Cybersecurity

Poor Security Practices Put Cloud-Driven Business Growth and Cost Savings at Risk

Grazed from Kaspersky Lab

According to new research from Kaspersky Lab, 35 percent of businesses admit that they are unsure if certain pieces of corporate information are stored on company servers or on those of their cloud providers. Businesses are rapidly adopting cloud-based services to leverage cost savings, but the new report shows that this is leaving them unable to safeguard and account for business data, which puts them at risk to the effects of a potential third-party data breach.

Cloud services are enabling companies to take advantage of key technologies to support day-to-day operations and growth plans - without having to worry about maintenance or a hefty price tag. Therefore, it's no surprise that 78 percent of businesses are already using at least one Software-as-a-Service (SaaS) based platform, and nearly the same amount (75%) are also planning to move more applications to the cloud in the future. When it comes to Infrastructure as a service (IaaS), nearly half (49%) of enterprises and 45 percent of SMBs are looking to outsource IT infrastructure and processes to third-parties.

 

Armor Spartan Platform Delivers Protection for Cloud Workloads, Leverages Amazon GuardDuty for Increased Detection and Response

Grazed from Armor

Armor today announced significant advancements in Spartan, the industry's first threat prevention and response platform for private, hybrid and public cloud environments including AWS and Azure. These enhancements enable businesses of all sizes to accelerate the pace of preventing, detecting and eliminating cyber threats in any cloud or on-premise environment. Clients can now leverage features to uncover hidden threats missed by traditional solutions, make faster more accurate decisions to eliminate threats, and gain on-demand access to highly experienced HIPAA, PCI compliance experts. 

"I am very excited that the public cloud providers continue to take security seriously and continue to expose more capabilities like GuardDuty," said founder and CEO, Chris Drake, Armor. "These capabilities allow for Armor to continue to gather more detail from the AWS cloud, allowing us to better identify and remediate threats on behalf of our clients. Due to the power of automation, there will be a day in the not-so-distant future that the public cloud will be seen as the most secure option for IT. Security integration and automation allows cybersecurity professionals to focus on important activities and not be burdened by managing legacy IT security approaches."

Splunk Announces New Integrations with Amazon Kinesis Firehose and Amazon GuardDuty

Grazed from Splunk

Splunk Inc., today announced new product integrations with Amazon Web Services (AWS) that span IT, Security, Big Data and IoT use cases. Integrations with Amazon Kinesis Firehose, the first partner integration of its kind, and Amazon GuardDuty deliver Splunk's commitment to continuous innovation for customers. Customers are already leveraging the Amazon Kinesis Firehose integration to stream AWS data into Splunk solutions to manage and enhance their IT and security environments.

"The new integrations make it even easier for Splunk users from IT, marketing, sales, operations and beyond to access and turn AWS data into answers in Splunk Enterprise and Splunk Cloud," said Richard Campione, chief product officer, Splunk. "Splunk is committed to providing a holistic set of AWS integrations that scale to meet our customers' requirements across every use case in IT, Security, Big Data and IoT. The ultimate goal is to provide our joint customers with end-to-end visibility across their entire infrastructure to empower them to make timely, data-driven business decisions."

Trend Micro Acquires Immunio and Expands Hybrid Cloud Security for DevOps Lifecycle

Grazed from Trend Micro Incorporated

As companies build and deploy applications faster across everything from cloud to containers, any drag on the DevOps lifecycle can create drag on an entire business. In response to this, Trend Micro Incorporated, a global leader in cybersecurity solutions, today announced the expansion of its Hybrid Cloud Security solution scope. New capabilities, attained through a combination of acquiring Montréal, Canada-based Immunio and in-house development, increase the automated protection that Trend Micro can provide throughout the DevOps lifecycle. These capabilities will be demonstrated at AWS re:Invent 2017 in Las Vegas, Nov. 27 through Dec. 1 (booth#1812). 

 

Future Hosting Warns Server Admins To Keep SSH Keys Safe

Grazed from Future Hosting

Future Hosting, a global managed server hosting provider, has warned server hosting clients not to upload private SSH keys to production servers. The warning was prompted by a rapid increase in the number of malicious scans that attempt to discover accidentally uploaded SSH keys (as reported by WordFence on October 18, 2017).

If SSH private keys fall into the hands of malicious third parties, they can be used to compromise servers and the data stored on them. Private keys can be accidentally uploaded to the publicly accessible directories of web servers, and it is trivially easy for a malicious third-party to scan for private keys in those directories.

Future Hosting advises server hosting clients to use passphrases with their SSH key pairs. Using passphrases may be inconvenient, but a key pair with a passphrase is useless to an attacker even if the private key is made public.

