Subscribe to RSS - Cybersecurity

Cybersecurity

Data forensics: time is of the essence

 - 
07/03/2019

AUSTIN, Texas—Huge volumes — think terabytes, petabytes, exabytes, zettabytes, yottabytes and up into the quintillion bytes — of complex, digital data is constantly being generated and scattered into different physical and virtual locations such as online social networks, the cloud and personal network-attached storage units.

Infocyte and Solutions Granted partner

Enables MSPs to deliver comprehensive, cost-effective endpoint security solutions to small, mid-sized organizations
 - 
06/18/2019

AUSTIN, Texas—Infocyte, a pioneer proactive threat detection and instant incident response (IR), has partnered with Solutions Granted, a master managed security service provider (MSSP), providing managed security solutions to the channel.

Cyber:Secured Forum helps heat up the Lone Star State

 - 
Wednesday, May 29, 2019

Things are heating up here in the Lone Star State which means air conditioning bills are about to go up, water will be consumed by the gallons, the smell of sunscreen and sun block will be everywhere, but most importantly, it means the Cyber:Secured Forum will be here before we know it at The Westin Dallas Park Central, July 29-31.

Senior Technical Director for NSA’s Cybersecurity Threat Operations Center (NCTOC), David Hogue, will be taking the stage on July 31st, 11:30am to 1:30pm, keynoting about fostering innovation and public-private partnerships in cyber defense. 

“The NSA is one of the most forward-thinking security organizations in the world,” Joe Gittens, director of standards, SIA told SSN. “David Hogue has been a technical expert on many of the agency’s cybersecurity threat mitigation efforts and a lead researcher on a number of high-profile breaches, like the Sony Pictures hack.” 

Attendees can look forward to the following take-aways from Hogue: 

  • Principles on how NSA is approaching cybersecurity innovation
  • How the security industry can partner in this overall mission; and
  • Ways the industry can develop solutions for: managing gateways and cyber perimeters, hardening endpoints to meet best practices and standards, embrace comprehensive and automated threat intelligence and cultivate a culture of curiosity and innovation. 

 

“I believe there is not a better voice to educate our industry on the emerging threats that enemies are deploying to interfere with the ever-connected nature of our nation,” Gittens said. “Security battlefronts are constantly changing, and David’s presentation will offer rare insights into how partnership and innovation within the security industry can lead to increasing success in the public and private sectors.”

I look forward to seeing everyone at Cyber:Secured and taking lots of notes on what Hogue has to offer! 

 

Preliminary agenda released for Cyber:Secured Forum

Second annual summit hosted by ISC Security Events, PSA Security Network and SIA
 - 
04/17/2019

DALLAS—ISC Security Events, PSA Security Network and the Security Industry Association (SIA) have revealed the preliminary agenda for the 2019 Cyber:Secured Forum, a conference connecting the worlds of cybersecurity, physical security and systems integration.

Cyber workforce shortcomings

As organizations and governments across the globe struggle to staff high-level cybersecurity positions, a new report finds that the U.S. government may have a bigger shortage than it realized.
 - 
04/03/2019

WASHINGTON—There’s no denying it: the future is digital. Whether it’s Industry 4.0, the aptly-named industrial revolution that signals the rising influence of automation and data exchange in manufacturing, or the rise of cyberwarfare, the effects of which are yet to be fully realized, the clout of the Internet is growing exponentially and will continue to do so for the foreseeable future.

AI coming to the aid of security-related applications

 - 
Wednesday, March 20, 2019

Our May 2019 News Poll got me really thinking about Artificial Intelligence (AI) and Machine Learning (ML), and the possibilities. My previous AI-related thoughts have been around Watson, the IBM-created, question-answering computer system that answers in natural language, and robots, and how AI can take over the world one day, according to some! Spooky! But, I wanted to know if AI is a legit, practical application for security-related functions, so I scoured the internet and found some exciting and unique, currently deployed uses. 

Physical Security

According the to China Morning Post, AI is revolutionizing physical security in Asia. It can detect people acting out of the ordinary and flag them, and then transmit that information to a command center, where human operators can make an informed decision. Additionally, AI and high-definition cameras can work together to first communicate to a human that a smoke detector, for example, has been activated, with the cameras identifying the exact location of the fire. 

