pritha's Posts (578)

Sort by

Finding Triggered Malice in Android Apps

Finding Triggered Malice in Android Apps

Traditional techniques to detect malice in Android apps struggle to identify trigger-based changes to application logic. Unfortunately, such triggers are a key component of targeted malware, where the trigger is the mechanism that ensures that the code is only executed at the target. This talk will review how static analysis can be used to detect and leverage triggers for more robust detection.

Speaker

Christopher Kruegel (http://twitter.com/lastlinelabs","@lastlinelabs";)">@lastlinelabs)

Currently on leave from his position as Professor of Computer Science at UC Santa Barbara, Christopher Kruegel’s research interests focus on computer and communications security, with an emphasis on malware analysis and detection, web security and intrusion detection. Kruegel previously served on the faculty of the Technical University Vienna, Austria. He has published more than 100 peer-reviewed papers in top computer security conferences and has been the recipient of the NSF CAREER Award, MIT Technology Review TR35 Award for young innovators, IBM Faculty Award and several best paper awards. He regularly serves on program committees of leading computer security conferences and speaks at industry events such as Black Hat and RSAC.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

8669803471?profile=original

Read more…

How to Analyze an Android Bot

How to Analyze an Android Bot

This presentation will demonstrate a complete end-to-end analysis of an Android bot. This will include the decompilation and static analysis of bot code and the dynamic analysis of the bot’s behavior in a controlled sandboxed environment. The session will provide details of the lab environment and tools used for the analysis.

Speaker

Kevin McNamee (http://twitter.com/KevMcNamee","@KevMcNamee";)">@KevMcNamee)

Kevin McNamee is Director of Alcatel-Lucent’s Motive Security Labs and is responsible for the security research team that supports the ALU’s cloud based malware detection system. Previously he was Director of Security Research at Alcatel-Lucent’s Bell Labs specializing in the analysis of malware propagation and detection. He has recently presented at BlackHat, RSA, (ISC)2 and SECTOR.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

8669803471?profile=original

Read more…

The State of End-User Security—Global Data from 30,000+ Websites

We live in a rapidly changing environment. Mobile commerce is skyrocketing, browsers/OS are changing, web applications enable increasing functionality—yet the only thing that seems constant is the amount of flaws and vulnerabilities we find in these software components. Using data from more than 30,000 websites, this session will explore the state of security ecosystem and myths and assumptions.

Speaker

Andreas Baumhof (http://twitter.com/abaumhof","@abaumhof";)">@abaumhof)

Andreas Baumhof, Chief Technology Officer, ThreatMetrix, is an internationally renowned cybersecurity thought leader and expert with deep experience in the encryption, PKI, malware and phishing markets. Prior to ThreatMetrix, Baumhof was an Executive Director, CEO and Co-founder of Australian-based TrustDefender, a leading provider of security and fraud detection technologies. Baumhof previously served as Co-founder and Chief Technology Officer of Microdasys Inc., a leading provider of deep content security solutions. While there, he developed the first SSL proxy and has patents pending in Europe and the U.S. Baumhof holds a degree in mathematics and computer science from the University of Munich, Germany.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

8669803471?profile=original

Read more…

Android Serialization Vulnerabilities Revisited

Android Serialization Vulnerabilities Revisited

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.

Speaker

Rose Hay (http://twitter.com/roeehay","@roeehay";)">@roeehay)

X-Force Application Security Research Team Lead, IBM

Roee Hay leads the X-Force Application Security Research Team in IBM Security. His team focuses on discovering new vulnerabilities and has published dozens of papers or advisories in the past, including several ones in Android.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

8669803471?profile=original

Read more…

Hacking Exposed: The Mac Attack

Hacking Exposed: The Mac Attack

Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.

Speaker

Dmitri Alpxrovitch (http://twitter.com/DAlperovitch","@DAlperovitch";)">@DAlperovitch); George Kurtz (http://twitter.com/George_Kurtz","@George_Kurtz";)">@George_Kurtz)

Dmitri Alperovitch is the Co-founder and CTO of CrowdStrike Inc., leading its Intelligence, Technology and CrowdStrike Labs teams. A renowned computer security researcher, he is a thought-leader on cybersecurity policies and state tradecraft. Prior to founding CrowdStrike, Alperovitch was a Vice President of Threat Research at McAfee, where he led the company’s global Internet threat intelligence analysis and investigations. In 2010 and 2011, Alperovitch led the global team that investigated and brought to light Operation Aurora, Night Dragon and Shady RAT groundbreaking cyberespionage intrusions and gave those incidents their names.

George Kurtz, President/CEO and Co-founder of CrowdStrike, former CEO/Founder, Foundstone, and former Executive Vice President and worldwide CTO of McAfee, is an internationally recognized security expert, author and entrepreneur. Kurtz holds a B.S. degree from Seton Hall University. He also holds several industry designations, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Public Accountant (CPA). Kurtz also authored the best-selling security book of all time, Hacking Exposed: Network Security Secrets & Solutions.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

8669803471?profile=original

Read more…

Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

Imagine being dependent on a wireless infusion pump to receive the correct dosage of life-supporting medication. Now imagine the implications, were that pump to be maliciously hacked. In this session learn more about how to successfully secure these medical devices, based on work being conducted at the National Cybersecurity Center of Excellence (NCCoE) with premier health care organizations.

Speaker

Nathan Lesser (@natelsr)

Nathan Lesser, Deputy Director of the National Cybersecurity Center of Excellence (NCCoE) at NIST, has over 15 years of experience in technical and leadership roles. Nate oversees the NCCoE’s engineering initiative and is responsible for cultivating collaboration across government, business, and technology companies to address cybersecurity issues within and across industry sectors. Previously, Nate led a team of cybersecurity engineers at Booz Allen Hamilton, served in the Office of Management and Budget, and the Senate’s Homeland Security and Governmental Affairs Committee. Nate holds bachelor’s and master’s degrees in electrical engineering from Columbia University, and is currently a Senior Fellow at the George Washington University Center for Cyber and Homeland Security.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

8669803471?profile=original

Read more…

8669807279?profile=original

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. 

RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)

The Index below will help you navigate on this page. Each link will take you to the individual presentations. We have marked some particular slide number from each presentation which are particularly interesting. So, here's your shortcut to a full conference!

Index

(Click on the sections below to go directly to their details)

8669805263?profile=original

image courtesy: https://www.flickr.com/photos/lupuca/8720604364

1) Top 8 'Security Awareness & Human Element' talks from RSA USA 2016, San Francisco

Security Awareness remains the human part of security, largely contributing to security compromises. Here are some selected talks that delve into the various aspects and behaviours that could help us be save our near and dear ones.


Go Back To The Index

8669806685?profile=original

2) Top 15 'Hacking & Attack Technique' talks from RSA USA 2016, San Francisco

The hacks are getting more sophisticated every day. Here we have selected the top hacking trends and techniques from RSA. It covers hacks from IOTs to Drones, everything has a hack.


Go Back To The Index

8669807677?profile=original

3) Top 8 'Mobile Security' talks from RSA USA 2016, San Francisco

Here are some great talks from 'Mobile Security'. It covers the latest OS hacks and vulnerabilities along with the business side of it. Particular interest is drawn by the Incident Response Process Building.


Go Back To The Index

8669807483?profile=original

4) Top 6 'Cloud Security' talks from RSA USA 2016, San Francisco

With all infrastructure, services everything going cloud and becoming more affordable, this is a major section for security. Viability of cloud solutions are gauged here. Our Cloud Partners association as well as our data on the cloud may have some special needs. Below selected slides will help you identify those.

  • Aspirin as a Service: Using the Cloud to Cure Security Headaches
  • Cloud Security Essentials 2.0 Full Stack Hacking & Recovery
  • Security Program Development for the Hipster Company
  • Designing Virtual Network Security Architectures
  • Cloud Breach – Preparation and Response
  • Take It to the Cloud: The Evolution of Security Architecture


Go Back To The Index

8669802465?profile=original

5) Top 10 'Incident Response & SIEM' talks from RSA USA 2016, San Francisco

A Quick Incident Response is still one of the savers in many ways. That is where our Red Teaming efforts go into. Here are some great talks from RSA which can help you build,monitor and execute your incident response efforts. The studies will help you optimise your program if already there or build it.