AT&T Expands Strategic Relationship with Amazon Web Services

Grazed from AT&T

AT&T is expanding business cloud networking solutions with Amazon Web Services (AWS). AWS customers using AT&T connectivity can now have highly secure, flexible connectivity options to serve their cloud, cybersecurity and mobility needs. These solutions can help customers mobilize their workforce to support the digital age.

“Many of our customers are on their journey to the cloud with AWS,” said Roman Pacewicz, chief product officer, AT&T Business. “We can offer customers a highly secure, cloud optimized networking environment. No matter where they are in that transition or how they want to get there, AT&T has it covered.”

“Business customers rely on AT&T for proven network connectivity, cybersecurity and IoT solutions. These new enhancements provide our customers with the performance, security and connection options they need to grow their businesses on AWS,” said David Wright, general manager, Worldwide Strategic Technology Partners, Amazon Web Services, Inc.
 

Thales announces new security-as-a-service for centralized control of encryption keys used for Microsoft Azure and AWS

Grazed from Thales

Thales, a leader in critical information systems, cybersecurity and data security, announces CipherTrust Cloud Key Manager for support of Microsoft Azure Key Vault and Amazon Web Services (AWS) Key Management Service (KMS) bring your own key (BYOK) capabilities. The solution allows users of these dominant public cloud solutions to meet compliance mandates and further protect their most sensitive data by creating and managing encryption keys separate from their cloud provider's infrastructure.

To help save time and money, a growing number of enterprises are eschewing legacy technologies in favor of cloud and SaaS environments. While these technologies are digitally transforming businesses, they present challenges: enterprise data is fair game for cybercriminals regardless of operating environments, and meeting compliance and best practices requirements isn't always straightforward. In response, enterprises are developing encryption strategies to better protect and control their data. While effective, this presents a new hurdle; when considering that many enterprises utilize multiple cloud providers, the management of encryption keys can prove difficult.

Thales CipherTrust Cloud Key Manager offers a number of benefits to help enterprises control and secure encryption keys in multi-cloud environments, including:

McAfee Integrates Advanced Analytics to Increase Security Operations Center Efficiency and Protect Endpoints and Cloud

Grazed from McAfee

McAfee, one of the world's leading cybersecurity companies, today announced new endpoint and cloud solutions that go beyond machine learning to take advantage of the speed and accuracy of advanced analytics, deep learning and artificial intelligence, and increase efficiency of security operations. Cyber threats and the data needed to defend against them continue to increase, overwhelming security teams and driving the need for open, efficient security operations. McAfee's new solutions make use of the automation, reasoning and data curation uniquely provided by advanced analytics technologies, allowing security teams to easily discover and assess data and root out threats. Through human-machine teaming and an open and interoperable cybersecurity platform, McAfee proves ‘Together is power,' with collaborative security that defends against shared adversaries.

"Security teams are increasingly overwhelmed by the complexity they face in their environments which hinders their ability to defend against the growing number of threats," said Chris Young, CEO of McAfee. "McAfee is acting on our ‘Together is power' principle with collaborative security that combines the unique advantages of people, machines and partners enabling teams to be situationally aware of security events and take swift action to thwart assaults, from the endpoint to the cloud."

FileCloud Unveils 'Breach Intercept' to Safeguard Organizations Against Dramatic Increase in Cyber Attacks

Grazed from FileCloud

FileCloud, the cloud-agnostic EFSS platform, today announced FileCloud Breach Intercept. The newest version of FileCloud offers advanced ransomware protection to help customers handle every phase of a cyberattack: prevention, detection and recovery.

FileCloud is deployed across 90 countries and has more than 100 VARs and Managed Service Providers across the world. Deployed by Fortune 500 and Global 2000 firms, including the world's leading law firms, government organizations, science and research organizations and world-class universities, FileCloud offers a set of unique features that help organizations build effective anti-ransomware strategies.

Global ransomware damage costs are expected to total more than $5 billion dollars in 2017, compared to $325 million dollars in 2015. Ransomware is growing at an estimated yearly rate of 350 percent with business enterprises becoming the priority target for hackers. Enterprise File Sharing and Sync (EFSS) solutions have seen an increase in ransomware attacks with 40 percent of spam emails containing links to ransomware. Whereas public cloud EFSS solutions such as Box and Dropbox offer centralized targets for ransomware attacks, FileCloud's decentralized private cloud reduces your company's exposure to potential attacks.

TrapX Security Expands Cloud Data Center Support for Amazon AWS and KVM OpenStack

Grazed from TrapX Security

TrapX Security, a global leader in deception-based advanced cybersecurity defense, today announced fully integrated cloud data support for DeceptionGrid for both Amazon AWS EC2 and KVM OpenStack. This enhancement addresses the growing challenges associated with visibility and lateral movement within the hybrid environments of cloud and internal networks.

Widespread private and public cloud adoption presents significant security challenges. Security teams must extend their operations across internal networks who support a large number of cloud based applications. There are several key elements to success in securing the cloud: