future as a result of their experience.

Overall the report suggests that there is still work to do. More than half of all respondents believe that AI doesn’t stop zero-days and advanced threats (61 percent), it delivers inaccurate results (54 percent), it’s difficult to use (42 percent), and it's expensive (71 percent).

"You have to be good at the knowns but you also have to have some robustness against the unknowns," adds Stevens. "Artificial intelligence helps us a lot with the unknowns and it also helps with the kind of scale teams need. But there's a tremendous amount of work that still needs to be done, it's not mature. It will become a part of all security solutions but we're at the early adoption stage."

You can read more in the full report available from the ProtectWise website.

Image Credit: agsandrew / depositphotos.com

ICT provider turns to Avast RMM for security | Avast Business

$
0
0
The Partner

Transforming traditional technology environments to high-performing, resilient ones is what GCI does best. Headquartered in the UK, GCI helps over 4,000 customers in the private and public sectors ― across education, healthcare, construction, housing, retail, entertainment, and more ― to meet their digital needs as their businesses change and evolve. The company’s five integrated technology pillars include Full IT Support, Unified Communications, Cloud, Security & Compliance, and Network & Infrastructure.

GCI has also received recent investment of over 60m from Mayfair Equity Partners LLP to drive continued growth and added value for customers. “With Mayfair’s support of our next phase of growth, it’s an exciting time for us. We are continuing to integrate our services delivery with a goal of offering tremendous synergies through an enriched product set and cross-selling our services,” says Richard Cook, GCI Director, who brings over 26 years of experience in IT and managed security.

The Challenge

Mayfair’s support presents both an opportunity and a challenge. “We have a growing customer base that can benefit from effective IT monitoring and management,” says Richard. “Beyond delivering premium security services, we need to provide the strategic and proactive planning that will align to clients’ evolving needs and business outcomes. This will set clients up for success, build strong relationships, and generate recurring revenue for our business.”

The Solution

Prior to joining GCI, Richard used Avast Business Managed Workplace remote monitoring and management (RMM) solution. It was therefore a natural decision for this long-time AVG-Avast channel partner to replace GCI’s existing SolarWinds MSP RMM for Managed Workplace, signing a three-year renewal.

GCI also added 10,000 licenses for Avast Business Pro Plus Antivirus, migrating from the company’s existing antivirus solution.

Richard explains, “With Managed Workplace, we have a proven RMM platform that we know can scale to our business model and support the needs of GCI’s large customer base. We can actively monitor our clients’ IT environments and manage regular patching, backups, antivirus, device management, and much more.”

For Richard, the advantage of Managed Workplace is its simplicity. “A lot of solution vendors talk about their monitoring capabilities but many RMMs can be too complex and take too much time to implement. This means they don’t get fully deployed or don’t get deployed correctly.”

“Managed Workplace has the right kind of complexity with functionality targeted for our needs. It doesn’t try to be too clever it is exactly what we need.”

“As an MSP, we can get overloaded with information from our customers’ environments, ” adds Richard. “ Managed Workplace is ideal for monitoring and through its central pane of glass and integrated capabilities ― such as security assessment, antivirus, patch management, and reporting ― it provides a full-service package,” adds Richard. “It’s easy to install and deploy and provides the information we need without the noise.”

The Results

Here are just a few results from GCI’s positive experience using Managed Workplace:

Renewed Managed Workplace for three years with 30,000 licenses to replace GCI’s existing RMM solution; Added 10,000 new licenses of Avast Business Antivirus Pro Plus, replacing GCI’s existing antivirus solution; Made plans to migrate 1,000+ customers to Managed Workplace by year-end; Looked at cross-sell opportunities across the GCI customer base.

GCI also places great importance on monitoring. The company requires absolute uptime and has strict SLAs on response times. That means they don’t just monitor alerts, they take action.

“Managed Workplace is essential for us,” says Richard. “From one platform, I have the ability to manage all customers without looking at multiple screens.”

To improve your IT company’s efficiencies and take advantage of the useful features that the Managed Workplace RMM provides, download a free trial of Managed Workplace and get the tools and insights you and your clients need.


ICT provider turns to Avast RMM for security | Avast Business

SentinelOne Partners with Exabeam to Rapidly Detect and Autonomously Stop Advanc ...

