Cloud Threat Detection

RedLock Report Indicates Data Breaches in the Cloud Will Continue to Rise

Grazed from RedLock

RedLock, the Cloud Threat Defense company, today released a new report based on research from its Cloud Security Intelligence (CSI) team - a group of elite security analysts, data scientists and data engineers. The latest "Cloud Security Trends" report spans research from June through September, 2017, providing a comprehensive view into major threats and vulnerabilities in public cloud computing environments despite cloud service providers' efforts to educate organizations on shared security responsibilities.

Among key findings in the new report, the RedLock CSI team found that:

FireEye Expands Cybersecurity Threat Detection with Major New Releases

Grazed from FireEye

FireEye, Inc., the intelligence-led security company, today announced major new software releases and next-generation hardware, adding new and expanded capabilities to extend FireEye's cybersecurity threat detection while reducing costs and increasing flexibility.

To address the issue of post-breach attacks and insider threats, FireEye unveiled FireEye Network SmartVision - a new capability that leverages a machine-learning framework to detect suspicious lateral threat movements (East-West traffic) and data exfiltration. This capability is designed to provide customers with greater detection and expanded visibility across their perimeter and now network core and servers.

FireEye Network (NX) deployments can now burst network traffic to FireEye's MVX Smart Grid during periods of high-content scanning activity, to address overload and gaps in protection that might otherwise occur. Other new software capabilities include significant updates to alert handling, event change visualization, expanded logging, and overall usability improvements.

These new software releases complement the launch of fifth-generation FireEye hardware, expanding customer capability to address increasingly sophisticated threats, while reducing costs and increasing deployment flexibility. FireEye also introduced FireEye File Content Security (FX), a new virtual offering that extends FireEye protection further into hybrid IT environments.

Cloud Computing: 5 Cybersecurity Threats Businesses Should Watch Out for in 2016

Grazed from Tech.co. Author: Dennis Hung.

From phishing attacks to new and creative malware to infected laptops, cyber-crime is globally growing at an alarming rate. These cyber criminals are not just targeting the blue chip companies and large corporations as the media reports. According to Symantec, 43 percent of cyber-attacks in 2015 targeted small-to-medium sized businesses with around 250 to 500 workers. Experts forecast a continuation of this trend in 2016 with the global cybercrime industry growing to $600 billion a year. The weak cyber security protocols of these businesses make them easy targets. They also offer access to larger corporations and the government who are their clients.

Malware

Malware lurks in the background stealing company data such as usernames and passwords. These malware is mostly installed by unsuspecting employees. According to Blue Coat, the average data breach can cost an organization 5.4 million dollars. In April 2016, MetStar, a non-profit organization running 10 hospitals in the Baltimore and Washington area was a victim of SAMSAM ransomware that encrypted sensitive data, requiring them to pay up the amount of 45 Bitcoins (approx. US$ 18,500) for the decryption key. Luckily, the IT department was able to detect the malware and prevent it from spreading further into their internal network...

Read more from the source @ https://tech.co/cybersecurity-threats-businesses-watch-2016-05

IoT, cloud computing, nation-state threats redefining enterprise security, panelists say

Grazed from PCWorld. Author: Fred O'Conner.

A printer that connects to the Web may pose as great a risk to enterprise security as an OS vulnerability, but yet companies worry about the latter and too often ignore the former, said a CTO during a discussion at MIT. With more devices gaining Web connectivity as part of the Internet of Things movement, hackers have greater opportunities to exploit weaknesses, said Patrick Gilmore, CTO of data-center and telecommunications service provider the Markley Group.

The people who write software for printers may not be worried about security, he said. “No one talks about what if your printer is hacked and every document your CEO printed is posted to a blog,” he said. The session, part of the Massachusetts Institute of Technology Sloan CIO Symposium Wednesday, covered a range of security issues, including cloud computing, emerging threats and data security...

Cloud Computing Faces Rising Threats

Grazed from Elastica.  Author: Editorial Staff.

The cloud computing security landscape is complex with its constant movement of data between devices, networks, and the cloud. The cloud provides great opportunities to attackers, results in shadow IT, and places an ever greater security burden on endpoints. Today, businesses use the cloud not just to host applications, but also to manage and analyze data.

As the cloud becomes increasingly popular with small and large businesses, ever more valuable and critical data is moved to it. Cloud security has been in the news over the last week with a new report out on it...