  • The Incident Response Playbook for Android and iOS
  • Demystifying Security Analytics: Data, Methods, Use Cases
  • The Rise of the Purple Team
  • Building a World-Class Proactive Integrated Security and Network Ops Center
  • Make IR Effective with Risk Evaluation and Reporting
  • Data Breach Litigation How To Avoid and Be Better Prepared
  • Cloud Breach – Preparation and Response
  • Preserving the Privilege during Breach Response
  • Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
  • Data Science Transforming Security Operations


Go Back To The Index

8669808064?profile=original

image courtesy: https://www.flickr.com/photos/purpleslog/2870445260

6) Top 10 'CISO' talks from RSA USA 2016, San Francisco

Chief Information Security Officers remain responsible for the safeguard of the digital data, assets etc. Here are some talks specifically for the CISO role of operation. We thought this could be very helpful.

  • Super CISO 2020: How to Keep Your Job
  • How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
  • Security Program Development for the Hipster Company
  • Partnership with a CFO: On the Front Line of Cybersecurity
  • The Measure of Success: Security Metrics to Tell Your Story
  • From Cave Man to Business Man, the Evolution of the CISO to CIRO
  • Understanding the Security Vendor Landscape Using the Cyber Defense Matrix
  • Vendor Security Practices: Turn the Rocks Over Early and Often
  • Adjusting Your Security Controls: It’s the New Normal
  • Are You Thinking about IT Outsourcing? Top Reasons, Risks and Rewards


Go Back To The Index

8669808085?profile=original

7) Top 5 'GRC' talks from RSA USA 2016, San Francisco

Governance, Risk & Compliance remain an intrigued area from our members, where a unified GRC program is still a challenge. Below presentations give you some metrics which can help a smooth communication. Integration with Threat Intelligence and Risk Metrics particularly draw some attention.

  • Bridging the Gap Between Threat Intelligence and Risk Management
  • The Newest Element of Risk Metrics: Social Media
  • Building an Effective Supply Chain Security Program
  • Integrating Cybersecurity into Supply Chain Risk Management
  • The Measure of Success:Security Metrics to Tell Your Story


Go Back To The Index

8669808271?profile=original

8) Top 3 'Threat Intelligence' talks from RSA USA 2016, San Francisco

Threat Intelligence seems to be under the adoption hood, it's adoption still being speculated carefully. Here are some presentations that can help you decide.

  • Dreaming of IoCs Adding Time Context to Threat Intelligence
  • STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
  • IOCs Are Dead—Long Live IOCs!
  • Bridging the Gap Between Threat Intelligence and Risk Management


Go Back To The Index

8669808873?profile=original

9) Top 7 'Software/Application Security & DevOps' talks from
RSA USA 2016, San Francisco

Security needs to be built in. The traditional models don't incorporate this, resulting in later stage security integration which is late and expensive. Here are some great talks which will help you build a program for your organisation. It covers the agile structure, embedded systems and fundamentals from 'Why Security'.

  • Embedded Systems Security: Building a More Secure Device
  • Introducing a Security Program to Large Scale Legacy Products
  • Agile Security—Field of Dreams
  • Open-Source Security Management and Vulnerability Impact Assessment
  • DevSecOps in Baby Steps
  • Estimating Development Security Maturity in About an Hour
  • Understanding the “Why” in Enterprise Application Security Strategy


Go Back To The Index

8669809094?profile=original

10) Top 14 'Emerging Areas In Security Technology' talks from RSA USA 2016, San Francisco

Great talks and conferences also give us an advantage of identifying areas of security trends. Here we have put together all the Emerging Security Technology Trends presentations in one place for you.

  • Transforming Security: Containers, Virtualization and Softwarization
  • Embedded Systems Security: Building a More Secure Device
  • Bring Your Own Internet of Things: BYO‐IoT
  • DevSecOps in Baby Steps
  • Lattice Cryptography
  • Hardware Attacks and Security
  • Integrating Cybersecurity into Supply Chain Risk Management
  • Braking the Connected Car: The Future of Vehicle Vulnerabilities
  • Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
  • A New Security Paradigm for IoT (Internet of Threats)
  • What Is Next-Generation Endpoint Security and Why Do You Need It?
  • Attacks on Critical Infrastructure: Insights from the “Big Board”
  • Security Advantages of Software-Defined Networking
  • Smart Megalopolises. How Safe and Reliable Is Your Data?


Go Back To The Index

8669804295?profile=original

11) Top 3 'Information Security Trends' from RSA USA 2016, San Francisco

The following takes you through the Information Security Trends. Here are the great presentations we found for you at the conference.

  • State of Cybersecurity: 2016 Findings and Implications
  • The Seven Most Dangerous New Attack Techniques, and What's Coming Next
  • Introduction and a Look at Security Trends


Go Back To The Index

8669810084?profile=original

12) Top 6 Blogs On IAM,Artificial Intelligence,datasecurity,crypto & Others

This section has some interesting topics like Artificial Intelligence, IAM etc. Moreno, the talks are innovative and out of the box. You will find this section to be an amazing talk section.

  • DON'T Use Two-Factor Authentication...Unless You Need It!
  • Rise of the Hacking Machines
  • Intelligent Application Security
  • Applying Auto-Data Classification Techniques for Large Data Sets
  • Realities of Data Security
  • Crypto 101: Encryption, Codebreaking, SSL and Bitcoin 
  • NSTAC Report to the President on the Internet of Things

Go Back To The Index

8669810455?profile=original

13) 10 Most Innovative Information Security Companies at RSA USA 2016, San FranciscoInnovative Companies

In keeping with the latest happenings in Information security, this article is on the 10 finalists of RSA innovation sandbox contest held at the RSA Security conference, the world's leading Information security conference.


Go Back To The Index

Read more…

8669803072?profile=original

Facebook Fixes Major 'Brute Force' Bug - 9th Mar

Bangalore-based Anand Prakash discovered a serious flaw on the developer sites beta.facebook.com and mbasic.beta.facebook.com. On the regular Facebook site, the limit is set to 10-12 invalid attempts, but on these beta sites there was none, and it’s mean, could launch a brute force attack to crack the code and gain entry to a user’s account. The issue was reported to Facebook in late February via the regular channels and fixed the next day, with a $15,000 reward sent out just eight days later.

Intel buys a 360-degree sports video replay specialis- 9th Mar

Intel announced in a company blog post that it has purchased Israeli company Replay Technologies. The company provides an unusual 3D video rendering capability it calls “free dimensional” or freeD™ video, according to Intel. The system can freeze action from any angle then rotate all around it, much like the bullet-time effect used in the Matrix. it’s compute-intensive and the system takes a bunch of servers running Intel chips to make it work. In fact, to make the 3D broadcasting magic happen at the NBA, Replay created a seamless 3-D video rendering of the court using 28 ultrahigh-definition cameras positioned around the arena and connected to Intel-based servers, a lot of Intel servers.

Red Hat Linux to run on Qualcomm server chips- 9th Mar

Qualcomm is working with Red Hat to port a version of the Enterprise Linux Server for ARM Development Preview. Servers based on ARM-architecture, though, are almost nonexistent commercially. Now, a full port of the Red Hat OS will allow developers to write applications for Qualcomm's server chips. The Enterprise Linux Server port will have drivers and firmware to comply with Qualcomm's server chip specifications as well as ARM's Server Base System Architecture (SBSA) and SBSA is a specification for standardized hardware features across all ARM server chips.

Microsoft's new Dynamics ERP suite is on Azure - 9th Mar

Microsoft has released the next version of its Dynamics AX enterprise resource planning software, giving companies a path to running more of their businesses in the cloud. It’s all run through a browser-based portal, so people can access it wheresver they are, and on any sort of device, whether that’s a desktop PC, a smartphone or something in between. Dynamics AX also connects with Microsoft’s Power BI to do data visualization, which means users can get an easy, at-a-glance look at key business metrics, and implement custom visualizations for understanding data apart from this Dynamics AX joins Microsoft's other cloud-based business applications, including Power BI, Office 365 and Dynamics CRM Online, which are all aimed at letting businesses get away from running on-premises applications and focus on using Microsoft's cloud.

EFF Releases Millionth Free HTTPS Cert - 8th Mar

Electronic Frontier Foundation (EFF) has announced the release of its millionth free HTTPS certificate as part of the company’s ‘Let's Encrypt Certificate Authority’ concept. Last year EFF, who co-founded Let's Encrypt CA with Mozilla and researchers from the University of Michigan, made public its aim of building a more secure future for the World Wide Web. This began with issuing and managing free certificates for any website that needs them, aiding in the transition from HTTP to the more secure HTTPS protocol on the web.

New OS X Ransomware Delivered via BitTorrent Client - 8th Mar

A piece of ransomware designed to target OS X systems has been delivered to users via the official installer for the Bit Torrent client Transmission. There are two installers for Transmission 2.90 contained a new piece of OS X malware that they have dubbed KeRanger and which they believe is the first fully functional ransomware targeting OS X. The ransomware can bypass Apple’s Gatekeeper protection system because the malicious Transmission versions are signed with a valid app development certificate issued by Apple. Once it infects a system, KeRanger looks for 300 different file types — including documents, images, multimedia files, archives, source code, emails, certificates and databases — and encrypts them using the AES specification.

Google Open Sources Vendor Security Assessment Framework - 8th Mar

Google announced on Monday that it has decided to open source its Vendor Security Assessment Questionnaire (VSAQ) framework to help companies improve their security programs. The VSAQ framework released by Google as open source includes four questionnaire templates for web app security, security and privacy programs, physical and data center security, and infrastructure security. These base templates can be modified to include questions specific to the company using the VSAQ. The decision to release VSAQ as open source comes after some of the vendors who completed the questionnaires expressed interest in using them to assess their own suppliers.

Google Patches Critical Vulnerabilities in Android - 8th Mar

Google has patched another series of Critical vulnerabilities in Android, including a remote code execution (RCE) flaw in mediaserver and several elevations of privilege (EoP) issues in various drivers and components. The 16 security patches for 19 vulnerabilities in this month’s Nexus Security Bulletin, which is the eighth monthly update coming from the company since the Stagefright flaw was discovered in July last year to affect nearly 1 billion devices. Those Security Bulletin reveals that seven of these vulnerabilities were rated Critical, ten were rated High, and two Moderate. While many of these flaws were EoP issues, Google also resolved information disclosure bugs in the mobile OS, along with a mitigation bypass vulnerability, and a remote denial of service flaw.

IRS Suspends Identity Protection PIN Tool Over Security Concerns - 8th Mar

The IP PIN tool hosted on irs.gov allows taxpayers to generate or recover a six-digit number that provides an extra layer of protection aginast fraudulent tax returns. But the Internal Revenue Service (IRS) announced on Monday that it has temporarily suspended its Identity Protection (IP) PIN tool while it further strengthens its security. The problem, is that the IP PIN can be easily obtained by answering four knowledge-based authentication (KBA) questions from Equifax. The answers to these questions can often be found on free online services, allowing fraudsters to easily get the PINs they need to file tax returns on behalf of victims.

Adobe Patches Flaws in Acrobat, Reader, Digital Editions - 8th Mar

Adobe released updates on Tuesday for its Acrobat, Reader and Digital Editions products to address several critical vulnerabilities that can lead to code execution. The release of Acrobat and Reader versions 15.010.20060, 15.006.30121 and 11.0.15 for Windows and Mac, Adobe resolved three flaws, including a couple of memory corruption issues (CVE-2016-1007, CVE-2016-1009) and a directory search path bug (CVE-2016-1008) — all of which can be exploited to execute arbitrary code. The company updated the Windows, Mac, Android and iOS versions to 4.5.1 in order to fix a critical memory corruption vulnerability that could lead to code execution.

Strange bug sending undeletable ghost mails from 1969-70 to iPhone users - 8th Mar

Apple’s iOS operating system for iPhones and iPads is no stranger to eerie bug’s .a bug which causes users to receive ghost emails from 1969 and 1970 that cannot be deleted. the issue probably stems from the way iOS handles UNIX time, or Epoch time as it’s also called. In UNIX time, January 1, 1970, at midnight, is the starting time when counting started. From the looks of it, this bug looks the extension of the earlier infamous ‘January 1, 1970’ bug which can brick some devices. The Jan 1, 1970 has been fixed by Apple in the forthcoming iOS 9.3 software update. But Apple has so far not commented on the bug.

Toyota Develops Wearable Mobility Device For The Blind - 8th Mar

Project BLAID is a wearable device dedicated to helping blind and visually impaired people navigate via a device worn around the shoulders. Users will be able to interact with the device by means of voice recognition and buttons. The device itself is equipped with cameras that detect the user's surroundings and communicate information to the individual via speakers and vibration motors and Toyota also plans to eventually integrate mapping, object identification, and facial recognition technologies.

Microsoft Opens SQL Server To Linux Users - 8th Mar

Microsoft announced plans to port its SQL Server software onto Linux. Microsoft, this move aims to give it a competitive edge against its database rivals like Oracle and IBM's DB2, and to boost the market for its SQL Server by a large margin. The research firm also noted that mainstream commercial distributors like Red Hat Enterprise Linux and SUSE Linux Enterprise Server will likely be supported before the formal product release in mid-2017. The main goal of this strategy is to serve as an on-ramp to bring these folks onto Microsoft's Azure cloud. Azure has the capability to work with both Linux and Windows servers, so having a SQL Server stack that can sit on top of either one may make it more attractive to customers shopping for cloud services.

U.S. military spending millions to make cyborgs a reality - 7th Mar

The U.S. military is spending millions on an advanced implant that would allow a human brain to communicate directly with computers. The Defense Advanced Research Projects Agency (DARPA), hopes the implant will allow humans to directly interface with computers, which could benefit people with aural and visual disabilities, such as veterans injured in combat. The implantable device aims to convert neurons in the brain into electronic signals and provide unprecedented data-transfer bandwidth between the human brain and the digital world and In January, DARPA announced it plans to spend up to $62 million on the project, which is part of its Neural Engineering System Design program.

Free 'DCEPT' Tool Entraps Attackers Stealing Admin Credentials - 4th Mar

Researchers with Dell SecureWorks here this week released an open-source homegrown tool that detects when attackers attempt to steal Windows Active Directory domain administrator credentials. DCEPT (Domain Controller Enticing Password Tripwire) tool is basically a deception-style “honeytoken” approach to catch the bad guys in the act of scraping domain credentials. It places phony credentials on the network as a lure. So if an attacker tries to pull cached credentials from a server, DCEPT detects the activity and then alerts a SIEM or other monitoring mechanism. DCEPT comes as a Docker container build for its server component. It alo decrypts Kerberos pre-authentication packets and inspects them to see if they were the fake passwords being used in the network

Built-in PDF Reader in Windows can leak Edge Browser users data - 4th Mar

The Windows Runtime (WinRT) PDF Renderer library, or just WinRT PDF, is one of the powerful components built into the recent releases of Windows OS that allows the developers to integrate PDF viewing functionality in their own apps. However, it has been discovered that WinRT PDF, the default PDF reader for Windows 10, leaves Edge users susceptible to a new series of attacks that are amazingly similar to how Flash, Java, and Acrobat have exposed Web users in the past few years. security researcher with IBM’s X-Force Advanced Research team said that since Microsoft Edge uses WinRT PDF as its default reader, any PDF embedded in the web page will be opened within the library. This makes room for the attackers to abuse the vulnerability via a PDF file. They can open a PDF secretly off-screen with help of CSS and execute the malicious code.

Google AI Can Spot Image Location With 'Superhuman' Accuracy - 2nd Mar

The Google's convolutional neural network called PlaNet that can identify where photos were taken based on the pixels in the image. PlaNet doesn't rely directly on image metadata, which often includes geolocation information. Rather, it calculates likely locations from the massive set of geocoded images used to train it (490 million Google+ images) and to test it (126 million Google+ images). And also Emphasizing on artificial intelligence, Google CEO Sundar Pichai said, "Machine learning is a core, transformative way by which we're rethinking everything we're doing."

Scientists Discover Matrix-like Technique To ‘Upload Knowledge To Your Brain’- 2nd Mar

Scientists have discovered that feeding knowledge directly into the brain could be as easy as going to sleep. This was made possible at HRL laboratories based in California where researchers claimed a 33 percent improved learning. It seems, soon the Matrix-movie like realities could be a possibility. Researchers working on this claim to have developed a simulator which can feed information directly into a person’s brain. Once the information is fed, that can be used to teach a person new skills in a shorter amount of time.

Chinese Threat Intel Start-up Finds DarkHotel Exploiting Chinese Telecom-1st Mar

According to researchers at Beijing-based threat intelligence start-up ThreatBook that the DarkHotel threat group is targeting executives at telecommunications companies in North Korea and China. The group is using spearphishing messages with malicious documents attached -- specifically, a crafted SWF file embedded as a downloadable link in a Word document & the SWF file exploits Adobe Flash vulnerability CVE-2015-8651 and also the payload, update.exe, is a Trojan downloader, disguised as a component of OpenSSL to compromise a variety of anti-detection measures, including anti-sandbox, and anti-anti-virus, as well as just-in-time decryption.

Google Launches Gmail Security Enhancements For Business Users-1st Mar

Google's data loss prevention system for Gmail can now recognize text in images to block sensitive information from passing through corporate communication channels. Gmail DLP has been enhanced with optical character recognition (OCR) technology, which cans identity alphanumeric characters in image files as per Google announced. OCR will allow Google for Work administrators to analyze common image file types that accompany Gmail messages and extract any text pictured within for compliance with content rules. Non-compliant content can be blocked, before any damage is done, or reviewed.

Read more…

Taking Control Of Shadow IT

Your organization is already moving to the cloud; the question is, are you going to blindly follow the movement or will you lead the charge? Your IT security team needs the right tools to gain visibility and understanding into your employees’ use of cloud applications, both sanctioned and “shadow IT.”You can take back control and enable employees to use the cloud application.

Why Read This Report?

  • Gain visibility into mobile and overall cloud usage with your enterprise
  • Identify and understand risk ratings of cloud applications
  • Measure improvements in approved and “shadow IT” usage of cloud applications
  • Establish controls for cloud access and policy enforcement

>>Download the Complete Report

Read more…

8669803072?profile=original

Glibc Flaw Affects Thousands Of Linux Apps But How Dangerous Is It? -17 Feb

Researchers at Google and Red Hat disclosed the vulnerability in glibc on Tuesday. They described the issue as a critical buffer overflow vulnerability which, when exploited, could give an attacker complete remote control of systems running the affected software. The vulnerability affects all version of the GNU C Library, commonly known as glibc that UNIX systems rely on to run. The flaw itself is present in the glibc DNS client side resolver and is triggered when a particular library function called getaddrinfo() is used.

Spear Phishing Incident Average Cost is $1.6M -16 Feb

Spear phishing has become an endemic scourge: 95% of US and 83% of UK respondents in a recent Cloudmark survey said that they have experienced spear phishing attacks (91% combined). Of those Spear Phishing attacks over the last 12 months, 81% suffered some negative impact as a result, with an average financial cost of $1.6 million—and some losses in the tens of millions of dollars.

Fake Netflix Apps Deliver Banking Trojans -11 Feb

According to Symantec researchers, Netflix users are targeted by a new malware campaign that advertises itself as a cheaper method of accessing and watching movies on Netflix. These malware on ads that redirect interested users to a direct download website from where they get the malicious files themselves. These files are spiked with a malware family named Infostealer.Banload, a known banking trojan that steals credentials for various online banking portals.

Android Malware Spread To Generate Fake Ad Revenue -16 Feb

Researchers have spotted a new type of mobile malware that roots Android devices with the purpose of generating fraudulent ad revenue for its operator. HummingBad is a complex root kit whose components are encrypted, in an attempt to avoid being flagged by security solutions as malicious. If the malware is able to gain root, it will contact one of its command and control (C&C) servers. After the malware has successfully called home for instructions, its C&C server can download APKs for installation on the, send referrer requests to create Google Play advertisement revenue, and launch different applications.

Mazar BOT Can Erase Android Phones -16 Feb

Heimdal Security uncovered the Mazar BOT Android malware, which, aside from being new on the scene, is notable in that it gains administrative rights that give it the ability to do almost anything with the victim's phone. The attack chain begins with a message: “You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message.” If the APK, a program file for Android, is run, it will gain administrator rights on the victim’s device.

CryptoWall 3.0 Bags Small Cybercrime Ring Over $300K -18 Feb

CryptoWall is one of the most dangerous pieces of ransomware around today and it is estimated to have resulted in $325 million in damages. Imperva’s report clearly demonstrates that peeling the layers behind the financial infrastructure of ransomware is achievable and such investigations could be a powerful tool if undertaken by the appropriate authorities. Imperva believes one of the reasons ransomware is thriving is the lack of action from law enforcement agencies.

Instagram Tightens Security With 2-Factor Authentication -17 Feb

According to TechCrunch, Instagram has been testing two-factor authentication for some users, and is now planning to roll out the security feature for anyone who wants it. With two-factor authentication, users receive a text message containing a one-time code whenever they try to login on a new device. Users must then enter that code along with their email and regular password. This helps prevent remote hacking attempts by requiring physical access to the phone where the text message is sent.

Unpatched Flaw Plagues Cisco Industrial Switches -16 Feb

Cisco informed customers on Monday that the IOS software running on some of the company’s industrial switches is plagued by a denial-of-service (DoS) vulnerability. The flaw, assigned the identifier CVE-2016-1330 and a CVSS score of 6.1, affects Cisco Industrial Ethernet 2000 Series Switches running IOS Software 15.2(4)E. This vulnerability, which affects Cisco Emergency Responder 11.5(0.99833.5), also remains unpatched with no workarounds available.

DB Networks Unveils Layer 7 Database Security for OEMs -16 Feb

DB Networks has launched a new Layer 7 Database Sensor to provide original equipment manufacturers (OEMs) with advanced database security capabilities. the new Layer 7 Database Sensor delivers real-time deep protocol analysis of database traffic to OEMs, which can integrate it into their products to offer deep visibility into data-tier cyber threats. The solution also provides machine learning and behavioral analysis technology that can help identify database attacks.

Google Wants to Save News Sites From Cyber attacks—For Free -24 Feb

Google Project Shield service, designed to stop DDOS attacks from being used as a censorship tool, currently protects close to a hundred similar sites focused on human rights, election monitoring and independent political news. And now it’s finally coming out of its invite-only beta phase to offer its free cyber attack protection to not just the most at-risk sites on the Internet, but to virtually any news site that requests it.

Operation Dust Storm State Hackers Target Japan- 24 Feb

Operation Dust Storm has been active since 2010 and initially was detected by several security vendors via its use of the Misdat backdoor. Over the time the group has narrowed its focus to almost exclusively Japanese companies or foreign organizations headquartered in Japan. It designed a unique S-Type backdoor variant to infect a Japanese car-maker last year, for example, and has also been actively targeting Android devices with customized backdoors.

PCI DSS 3.2 Expected As Soon As March - 19 Feb

The next version of card data security standard PCI DSS could land as soon as next month, replacing the expected November release as the only update in 2016, according to the PCI Security Standards Council (SSC).The 3.2 we are evaluating additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE); incorporating some of the Designated Entities Supplemental Validation (DESV) criteria for service providers; clarifying masking criteria for primary account numbers (PAN) when displayed; and including the updated migration dates for SSL/early TLS.