$
0
0
Technology Integration Enables Customers to Automate Incident
Response Across the Enterprise

MOUNTAIN VIEW, Calif. (BUSINESS WIRE) SentinelOne ,

the autonomous endpoint protection company, and Exabeam ,

the next-gen SIEM company, today announced a strategic partnership and

the technology integration of the SentinelOne autonomous endpoint

protection console with the Exabeam Security Management Platform. The

joint solution integrates SentinelOne and the Exabeam Security

Management Platform to allow customers to rapidly detect and

automatically respond to threats across all endpoints.


SentinelOne Partners with Exabeam to Rapidly Detect and Autonomously Stop Advanc ...

SentinelOne is the only next-gen solution that autonomously defends

every endpoint against every type of attack, at every stage in the

threat lifecycle. Through the integration, joint customers will be able

to ingest threat and incident data directly from SentinelOne into the

Exabeam Security Management Platform to baseline normal behavior.

Customers can combine that data with data from other IT and security

solutions to provide security analysts with greater visibility against

advanced attacks.

Additionally, Exabeam can trigger automated incident response for

compromised endpoints using theSentinelOne API. By gathering all

related events into Exabeam Smart Timelines, analysts can automatically

reconstruct the events underlying security incidents. The Exabeam

Security Management Platform automatically identifies risky, anomalous

device activity that may be indicative of a security incident or

compromise. Customers can then automatically respond to the incident

directly from the Exabeam UI: changing user passwords, sending email

verifications, restarting and scanning hosts, getting device and/or user

information, and enabling or disabling two-factor authentication. They

can also generate and list reports, list processes, get files and list

applications on a host.

“Strategic partnerships of this nature represent the future of the

security market combining autonomous endpoint protection with powerful

SIEM capabilities to speed incident response, while helping customers

contextualize how they’re mitigating risk,” said Daniel Bernard, VP

Business & Corporate Development, SentinelOne. “This integration will

enable customers to see the true story of what’s happening across their

network and endpoints, while knowing that they’re fully protected

against today’s most devastating threats.”

“The integration with SentinelOne feeds the Exabeam Security Management

Platform with rich data that makes it easier for our customers to

understand the problem they’re facing and immediately mitigate the

potential exposure,” said Ted Plumis, Vice President of Worldwide

Channels, Exabeam. “When threats are detected, Exabeam’s security

orchestration and response automation solution helps users take

corrective actions via response playbooks.”

The joint solution will be available through mutual channel partners of

SentinelOne and Exabeam, like Optiv and Exclusive Networks.

“As a leading security solutions integrator, Optiv combines proprietary

services with transformative and integrated technologies. Bringing EPP,

EDR and efficient SIEM together into a streamlined workflow, both

SentinelOne and Exabeam are valuable tools for our service leaders and

our clients in recognizing fast time-to-value,” said Todd Weber, Vice

President, Partner Strategy and Research, Optiv. “We look forward to

working with both companies as we continue to help global organizations

rationalize and optimize their security programs.”

“The threat landscape has evolved, and so in turn has the market,” said

Luk Schoonaert, Director of Technology, Exclusive Networks. “A true

value to a partner and an end customer comes from delivering an

integrated security solution that enables them to detect and respond to

potential threats in their IT environments in a simplified and an

efficient way. We’ve been working closely with both Exabeam and

SentinelOne and look forward to engaging with both teams to ensure their

solution is readily available to our partners and customers in our

diverse portfolio.”

About SentinelOne

SentinelOne delivers autonomous endpoint

protection through a single agent that successfully prevents, detects

and responds to attacks across all major vectors. Designed for extreme

ease of use, the S1 platform saves customers time by applying AI to

automatically eliminate threats in real time for both on premise and

cloud environments and is the only solution to provide full visibility

across networks directly from the endpoint. To learn more visit sentinelone.com

or follow us at @SentinelOne ,

on LinkedIn

or Facebook .

About Exabeam

Exabeam delivers next-generation security

management technology that enables organizations to protect their most

valuable information. The Exabeam Security Management Platform combines

unlimited log data collection, advanced behavioral analytics, and

automated incident response, all supported by Exabeam’s patented Smart

Timelines technology that uses machine learning to track identity and

behavior over time. The company’s recent industry accolades include

Forbes Cloud 100, Inc. 500, and SC Awards Europe, among many other

distinctions. Exabeam is privately funded by Aspect Ventures, Cisco

Investments, Icon Ventures, Lightspeed Venture Partners, Norwest Venture

Partners and well-known security inves

New Head of Threat Research for Fidelis Cybersecurity Drives Threat Hunting with ...

$
0
0

Danny Pickens, former military intelligence and counterterrorism veteran

will drive threat intelligence

BETHESDA, Md. (BUSINESS WIRE)

Fidelis

(Fidelis), a leading provider of threat detection,

threat hunting and response solutions, today announced the appointment

of Danny Pickens, as Director of the Threat Research Team. Pickens

brings over a decade of experience in military intelligence,

counterterrorism and cybersecurity to Fidelis.


New Head of Threat Research for Fidelis Cybersecurity Drives Threat Hunting with ...

“Danny has a wealth of expertise, coming from the military and

intelligence communities as well as leading large-scale, commercial

cyber threat intelligence operations. We are thrilled to have him lead

our Threat Research Team in delivering countermeasures and finished

intel to our products and customers,” said Nick Lantuh, President and

CEO, Fidelis Cybersecurity. “The threat intelligence derived by Danny

and the Team, along with the rich metadata, content and contextual

understanding that we capture from customer networks, cloud and

endpoints, are critical components to effectively hunt for threats

buried deep within your environment.”

Prior to joining Fidelis, Pickens served as a Director at Optiv where he

managed the Global Threat Intelligence Center and lead research for

managed security services. He spent the majority of his career within

the United States military and various divisions of the Department of

Defense and other U.S. Government organizations, working across the

tactical, operational and strategic-levels of intelligence and cyber

operations. He continues to serve in the U.S. Army Reserves as an

intelligence team Non-Commissioned Officer in Charge (NCOIC) where he

supervises the preparation and dissemination of all-source intelligence

products, intelligence summaries, forecasts, and assessments.

“The best cybersecurity is armed with true intelligence the work of

understanding threat motives to better predict and prevent malicious

activities,” said Pickens. “This intelligence is required for leaders to

make informed and good, judgement-based decisions. It has a role in

every industry, but the expectation and abilities in cyber threat

intelligence have evolved dramatically in the past few years, moving way

beyond a threat feed or blocking at the perimeter based on static

indicators. Fidelis is at the forefront of this evolution. I am thrilled

to join the highly-experienced team here, where we have such strong

technology supporting us and vision for the future.”

Insight from the Fidelis Threat Research Team directly feeds the Fidelis Elevate

platform which arms security teams with the ability to quickly detect

and respond to inbound and insider threats as well as data theft. The

platform provides deep visibility while monitoring all traffic on all

ports and protocols across the entire infrastructure. Fidelis services,

including Managed Detection and Response, Incident Response and more,

can be deployed atop the Elevate platform as necessary.

About Fidelis Cybersecurity

Fidelis Cybersecurity is a leading provider of threat detection, hunting

and response solutions. Fidelis combats the full spectrum of

cyber-crime, data theft and espionage by providing full visibility

across hybrid cloud / on-prem environments, automating threat and data

theft detection, empowering threat hunting and optimizing incident

response with context, speed and accuracy.

By integrating bi-directional network traffic analysis across your cloud

and internal networks with email, web, endpoint detection and response,

and automated deception technology, the Fidelis Elevate platform

captures rich metadata and content that enables real-time and

retrospective analysis, giving security teams the platform to

effectively hunt for threats in their environment. Fidelis solutions are

delivered as standalone products, an integrated platform, or as a 24×7

Managed Detection and Response service that augments existing security

operations and incident response capabilities. Fidelis is trusted by

Global 1000s and Governments as their last line of defense. Get in the

hunt. For more information go to www.fidelissecurity.com .

Contacts

Gaby Yim

FidelisUS@hotwireglobal.com
New Head of Threat Research for Fidelis Cybersecurity Drives Threat Hunting with ...
Do you think you can beat this Sweet post? If so, you may have what it takes to become a Sweetcode contributor...Learn More.