Financial Security

Shoplifting literally costs billions of dollars here in the United States, which trickles down to honest consumers who end up paying more for goods and services. Vaak, a Tokyo-based company, spent more than 100 hours showing their AI system closed-circuit television footage of honest shoppers and shoplifters. The system can now identify suspicious activity based on more than 100 aspects of shoppers’ behavior including gait, hand movements, facial expressions, clothing choices and even “restless” and “sneaking” behaviors. Store employees are alerted of suspiciousness via an app and they can decide what to do. 

Life Security

Paris-based startup, Pharnext, was founded by Daniel Cohen, who “mapped” the human genome and demonstrated it is possible to use Big Data and automation to speed up the processing of DNA samples. Today, Cohen is using AI to analyze and map the chain of reactions of disease in the body. With this information, he and his team are combining existing drugs, known as “repurposing,” to create therapeutic effects that each drug lacks on its own. His overall goal is to use existing medicines to treat all disease, preventing the design of new medicines. 

Cybersecurity

Post-doctoral research fellow at Stanford University, Dr. Srijan Kuman, is developing an AI method — REV2 — to identify online conflict using data and machine learning to predict internet trolling before it happens. (Trolling is an action by a person who posts inflammatory and often deceptive and disinformation online to provoke others to respond on pure emotion.) Kuman uses statistical analysis, graph mining, embedding and deep learning to determine normal and malicious behaviors. His method is currently being used by Flipkart, an online store, to identify fake reviews and reviewers, and he was able to accurately predict when one Reddit community will troll another. 

Be sure to check out our editor’s blog that talks about worldwide spending on AI systems to reach $35.8 billion in 2019, according to International Data Corporation. 

 

Congress introduces legislation to establish security standards for government devices

 - 
Wednesday, March 13, 2019

Based on analyst firm Gartner’s research, 20.4 billion Internet of Things (IoT) devices will be deployed by 2020; that’s more than double the world’s population! Hackers tend to gravitate toward the weakest link in the security chain, and because more and more IoT devices have questionable defenses, they make easy targets. This has caused the U.S. government to take notice.

To date, there is no national standard for IoT security, leaving it up to each company to decide how they want to security their connected devices. So, on Monday, March 11th, the U.S. Senate and House of Representatives members introduced the Internet of Things Cybersecurity Improvement Act. If passed, this legislation would set minimum security standards for connected devices used by the government in an effort to prevent the federal government from purchasing hacker friendly devices. 

While the legislation won’t set security standards for all IoT companies—just the ones wanting to win federal contracts— it could provide a baseline of best practices for all connected device manufacturers to consider. 

Should the bill pass, here’s what would happen: 

  • Security standards from the National Institute of Standards and Technology (NIST), such as secure development, identity management, patching and configuration management, would be required; 
  • NIST would review every five years; 
  • All IoT venders selling to the U.S. government would have a vulnerability disclosure policy, allowing government officials to learn when the devices are open to cyberattacks.

 

Do you think this legislation would compel all connected device makers to adopt these security requirements or just the ones wanting to do business with the government? 

 

New tech holds the key to stopping cybercrime, study finds

 - 
Tuesday, February 12, 2019

You don’t have to look too hard to find a sobering example of cybercrime, as it's as pervasive as ever these days, even on the national level with recent reports that cyber criminals have access to critical infrastructure such as our national power grids and gas lines. The good news, though, is technology may be our best weapon against these invisible criminals.

In fact, the use of big data and blockchain technologies are key to fighting cybercrime, according to a new study from Frost & Sullivan that looks at how effective machine learning is in aiding early detection of cyber anomalies, and how good blockchain is at creating a trustworthy network between endpoints.

Frost and Sullivan noted that the rise of the Internet of Things has opened up numerous points of vulnerabilities, compelling cybersecurity companies, especially startups, to develop innovative solutions to protect enterprises from emerging threats. As cybercrime becomes more sophisticated and even a method of warfare, the research firm found, technologies such as machine learning, big data, and blockchain will become prominent.

"Deploying Big Data solutions is essential for companies to expand the scope of cybersecurity solutions beyond detection and mitigation of threats,” Hiten Shah, research analyst, TechVision, said in the announcement of the findings. "This technology can proactively predict breaches before they happen, as well as uncover patterns from past incidents to support policy decisions."