Baidu Web Browsers Leaked sSnsitive Information, Researchers Say - 24 Feb

Two web browsers developed by Chinese search giant Baidu have been insecurely transmitting sensitive data across the Internet, putting users' privacy at risk, according to a new study. The sensitive data was leaked by thousands of apps that use a Baidu SDK (software development kit). With the browsers, Citizen Lab found that a user's search terms, GPS coordinates, the addresses of websites visited and device's MAC address were sent to Baidu's servers without using SSL/TLS encryption.

MasterCard Set For Global ‘Pay-by-Selfie’ Launch- 22 Feb

Credit card giant MasterCard is set to extend its ‘pay-by-selfie’ facial recognition technology to 14 countries including the UK this summer as part of its ongoing attempt to crack down on identity fraud. The idea is that, like other biometric authentication systems, it will reduce the risk of identity fraud because it doesn’t rely on the user inputting passwords or other credentials which can be phished and reused by scammers.

New Trojan Xbot A Swiss-Army Knife Of Malicious Features - 19 Feb

Security vendor Palo Alto Networks, which sounded the alert on it this week, described Xbot as capable of taking a variety of malicious actions, including stealing banking credentials and credit card data, remotely locking Android devices, encrypting data on external storage, and asking for ransom. So far, the malware appears to be targeting only Android users in Australia and Russia. Once installed on a system, Xbot connects with a command-and-control server and launches phishing attacks when a user interacts with Google Play or any of the banking apps on its target list.

HSBC Set For UK’s Biggest Biometrics Roll-Out - 19 Feb

The banking HSBC giant will offer its 15 million customers the chance to log into their accounts via Apple’s Touch ID fingerprint scanning service or voice-activated authentication powered by speech recognition specialist Nuance.

Here Comes Locky, A Brand New Ransomware Threat - 18 Feb

The newly increasing crowded ranks of ransomware tools is "Locky," a somewhat awkwardly named but just as dangerous tool as the ones already floating out there. Locky is being distributed via a Microsoft Word attachment with malicious macros in it. Victims typically receive an email with an attached Word document purporting to be an invoice seeking payment for some product or service. Recipients who click on the attachment are presented with a document containing scrambled content and an instruction to click on an Office macro to unscramble it. Once enabled, the macro downloads Locky, stores it in the Temp folder and executes it.

Dangerous RCE Flaws Found in Popular E-Com Software- 24 Feb

The two Remote Code Execution vulnerabilities branded high-risk, after the e-commerce software vendors osCommerce and osCmax responsible failed to patch the issues despite being told about them at the end of December. Both are remote code execution flaws made possible by Cross Site Request Forgery (CSRF) and have been given a CVSSv3 base score of 5.3

Sony Hackers Behind Previous Cyberattacks Tied To North Korea - 24 Feb

A rare team investigation effort by researchers from multiple security vendors has traced the 2014 cyber attack on Sony Pictures Entertainment that wiped data and doxed its executives and sensitive company information, to earlier aggressive attacks on military, government, media, and other commercial interests mainly against South Korea and the US, but also Taiwan, Japan, and China. They also connected the dots to Operation DarkSeoul, which targeted banks and media in South Korea in 2013, as well as other attacks mainly targeting South Korean interests. South Korea government officials later called out North Korea as the culprit of the hacks.

Read more…

8669805871?profile=original

Here are some Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution:

  • Your organization have developed appropriate policy to govern the use of Data Loss Prevention (DLP) solution
    To draw true value from any DLP deployment an organization must first come up with a Data Loss Prevention specific policy to start with. The policy should clearly talk about the goals and objectives of Data Loss Prevention (DLP) deployment, identify and allocate resources for it and talk about the roles and responsibilities of stakeholders for effective governance of the same 
  • You can define the data to be protected in your Data Loss Prevention (DLP) Solution
    It is very important to know what is to be protected. You have to be very meticulous in defining what constitute sensitive data. You can look at the regulatory requirement that your organization must comply with or/and refer to the various Industry standards to find out.

    ( Read more: Top 6 Reasons Why Data Loss Prevention(DLP) Implementation Fails )

  • You have conducted risk assessment to identify the applications, people, processes, systems and protocols that deals with the sensitive data
    Once you have defined what is to be protected, next step is to find out who to protect it from? And how to protect it? Risk assessment can help you answer these questions.  Identify all the key applications that processes that data, the system on which it resides, the network devices through it passes, the protocols that is uses, the people who uses it etc. Unless this is in place, your Data Loss Prevention (DLP) Solution cannot function properly.
  • You have designed workflow to handle policy violations and data breaches
    Incidence response workflow must be designed to tackle any data breaches. Flow-chart can be developed identifying steps to take to isolate the incident, people to notify immediately, and methods for the preservation of evidence for forensics. The entire process must be tested by conducting drills at regular intervals. A Data Loss Prevention (DLP) solution can only function with proper policy definition and violation test cases.
  • Your organization has clearly defined roles and responsibilities for each employee, including privileged users
    Clearly define the roles and responsibility for each employee. Identifying who is the owner of data? Who is the custodian of data? Who is the user of data? The answer to these questions will help you in assigning privileges to users on data. If your Data Loss Prevention (DLP) Solution doesn't have proper privileges, the wrong access will never raise flags.

More:  Want to share your insights? Click here to write an article at CISO Platform

Read more…

8669804261?profile=original

( Read More: Top 10 'Incident Response & SIEM' talks from RSA Conference 2016 (USA) )

Here are 5 Reasons which may help you understand the Security Information & Event Management (SIEM) benefits. You may want to consider an SIEM solution in following cases:

  • Considering to reduce the cost of meeting ever-increasing compliance requirements: With the ability of automating data collection, analysis and reporting Security Information & Event Management (SIEM) tool can be the solution to your compliance related challenges. With out-of-the-box reports, continuous compliance tracking you can bring down the overall audit cost and manage multiple compliance at the same time.
  • You are looking for a centralized Arial view into your IT infrastructure: An Security Information & Event Management (SIEM) tool enables an organization to collect, Analyze and identify security threats in real time. With SIEM solution you have greater amount of visibility into your IT infrastructure. You can correlate between different security events, identify and fix broken security processes and perform forensics for any security events.

    ( Read more: Incident Response: How to Respond to a Security Breach during First 24 Hours (Checklist) )

  • You are  looking to set up a Automated incidence response process at your organization: Many Security Information & Event Management (SIEM) tools have in-built automatic response capabilities.  An SIEM solution can help you accelerate and optimize the incident workflows . You can set up ticketing and alerting capabilities in your program and/or with fine tuned security settings an SIEM solution can also direct the appropriate security control to stop the attack.
  • You are looking to scale your organizations Security capabilities to the next level: Using Security Information & Event Management (SIEM) you can consolidate all your investments made into different IT security tools by effectively utilizing them. Imagine the number of security devices/software's/ appliances you have in your network, they will become eyes and ears for your SIEM solution. This surely is going to enhance your organizations security capabilities in today's ever evolving threat landscape.
  • You are simply looking to upgrade your traditional SIEM deployment:  Modern day Security Information & Event Management deployment integrates with different Threat Intelligence feeds and leverages Big data technologies for Security Analytics. They are extremely useful and effective . They have low false positives and false negatives rate and can help reduce workloads for your in-house security team. 

More:  Join the community of 3000+ Chief Information Security Officers.  Click here

Read more…

CISO Guide to Next-Gen Criminal Fraud Detection

8669803682?profile=original

With the introduction of sophisticated threats, such as advanced phishing, pharming and malware, authentication has become less effective. Authentication methods—including out-of-band and one-time passwords—as well as security questions can be bypassed with minimal effort by fraudsters.
Consequently, more sophisticated authentication techniques have been developed. These techniques have severely impacted the customer experience and have been bypassed by advanced threats. The amount of unnecessary challenges and disruptions for end users is growing without a meaningful reduction in fraud. As fraud rises and the customer experience diminishes, there is a strong need for fraud tools that can stop fraud effectively, while actually enhancing the customer experience.