9 biggest web security news of 2018

$
0
0

The year started off with a bang as the research of Meltdown and Spectre rendered almost all computing devices to be vulnerable. As the year moved on Facebook, Magecart and 2FA alternatives also were also part of security discussions. Here are our top 9 picks for biggest web security news of 2018:


9 biggest web security news of 2018
1. Meltdown and Spectre

Meltdown and Spectre are collectively 3 critical vulnerabilities had anyone with a computer made since 1995 on their feet. Meltdown ( CVE-2017-5754) is a hardware vulnerability found to attack general memory data security and the name was given due to the ability of the attack to “melt” security boundaries. Spectre ( CVE-2017-5753 and CVE-2017-5715) is reported to affect every single computer device, as it’s been verified that they affect Intel, AMD, and ARM processors. Their exploitation allows hackers to access passwords stored in a password manager or browser, personal photos, emails, private messages and even business-critical documents.

2. Facebook “View As” feature

Facebook has been in the public eyes on several big occasions this year including the Cambridge Analytica scandal and Mark Zuckerberg’s testimony in front of the US Congress about data privacy. The year wouldn’t be complete without a hacker attack.

Late September, 50 million people were automatically logged out of their Facebook accounts due to a hacker attack via the “View As” feature. The hackers began by exploiting the video uploading feature and eventually chained this together with a weakness in the “View As” feature. During this process a user token was generated when it wasn’t intended to happen for the one subject to “view as” and this appeared in the HTML code. From there the hackers gained access to the user account and automated their attack which eventually resulted in an activity spike to catch Facebook’s attention and take action in time. In total, there were 3 bugs that the malicious actors were able to chain together to gain access to user tokens. When Facebook was aware of this, it forced log out to reset tokens for 50 million users and an additional 40 million who were potentially affected. Whilst Facebook’s logging and monitoring practices were able to act fast and alert users well, the company seems to not want to take more security risks as there are plans to add a cybersecurity company to their group.

3. Marriott 500 million users had data stolen.. Hackers had access since 2014

Going down as one of the largest data breaches to happen so far, 500 million Starwood guests had their personal details such as names, addresses, passport information and emails compromised to malicious hackers. Reports state hackers were in the system back in 2014 which happened before Marriott acquired the Starwood Hotel brand in 2016, and this has angered many security experts and people in general knowing that SPG aware of the issue and it was failed to be addressed during the acquisition. The personal information taken was encrypted however given 4 years time, one could be certain that the hackers were able to decrypt the details. It’s not certain whether Marriott was aware of this or not but we can expect cybersecurity to be taken more seriously in future business acquisitions.

“Marriott, the world’s biggest hotel company, said the huge hack had been going on since 2014”

FOUR YEARS!

1312 Days!

There is so much in this, where do you begin? #Marriott

― Daniel Cuthbert (@dcuthbert) November 30, 2018

4. Another year of leaky S3 buckets, which led to AWS finally changing the privacy settings for bucket configurations

As in 2017, this year saw several high-profile companies fall victim to customer data leak to cloud storage, especially S3 bucket, misconfigurations including FedEx and GoDaddy . These are often the fault of the company due to AWS S3 bucket misconfigurations but we even saw a case where an AWS employee made the mistake of S3 bucket misconfiguration for GoDaddy. The consequence: public exposure of highly sensitive information including GoDaddy’s hosting infrastructure, operating system, workload and more which gave out a lot of competitive intelligence. This finally prompted AWS to make changes to the bucket settings and make it easier for users to block public access to buckets .

5. Implementation of GDPR and Google and Facebook slapped with fines

2018 also was the year forGDPR to come into play and this has all sorts of professionals scrambling to make sure their practices are compliant, lawyers were banking in on new business, some opportunists upgraded their careers to becoming a DPO and end users were bombarded with emails regarding GDPR, all before May 25th. There was no grace period to GDPR enforcement as Google and Facebook were given fines immediately . Not only did GDPR get ordinary people to start thinking a bit more on the privacy of their personal details, but it has challenged companies to work more proactively with security.

6. Magecart and third-party javascript

Magecart, an online criminal hacker group, has been using cross-site scripting (XSS) tactics to injection malicious code into different online credit card forms. By doing so they’ve been able to steal sensitive information including, yes of course, credit card details and personal names. This method is used widely and companies compromised by this attack are many and include British Airways and Inbenta, a 3rd party javascript used by Ticketmaster . This serves as a good reminder to always check web applications for XSS and especially third-party software as Magecart does not show signs of stopping.