The study, Envisioning the Next-Generation Cybersecurity Practices, presents an overview of cybersecurity in enterprises and analyzes the drivers and challenges to the adoption of best practices in cybersecurity. It also covers the technologies impacting the future of cybersecurity and the main purchase factors.

"Startups need to make their products integrable with existing products and solutions as well as bundle their solutions with market-leading solutions from well-established companies," noted Shah. "Such collaborations will lead to mergers and acquisitions, ultimately enabling companies to provide more advanced solutions."

Technologies that are likely to find the most application opportunities include:

•    Big Data: It enables automated risk management and predictive analytics. Its  adoption will be mostly driven by the need to identify usage and behavioral patterns to help security operations spot anomalies.
•    Machine Learning: It allows security teams to prioritize corrective actions and automate real-time analysis of multiple variables. Using the vast pools of data collected by companies, machine-learning algorithms can zero in on the root cause of the attack and fix detected anomalies in the network.
•    Blockchain: The data stored on blockchain cannot be manipulated or erased by design. The tractability of activities performed on blockchain is integral to establishing a trustworthy network between endpoints. Furthermore, the decentralized nature of blockchain greatly increases the cost of breaching blockchain-based networks, which discourages hackers.

Envisioning the Next-Generation Cybersecurity Practices is part of Frost & Sullivan’s global Information & Communication Growth Partnership Service program.

Top 3 areas shutdown is hitting security the hardest

 - 
Wednesday, January 16, 2019

Day number 26 … it’s the longest shutdown in U.S. history, and with approximately 800,000 federal employees out of work or working without pay, and three or more hours of wait time to clear security in some of America’s busiest airports—Atlanta, Houston, Miami and Washington—security-related vulnerabilities linger. Just by saying the U.S. is “shutdown” seems to give hackers, terrorists, criminals and such the impression that the whole country is weak and now is the time to strike.

Here’s some specific areas the shutdown is hitting security the hardest, and please clcik here to comment on the topic in our News Poll:

Government payment portals and remote access services: Sites such as NASA, the U.S. Department of Justice and the Court of Appeals, among others, are insecure or inaccessible, due to more than 80 expired TLS certificates used on .gov domains. What’s more, only 1 in 20 HTTPS servers implement the security feature that prevents visitors from making unencrypted HTTP connections to a server.
As more security certificates expire during the shutdown and with furloughed IT employees not renewing them, opportunities for a security hack increase.

Click the following links to see examples of expired .gov certificates as of January 16, 2019:
https://ows2.usdoj.gov/
https://rockettest.nasa.gov/

National cybersecurity: It seems “everyone” is furloughed…approximately half of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the employees who protect critical infrastructure, such as banking, water, energy and nuclear; 85 percent of the National Institute of Standards and Technology (NIST) employees and other IT professionals knowledgeable about the latest cyberattacks and how to deal with them most appropriately, according to CNBC.

Security operations, software patching and penetration testing are among the activities not getting done for government sites including but not limited to:
•    Departments of State;
•    Homeland Security;
•    Agriculture, Commerce and Housing and Urban Development;
•    Environmental Protection Agency;
•    Internal Revenue Service (IRS);
•    National Institute of Standards and Technology; and
•    National Park Service.

Weakened airport security: Not only is wait time increasing for passengers to get through security, but personal safety is quickly becoming an issue. On January 2, 2019, a Delta passenger successfully deceived TSA, sneaking a gun past agents and onto a flight headed to Tokyo from Atlanta Hartsfield-Jackson International Airport.

According to USA Today, TSA said they would “hold those responsible appropriately accountable,” as they rejected the assumption that low staffing was to blame. Either way, carelessness or low staffing, security was breached and could have led to dire consequences.

As we see the deterioration of security right before our eyes, what are you most concerned about when it comes to the partial government shutdown and security?

Let’s discuss! Looking forward to your responses.

SSN News Poll: Readers weigh in on cyber trends

60 percent of respondents see end users budgeting more for cyber
 - 
11/20/2018

YARMOUTH, Maine—The Security Industry Association recently released a benchmarking study that outlined potential cyber risks and the emerging technologies that could help protect systems. Security Systems News’ readers shared some of their opinions on end user attitudes and rising threats that were outlined in the report.

Pages