( Read More: 5 Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution )

Why Read This Report?

  • Learn the approach to Next Gen Criminal Fraud Detection
  • Examples of phishing-based & malware-based account take over
  • Learn how to benefit from Evidence Based Fraud Detection

>> Download the Complete Report

Read more…
8669803072?profile=original
New White House Cyber security Plan Creates Federal CISO - 9 Feb 2016

White House officials plan to enact a range of initiatives this year that they believe will strengthen computer networks against cyber attacks. Obama administration officials are instituting what they call a cybersecurity national action plan, which would create a federal chief information security officer, establish a new commission that looks for ways to protect computer networks, and increase coordination between federal officials who focus on privacy issues. The proposal includes $3.1 billion for an IT Modernization Fund to retire, replace and modernize legacy IT systems used within the federal government.
...Read More


How to Hack the Power Grid through Home Air Conditioners- 9 Feb 2016

Researchers have found another way to take down the power grid: by remotely manipulating home and office air conditioners to create a surge. It’s an attack that has the potential to be very serious impact. The hack targets remote shut-off devices that utility companies install on air conditioners to conserve energy during peak summer periods. A hacker could cut air conditioners during a heatwave—creating a potentially fatal condition for the elderly and sick—or turn air conditioners on during peak energy periods, causing a surge that creates a widespread blackout. Or a hacker could directly attack a group of specific homes or offices by taking advantage of the fact that unique IDs are assigned to groups of devices, allowing them to be singled out.
...Read More

( Read More: Checklist To Evaluate SIEM Vendors )


Researcher finds serious flaw in Chromium-based Avast Safe Zone browser- 5 Feb 2016

Avast SafeZone browser, internally known as Avastium, which is installed with the paid versions of Avast's antivirus and security suites. Google Project Zero researcher Tavis Ormandy found a vulnerability that could allow an attacker to take control of Avastium when opening an attacker-controlled URL in any other locally installed browser. By exploiting the flaw, an attacker could remotely read "files, cookies, passwords, everything and also attacker can even take control of authenticated sessions and read email, interact with online banking, etc.
...Read More


Newly Fired CEO of Norse Fires Back At Critics- 4 Feb 2016

Norse Corp, a Foster City, Calif. based cyber security firm that has attracted much attention from the newsmedia and investors alike this past year, fired its chief executive officer this week amid a major shakeup which may spell the end of the company. The remaining employees at the Foster City, Calif.-based threat intelligence firm were apparently informed they could continue showing up for work, but there would be no guarantee they would be paid, KrebsonSecurity reported but Critics have accused Norse of going to market too soon with the data in had, and of drawing conclusions not actually supported by the data.
...Read More

( Read More: Identity & Access Management (Workshop Presentation) )



Google issues Chrome update to fix Windows, Mac, and Linux bugs
- 10 Feb 2016

Google issued a Chrome update to address Windows, Mac, and Linux vulnerabilities that, if exploited, would allow remote attackers to take control of affected systems. The bugs were discovered by Mariusz Mlynski, lukezli, Jann Horn, and an anonymous security researcher working with HP's Zero Day Initiative. Google also announced it will no longer allow Flash display ads on AdWords or DoubleClick Digital Marketing campaigns, starting June 30
...Read More

IRS Hack Affects 101000 Tax Returns- 11 Feb 2016

The tax collection agency US Internal Revenue Service (IRS) was the target of a malware attack and that allowed the perpetrators to access the electronic tax-return credentials for 101,000 social security numbers. The attack was performed by an automated bot. It's objective was to extract PINs from the Electronic Filing PIN application on the IRS.gov website. The app creates 5-digit PIN codes for those who want to file their tax returns online, and the code is used to authenticate the filer's identity. 
...Read More

Java installer flaw shows why you should clear your Downloads folder- 8 Feb 2016

Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers in default download folder and use new ones for versions 6u113, 7u97, 8u73 or later. The reason is that older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files from the current directory. In the case of Java installers downloaded from the Web, the current directory is typically the computer's default download folder.
...Read More

Let us know which was your favorite news? Leave us your thoughts in the comments below

Read more…

Technology comes with a cost. The cost, one could never have imagined if not properly implemented. Enterprise Mobility Management (EMM) solution at place boosts the productivity, enhances mobile security, and provides easy access to corporate content. However, the important question is whether you are ready for this technology or not?

8669806470?profile=original

Here in this article, we shall look at the five important questions to ask yourself before implementing enterprise mobility management solution.

1. What is the volume of Mobile Workforce?

Mobile workforce for an organization are those employees using laptops, Smartphone's etc. for official purposes both on and off the corporate network. If your organization has a good proportion of a mobile workforce, Enterprise Mobility Management (EMM) solution can provide secure access to corporate email, calendar, and documents. If not, Enterprise Mobility Management (EMM) solution may not improve the overall productivity.


2. What are your Business Goals?

What are your business goals, to increase responsiveness, customer service, and/or productivity? Do a crisp research of customer need and workforce need on mobility to understand it better. Make sure that the solution you are going to implement meets your business goals.

( Read more:  Top IT Security Conferences In The World )


3. How do you want to fit Enterprise Mobility Solution into your Enterprise Architecture?

You need to find a fit between new mobility architecture and existing IT architecture. You need to plan beforehand for the resources to operate and support the mobility. You also need to prioritize mobile projects based on funding and resources. IT leader should also track and manage fast-changing technology.


4. What are the Mobile Applications and Security Concerns?

Mobile application development will engage critical resources. Prioritize on what mobile applications to build. You must think from the perspective of customers, employees, and partners to optimize their interaction with organization through mobile applications. You must decide on how to provide control access to corporate data while mobile for security either via application wrapping or SDK.

( Read more:  Free Resources For Kickstarting Your IT-GRC Program )


5. What is the TCO and is it worth it?

The prime question should be whether the implementation will bring the expected benefits in terms of customer service, employee productivity, partners’ interaction, etc. given the cost of implementation and concerns of security of critical data. If your implementation cost subsets the benefit then it is a good-to-go decision.

What are your thoughts on the above? Let us know in comments below!

Read more…

Identity Access Management (IAM) is a set of business policies, framework and processes which ensures the right person has access to the right asset/resources. Identity Access Management solutions can deliver intangible benefits that are revenue increasing and other tangible benefits that are cost reducing.

8669805287?profile=original

Here are 11 Ways To Measure The Effectiveness of your Identity Access Management (IAM) solution:

  • Average number of distinct accounts (credentials) per user:
    Generally an organisation has multiple number of accounts per user. Identity Access Management (IAM) solutions can help organisations to reduce this number close to one using their SSO (Single Sign on) functionality.
  • Number of unused accounts:
    Identity Access Management(IAM) solution can also help in reducing the number of unused/uncorrelated accounts. Uncorrelated accounts are the accounts which don’t have any owners and they come into picture because of promotions, transfers, and termination of workforce. These uncorrelated accounts can create risk for the companies if being hijacked by outsiders.

  • Number of new accounts provisioned:
    Number of new accounts provisioned should be equal to the number of new joinees. If there is a significant difference between these two numbers then it indicates that your IAM solution is not effective to give correct identity data.
  • Number of exceptions per access re-certification cycle:
    Exceptions means when the user is assigned the rights he/she should not be given. High number of exceptions can be because of poor identity data or access process problem (persons requesting re-certification do not have all the information required).
  • Password policy effectiveness:
    To measure the effectiveness of your IAM solution you can check the password reset data for a period say one month. With an effective Identity Access Management (IAM) solution this volume of data should tend to go down. If it does not, then there may be some issues with the password policies and management of your organisation.
  • Average time to provision and de-provision of a user:
    For an effective Identity Access Management (IAM) solution, this metric should come down.Most of the time, if someone is not getting the timely access, then there are backend processes responsible for that. This gives you an indication that you should work on your business processes.
  • Average time to provide an authorization
    For an effective Identity Access Management (IAM) solution, this metric should come down.This metric can provide insight into the efficiency of an organization's approval processes.Knowing the time taken can help to resolve the bottlenecks and help in improving out dated processes.