7. SMS 2FA not secure

Reddit was hacked in June and their employee accounts were compromised despite having 2FA via SMS enabled. As their report explains , the attacker was able to intercept SMS messages containing the access code and use this to log into the employee accounts. This prompted a great discussion on what kind of 2FA is needed. Reddit themselves suggest using a token-based 2FA as well as ensuring passwords are complicated. You can find these tips and more in our tips for secure remote work .

8. Drupalgeddon

There was a remote code execution found in Drupal, and this critical vulnerability was aptly named Drupalgeddon v2.0 . This affects versions between 6 and 8, and if exploited the bad actor would have access to all non-public data and also have the ability to modify or delete items. According to official notes, updating Drupal along will not remove backdoors or fix compromised sites . Therefore anyone affected would have to update right away but also run their own security checks to remediate the issue.

9. Stop playing security whack-a-mole

Parisa Tabriz, Director of Engineering at Google, opened up this year’s Black Hat USA calling on everyone to implement long-term defensive security. Rather than playing what she called security whack-a-mole and tackling security issues as they come up, there needs to be more strategic and proactive action to ensure security in a company. She cited the Google Project Zero as one way they’ve used offensive security examples to improve defensive security tactics, leading to more transparency and collaboration to make end users safer. Companies should build ongoing security processes and invest in training, build up security champions and develop a security culture in the organization. Some argue it needs to be thought of earlier in the development cycle, given more support for the adoption of DevSecOps.

What can we expect next year? We asked our security researcher and technical content writer, Linus Srud :

In 2019, we can expect more cloud-related issues on the rise as well as misconfigurations with third-party providers. They may not necessarily from S3 bucket leaks due to the changes, but could be of similar nature.

Serverless, microservices and API are the “new thing” and we can expect acceleration in migration over to these services. As a consequence we anticipate more SSRF attacks. When companies go serverless and the traditional RCE is no longer possible, SSRF takes its place. It can be used to request internal servers and steal tokens or credentials used for cloud configurations. Early 2018, Google was vulnerable against this. Here is another write-up on how SSRF can be a problem when running on Amazon, causing the cloud to rain credentials .

Lastly, we expect more subdomain takeovers to occur and while this has been hyped for long there will be a lot to be discovered in this area.

On the positive side, we anticipate more awareness of cloud security risks and the continued rise of devsecops where security is considered earlier in the development cycle and companies apply proactive defence instead of reactive measures, enabled by more automation and testing. There will more open discussions about personal data management because of the GDPR, NIS directive and other security regulations. People will start to think differently about the security of personal information, in a more protective way, which is a good thing! Here’s to an even more secure 2019!

Is your team equipped with all the tools to make 2019 a secure year for your teams? You can automate some of your security checks using Detectify.Ready to give us a try? Sign up for a free trial.

Enterprises continue to suffer from poor password hygiene and a lack of visibili ...

$
0
0

It has been more than a year since I last shared Preempt Inspector statistics. Last time we shared Preempt Inspector statistics we found some alarming numbers . With the end of 2018 approaching, I would like to share with you key findings from Preempt Inspector to help you focus on the most important security issues you might be facing.

Preempt Inspector Reminder

Preempt Inspector is a free security posture evaluation tools offered by Preempt. The tool monitors various aspects of password and Active Directory security:

Weak Passwords : We define compromised credentials as passwords that exist in well-known password lists. To test this, we’ve created a password dictionary containing 10M of the most common passwords. In a previous blog , this dictionary was used to crack 35% of breached LinkedIn password hashes.

Shared Passwords : We define shared passwords as passwords that are shared by different users (unless password is extremely weak, two users with the same password could not happen by accident).

Stealthy Admins : We define stealthy admins as user accounts with special permissions over other accounts (e.g., changing a user password, modifying a particular security group) not via AD protected groups, in a way that effectively makes user with permissions equivalent to these of a domain admin. You can get more details regarding stealthy admins here .

Exposed Group Policy Passwords In the past, it was possible to store passwords in Group Policy Preferences (GPP). However, the passwords stored in the GPP could easily be fetched and decrypted by any user in the network. More details on this issue can be found here .

Password Policy Preempt Inspector also analyzes the domain password policy and assigns a theoretical strength based on the minimal characters you could set and whether password complexity is required.


Enterprises continue to suffer from poor password hygiene and a lack of visibili ...