9 Worst Cloud Security Threats

Grazed from InformationWeek. Author: Charles Babcock.

Shadow IT is a great thing until it runs into the security of cloud computing. All too often line-of-business users are establishing applications and moving data into the cloud without understanding all the security implications. The Cloud Security Alliance has put together a list of the nine most prevalent and serious security threats in cloud computing. Many of them relate in one way or another to the weaknesses implicit in Shadow IT.

The alliance bills its list as the "Notorious Nine: Cloud Computing Threats in 2013." The CSA itself was formed in 2008 on the heels of the Information Systems Security Association CISO Forum in Las Vegas. Jim Reavis, a well-known security researcher and author, issued a call for action to secure the cloud at the event, leading to the founding of the organization...

The New Bank Robbers: Emerging Cloud Threats

Grazed from InformationWeek. Author: Robert Malmrose.

Willie Sutton, the famous bank robber, is credited with robbing more than 100 banks between the late 1920s and the early 1950s, when he was arrested, convicted and imprisoned. Sutton stole more than $2 million during his prolific crime wave. In an article published in The Saturday Evening Post in January 1951, a reporter asked Sutton why he robbed banks, to which Sutton allegedly replied, "Because that's where the money is." In his autobiography, Sutton denied that he actually he used those exact words, but then wrote, "That's what almost anybody would say… it couldn't be more obvious."

Modern-day bank robbers aren't using masks and guns, but rather computers and social engineering. As businesses move their intellectual property and client data into cloud technologies, it's clear that the new bank robbers are going to be found in the cloud. Why? The worldwide public cloud services market is growing tremendously. And they're not just targeting banks anymore, but any company where they can find data to resell, disrupt or exploit...

Cloud computing and BYOD will force firms to redesign networks to combat security threats

Grazed from V3.co.uk. Author: Alistair Stevenson.

Businesses will have to redesign their networks from the ground up if they hope to protect their data from next-generation hackers, according to McAfee president Michael DeCesare. DeCesare said business and high-tech companies will have to use a by-design strategy if they wish to remain ahead of the threats they face. He was speaking during a keynote at the McAfee Focus conference, attended by V3.

"We have to figure out how to integrate security into [networks] from the get-go. We have to redefine the role of network security. Companies are going to have to change. All companies will be rebuilding their networks," he said. DeCesare cited new trends resulting from developments in mobile cloud technologies, such as bring your own device (BYOD), as proof of the weakness of current networks...

WatchGuard Announces Unified Threat Management Solution for Windows Azure Cloud Platform

Grazed from PRNewsWire. Author: PR Announcement.

WatchGuard® Technologies, a leader in integrated security platforms, today announced its first Unified Threat Management (UTM) solution for Microsoft's Windows Azure cloud computing platform. As organizations worldwide continue to pour vast amounts of sensitive data, applications and services into the cloud, secure data access becomes paramount. Now these companies can ensure secure cloud access while leveraging WatchGuard's comprehensive and multi-layered defense across network, email, web and content security.

"Windows Azure's cloud scalability, speed, and economics make it a compelling option for our customers that want to take advantage of the cloud while continuing to use their on-premises infrastructure," said David Aiken, Group Product Marketing Manager, Windows Azure, Microsoft. "These customers require secure data access from on-premises networks to the cloud, and WatchGuard's unified threat management platform helps extend on-premises datacenters to the cloud while assuring secure access."...

The cloud's next big federal spying threat

Grazed from InfoWorld. Author: David Linthicum.

According to Cnet security reporter Declan McCullogh, the FBI is pressuring telecom carriers (such as AT&T and Verizon) to install "port reader" software that would allow the agency to intercept and analyze entire communication streams in real time. Carriers seem to be resisting, but the FBI claims it has the right to do this under the Patriot Act. Although the recent NSA scandal has not been put to bed yet, most of us who deploy cloud computing technology have dialed that situation into our thinking.

However, this latest attempt to monitor electronic communications goes a bit further and creates more concern that moving data into the cloud means the government can leaf through your data willy-nilly. As I pointed out last week, U.S. cloud providers are already suffering from fears due to the NSA scandal. Many European companies are hesitant to use U.S.-based cloud services when they consider the risk that the U.S. government's spying may come along from the ride...