    ( Read More: Checklist To Assess The Effectiveness Of Your Vulnerability Management Program )


  • Average time to make changes in identity policies:
    For an effective Identity Access Management (IAM) solution, this metric should come down as IAM solutions can aid centralization of policies. So changes are faster compared to traditional ways. Organisation wide changes can be made easily.
  • Violation of separation of duties:
    For an effective Identity Access Management (IAM) solution, this metric should come down.The organization should implement preventive controls to monitor these violations, report them and orchestrate their remediation.
  • Reduced identity management cost
    For an effective Identity Access Management (IAM) solution, this cost of managing the large amount of identity store should come down. An effective IAM solution will provide the capability to expand the organization’s people and IT resources without increasing the IT staff.

More:  Join the community of 3000+ Chief Information Security Officers.  Click here

Read more…


Firewall in simple terms acts as a barrier to prevent unauthorized access or malicious traffic within a system or in a network. The rapid growth of new innovative technology and alongside with the massive growth of new security threat, the traditional firewall is not enough to compete. To deal with these changes, vendors in the enterprise firewall market have created a new generation of firewall devices dubbed the Next Generation Firewall or NGFW.

A next-generation firewall (NGFW) is a hardware or software-based network security system that is able to detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level.

8669805893?profile=original


9 Top features in Next generation firewall:

  • Application Awareness : Next Generation Firewall must be able to identify, allow, block or limit applications regardless of port, protocol etc. This provides visibility into unknown & proprietary application within the organization network.

    One of the major difference between a traditional firewall and a next-generation firewall (NGFW) is the fact that these newer devices are application aware. Traditional firewalls rely on common application ports to determine the applications that were running and the types of attacks to monitor for.
  • Identity Awareness: Next generation firewalls supports Identity awareness for granular control of applications by specific users, group of users and machines that the users are using.

    A Next generation firewall device also supports all major authentication protocols such as LDAP/AD, RADIUS, Kerberos and Local Auth. This helps organizations control not only the types of traffic that are allowed to enter and exit the network, but also what a specific user is allowed to send and receive. 

    ( Read more: Major components of IT GRC solutions )

  • Centralized Management, Administration, Logging and Reporting: Separate management solution is available for management, logging and reporting. This helps organizations in log analysis and policy management. This tool is also used to export firewall rules set and configuration. Centralized management provides administrator with security health dashboard to view the happenings and traffic patterns and associated risks in network in real time.

    Central management should also give you the ability to automate routine tasks, reuse elements and employ shortcuts and drill-downs to produce maximum efficiency with minimal effort.
  • State-full Inspection: While the general definition of Stateful inspection does not differ from traditional firewalls, a next-generation firewall (NGFW) tracks the connections from layer 2 to layer 7 (even layer 8 due to identity awareness) in contrast with the traditions firewalls which tracks the traffic from layer to layer 4. This difference allows a lot more control and provides the organizations the ability to have very granular policies. 
  • Deep Packet Inspection: Deep packet inspection (DPI) is one of the prior features of next-generation firewall (NGFW). This capability ensures the various pieces of each packet are thoroughly examined to identify malformed packets, errors, known attacks and any other anomalies. DPI can rapidly identify and then block Trojans, viruses, spam, intrusion attempts and any other violations of normal protocol communications. 
  • Integrated IPS: In an environment where a traditional firewall is deployed, it is common to see an Intrusion Detection System (IDS) or IPS deployed as well. Commonly, this was done with a separate appliance or an appliance that is logically separate within a single appliance. With a next-generation firewall (NGFW), the IPS or IDS appliance is fully integrated. It can be activated and de-activated as and when required. The IPS functionality itself is the same as it was with a separate appliance; the main difference is in the performance and accessibility of the information from all layers of the traffic. 

    ( Read more: Incident Response: How to Respond to a Security Breach during First 24 Hours (Checklist) )

  • Able to monitor SSL or other encrypted traffic: The next-generation firewall (NGFW) is able to monitor SSL and Http tunneled traffic flows as well. In order to secure encrypted traffic the Next generation Firewall supports all inbound and outbound SSL decryption capabilities. This helps Organization identify and prevent threats and malware in encrypted network streams
  • Integration with other security solutions: The next-generation firewall (NGFW) is capable with integrating with other security solutions such as SIEM tools, reporting tool, two factor authentication systems etc. with littke or no modifications. This enhances the overall capability of security systems of an organization.
  • Inbuilt Antivirus and Anti-Bot solution: Next-generation firewall (NGFW) have inbuilt antivirus engine and are able to inspect https traffic on the fly for any infected file. these protections are available for protocols like HTTP, HTTPS, FTP, POP3, SMTP, SMB etc. They are also capable of identifying malware coming from incoming file and malwares downloaded from internet

More:  Want to become a speaker and address the security community?  Click here

 

Read more…

Top 10 EndPoint StartUps

  • Tanium

    • Headquarters: Emeryville, CA
    • Founded: 2007
    • Founder: Orion Hindawi, David Hindawi
    • Funding: $302.31M
    • Website: http://www.tanium.com/

    • Description: Tanium Inc. provides security and management system solutions that allow enterprises and government organizations to query and modify their managed computer assets. It offers Tanium Endpoint Platform, a platform to secure, control, and manage various endpoints; and Endpoint Security, a solution to detect and remediate threats and issues, including incident response, endpoint security lifecycle, and security ecosystem connecting solutions. The company also provides Endpoint Management that reduces tools, management, and infrastructure cost; reclaims software licenses and hardware assets; repurposes operations staff to strategic projects; retrieves software and hardware information; and provides patch management and software distribution solutions. In addition, it offers Tanium Architecture, an endpoint communications architecture solution that collects data and takes action on the endpoint. The company serves banks, retailers, and other industries.



  • CrowdStrike
  • Headquarters: Irvine, California
  • Founded: 2011
  • Founder: George Kurtz, Dmitri Alperovitch, Gregg Marsto
  • Funding: $156M
  • Website: http://www.crowdstrike.com

  • Description: CrowdStrike is a cybersecurity technology firm pioneering next-generation endpoint protection, delivered as a single integrated cloud-based solution. CrowdStrike’s Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across all current and past endpoint activity while reducing cost and complexity for customers. CrowdStrike’s Falcon platform is delivered via the security industry’s only 100% native cloud architecture, integrated with 24/7 managed hunting capabilities and in-house threat intelligence and incident response teams. CrowdStrike’s unique Threat Graph harnesses the cloud to instantly analyze data from billions of endpoint events across a global crowdsource community, allowing detection and prevention of attacks based on patented behavioral pattern recognition technology.

  • Cybereason

    • Headquarters: Boston, Massachusetts
    • Founders: Yonatan Amit,Lior Div, Yossi Naar
    • Founded: 2012
    • Funding: $88.6M
    • Website: http://www.cybereason.com
    • Description: Cybereason’s Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response.Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.
      The company's approach to security is based on the assumption that hackers will find a way into the corporate network someway anyway, so any attacks have to be detected in real-time otherwise once they are inside they can lurk for months or years.

  • Cylance

    • Headquarters: Irvine, California
    • Founded: July4, 2012
    • Founder: Stuart McClure, Ryan Permeh
    • Funding: $77M
    • Website: http://www.cylance.com
  • Description: Cylance is the first company to apply artificial intelligence, algorithmic science and machine learning to cyber security and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using a breakthrough mathematical process, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats.

Countertack

Headquarters: Waltham, MA
Founded: 2007
Founder: Alan Capalik, Stan Eramia
Funding: $67.44M
Website: http://www.countertack.com
Description:
CounterTack is the leading provider of real-time, Big Data endpoint detection and response technology for the enterprise. CounterTack provides unprecedented visibility and context around operating system and binary behaviors to detect zero-days attacks, rootkits, targeted malware and advanced persistent threats, enabling our customers to improve incident response and advanced threat detection, enterprise-wide.