Preempt Inspector Findings

Since launching Preempt Inspector, about 600 organizations have downloaded the app. More than 100 organizations have chosen to anonymously share security statistics with us. The data collected includes password statistics from several countries (64% from the US, 18% European) and a healthy mix of small (<100 users), medium (100-1000 users) and large (>1000 users) organizational networks. We have found many interesting and surprising statistics regarding how vulnerable most enterprise networks are to these known and simple security vulnerabilities:

32% of networks had some exposed passwords (GPP passwords)

Roughly 1 in 3 enterprise networks have some passwords exposed in GPP for any authenticated user to recover. From our experience, these passwords in some cases are applicable and in many cases belong to administrative account (domain or local).

72% of networks had at least one stealthy admin detected

In most networks we scanned, we discovered at least one user granted special permissions not through a protected AD group. One such known account is the MSOL account used for Azure AD Connect. However, in most cases (61%), we found more than just one account with stealthy privileges.

Only 5% of networks had a strong password policy, 23% of networks had a very weak password policy

In our analysis of password policy we’ve scored each password policy and divided password policies into three groups low, medium and high. A low score was given to policies that either mandate 7 character passwords or mandate password complexity, a medium score was assigned to policies that mandate less than 10 characters (or 9 characters and complexity). Policies that mandated more than 10 characters or 10 characters and complexity were given a high score. Overall, only 5% had a high password policy, and surprisingly, 23% had a low password policy.
Enterprises continue to suffer from poor password hygiene and a lack of visibili ...

Figure 1 Weak Password by Password Complexity Score

We have further researched the impact of the password policy and the actual strength of passwords in these enterprises and analyzed how many passwords we were able to crack with each policy applicable. Not surprisingly, the better the password policy is, the less passwords we were able to crack. More interestingly, the difference between low and medium score is lower than between medium and high. For enterprises with medium password policy scores, we were able to crack roughly 10% of the passwords. For enterprises with a high score for password policy, we were able to crack only 0.8% of the passwords. This is a strong indication that at least 10 characters passwords is crucial for password strength

.

Overall, 97% of inspected enterprises revealed at least one security issue.

Perhaps the most alarming finding we can share is that even though our scan contains only known issues, in almost all networks we’ve scanned we’ve found some security issues. In the minority case where no security issues were found, clients only scanned for one issue (Preempt Inspector allows running a subset of inspections).

Bigger organizations have better security posture.

We measured the average percentage of users with a weak password (compromised or shared) in each organization size and found that the bigger an organization is, the more secure their passwords are. In large organizations we were able to crack 9% of the passwords, in medium organizations we were able to crack 10% of the passwords and in small organizations we were able to crack 16.78% of the passwords.


Enterprises continue to suffer from poor password hygiene and a lack of visibili ...

Figure 2 Weak Password by Organization Size

This reaffirms our previous research findings.

US-based organizations have best password quality, Europe came in second.

We divided the data into US-based enterprises (64%), European-based enterprises (18%) and others. The results clearly show that password quality in US and Europe is better than rest of the world with 6.3% of US passwords that were cracked, 12% of Europe passwords 18% of the passwords from the rest of the world.
Enterprises continue to suffer from poor password hygiene and a lack of visibili ...
Figure 3 Weak Password by location

30% of enterprises improved security metrics in recurring inspector runs

Some of the enterprises have used

ToBet遭到黑客恶意攻击 Big.game也疑似遭遇黑客攻击

$
0
0

据IMEOS报道,ToBet今日凌晨2点42分遭到黑客恶意攻击,损失22000个EOS,攻击账号为kfexzmckuhat。ToBet团队发公告表示本次黑客攻击造成的损失全部由团队承担,不会影响玩家的分红和奖励。

据统计,今日众多 EOS DApp 遭遇回滚攻击,BetDice 损失 20 万 EOS, EOS Max 损失超 5 万 EOS,ToBet 损失 22000 EOS,Big.game 损失 8000 EOS。

攻击者发现了一个 EOS Node 的漏洞,对于不在不可回滚区块的交易可以被这个漏洞利用,因为 API 节点和 BP 节点同步有一个时间差。攻击者利用这个漏洞下注,并只保留获胜的交易。DApp 项目应重视此漏洞,警惕安全风险,以免造成不必要的损失。

Viewing all 12749 articles
Browse latest View live