SentinelOne

Headquarters: Mountain View, Ca
Founded: 2013
Founder: Almog Cohen, Tomer Weingarten
Funding: $39.52M
Website: http://www.sentinelone.com/
Description:
SentinelOne is reinventing endpoint security to protect organizations against advanced threats and nation state malware. The company uses predictive execution inspection to detect and protect all devices against targeted zero day threats in real time. SentinelOne was formed by an elite team of cyber security and defense experts from Intel, McAfee, Checkpoint, IBM and the Israel Defense Forces.

Invencea

Headquarters: Fairfax, VA
Founded: 2009
Founder: Anup Ghosh
Funding: $37.4M
Website: http://www.invincea.com
Description:
Invincea is the premier innovator in advanced malware threat detection, breach prevention, and forensic threat intelligence.
Invincea is the market-leading solution that provides enterprise networks with coverage against the largest attack surface for cyber-breach attacks aimed at end-users in the form of spear phishing, drive-by download exploits, poisoned search results and user-initiated infections. The company’s solutions include a desktop security software suite and threat intelligence appliance.

Ziften Technologies

Headquarters: Austin, TX
Founded: 2009
Founder: Mark Obrecht
Funding: $35.3M
Website: http://www.ziften.com
Description:
Ziften provides groundbreaking software that enables enterprises to achieve true end-to-end visibility of people-centric devices to enhance security. Ziften Open Visibility™ and intelligence provides a more secure environment by delivering actionable analytics for any user device across the enterprise. Ziften extends existing security, system management, and event monitoring tools. It delivers crucial open intelligence of any enterprise endpoint, enabling to run your business in a more efficient, intelligent, and secure manner.

Barkly

Headquarters: Boston, MA
Founded: 2013
Founder: Mike Duffy, Jack Danahy
Funding: $17M
Website: http://www.barklyprotects.com/
Description:
In the hot endpoint security space, Barkly promises a lightweight agent to gather data – lightweight in its footprint and in its CPU usage. That makes it less intrusive to end users. Barkly is a new type of advanced security that actively protects users without slowing them down. By automatically recognizing modern attacks and stopping them before they can do more harm, companies are more prepared, more confident, and more productive with Barkly by their side. Its founders have driven other successful startups, notably OpenPages and OunceLabs, both bought by IBM.

ENSILO

Headquarters: San Francisco, California
Founded: August, 2014
Founder: Roy Katmor, Udi Yavo, Tomer Bitton, Ido Kelson
Funding: $12M
Website: www.ensilo.com
Description:
ENSilo offers a real-time targeted attack exfiltration prevention platform. enSilo has developed a platform which accurately distinguishes legitimate connections from malicious ones from the moment a connection is established. Their solution provides virtual patching against advanced targeted threats, enabling employees to keep working as usual while a device compromise is resolved. enSilo is financially-backed by Lightspeed and Carmel Ventures.

Triumfant

Headquarters: Rockville,MD
Founded: 2002
Founder: Dave Hooks
Funding: $6.75M
Website: http://www.triumfant.com
Description:
Triumfant provides companies and government entities worldwide with continuous protection from advanced malware threats. Applying mathematical theory, patented analytics and precision-remediation capabilities, Triumfant offers the best protection available at the most vulnerable location – the endpoint – enabling organizations to prevent, detect and respond quickly to sophisticated attacks that bypass traditional signature-based tools. Without lockdown, forklift upgrades, signatures or prior knowledge of any kind, Triumfant stops a breach before it becomes a full-scale attack, then automatically repairs the machine and all of the collateral damage within minutes of the attack. When inevitable attacks happen, large enterprises trust Triumfant to quickly recover and prevent loss without any disruption to the business.

Read more…

8669804866?profile=original

Below are Top 6 Reasons Why Data Loss Prevention/ Data Leakage Prvention (DLP) Fails:

  • Lack of business/key-stakeholders involvement: Failure to include key stakeholders (Including Business and C-level executives) while defining requirements and formulating DLP policy make implementation harder. A clear 'Data Loss Prevention policy' from the management and Board clearly sets-up the expectations, allocate needful resources and comes up with a plan for its governance.
  • Ineffective data classification methods: Failure to identify the right data to be protected. Undermining certain data can lead to the exposure of sensitive information while overwhelming amount of protected data can bring down the system and network performance. Conducting risk assessment on data, data-owners and data custodians is very crucial for the success of any DLP implementation.
  • Improperly configured content scanning module: Failure in defining right use cases and processes related to sensitive information may lead to ineffective controls which can open doors for an attacker to get his hands on the sensitive information

    ( Read more: Bad USB Defense Strategies )

  • Excessive False positives: Overly strict rule-set, policies can lead to an overwhelming amount of false positives and reporting. This can drastically bring down employee productivity and results in unnecessary workload for IT security team
  • Loosely Integrated Data Loss Prevention modules: A complete DLP implementation will have network protection modules, Host protection modules and storage modules tightly integrated and centrally managed. Loosely Integrated DLP modules will create a lot of management overhead and may lead to ineffective monitoring.
  • Failure in periodic monitoring of changes in organization IT Infrastructure, Business units and processes: This can render previous DLP controls ineffective. The changes must be taken into account to fine tune DLP modules from time to time in order for the DLP solution to deliver its value

    ( Read more:  Top IT Security Conferences In The World )

More:  Join the community of 3000+ Chief Information Security Officers.  Click here 

Read more…

Cloud Services In India, 2015 And Beyond

Cloud services, being cost effective, scalable and agile are growing at a slow but steady pace in India. For years enterprises and the security  community have debated over its maturity and the readiness for its adoption . Major concerns such as security and confidentiality of data have marred its large scale adoption for many decades. Surprisingly, the cloud delivery model is being used to deliver a growing number of security-critical tasks. Irrespective of all the concerns, Cloud Services is an inevitable choice in today's dynamic environment.

According to the Enterprise Cloud Adoption Survey by the Everest Group, over 56% enterprises consider cloud as a strategic differentiator and about 58% of enterprises spend upwards of 10% of their IT budget on cloud services.  The inherent ability to increase operational efficiency  is accelerating the demand for more such services.  Today Cloud Services are broadly offered in three medium popularly known as IAAS(Infrastructure as a Service) , PAAS ( Platform as a Service) & SAAS(Software as a Service ).

In India, According to "2015 Top markets report on Cloud computing" by international trade administration " over 250 million Indians today use web connected devices, which generally rely on cloud services for applications and other functionality. As Internet access, e-commerce, mobile device usage, and business adoption continue to expand, the growth in cloud-related spending in India should outpace that in the rest of the world" . Research firm Gartner believes that by 2018 public cloud spending in India will reach nearly $2 billion, from $638 million in 2014. Other estimates are similarly upbeat, IDC predicts $3.5 billion will be spent on cloud services in total in India by 2016 – growth of over 400 percent from the 2012 level. Finally, Forrester expects the software-as-a-service (SaaS) market in particular to roughly double in value between 2014 and 2020, when it will be worth $1.2 billion.

Despite optimistic predictions and overwhelming market potential, however, a variety of challenges have held India’s back in realizing its cloud potential even as adoption continues growing. Some of the  most critical and current problem is the country’s Internet infrastructure (i.e., bandwidth constraints and fiber optic weaknesses) and the inconsistency of its power supply in some areas. Other key concerns that are preventing organizations, especially public sectors  is regarding  security of their confidential data. IT regulations in India have been very strict and requires that the organization must store their data locally(In India), As many cloud providers have their data centers located outside India, the current scenario discourages firms to adopt for cloud services.

Fortunately, the government is aware of these challenges, and its ambitious Digital India program aims to address some of the infrastructural and policy weaknesses, though it remains to be seen if this will lead to significant improvements.

Read more…