Cybersecurity

Twistlock Releases Active Threat Protection for Serverless Functions

Grazed from Twistlock

Twistlock, the leading provider of container and cloud native cybersecurity solutions, today announced the addition of serverless runtime defense to the Twistlock platform.  With this new functionality, companies can extend Twistlock's automated, whitelist based threat protection to serverless functions running in AWS Lambda and other leading serverless platforms.

This new capability builds upon Twistlock's release of vulnerability scanning for serverless functions in July 2017, and brings Twistlock's serverless capabilities to parity with the full lifecycle, full stack protection the platform currently offers for containers and virtual machines. Customers can now centralize their serverless, container, and VM security in a single platform that provides developers, devops, and security teams alike the visibility and controls needed to deliver cloud native applications securely.

Why Data Breach Transparency Protects Business

Article Written by Avery Phillips

In a perfect world, data breaches wouldn't happen. Unfortunately, the reality is that criminals are looking for any way to exploit the cybersecurity flaws of your company. Companies using data storage methods relying on big data, the cloud, and the IoT are finding all too often that they are not bulletproof and that a data breach can bring a business to a standstill or worse. However, there is one way to lessen the blow of a data breach. 

Disclosing to your customers that a data breach has happened and exhibiting total transparency afterward isn't just ethical, it's mandated. Transparency is also the only way to get your business back on track. Being open and honest when answering customer questions about a data breach will help you to regain their trust and protect your business operations. 

Below are some ways that transparency protects your business and some tips on how to be transparent in the event of a data breach.

US Signal 2018 Security 'Health of Nation' Survey Reveals Organizations Had Increase in Cybersecurity Challenges

Today, US Signal, leading end-to-end IT solutions provider, released the results of its 2018 Security ‘Health of the Nation' survey, revealing that most organizations are still vulnerable to security threats.

The survey revealed that 81 percent of organizations witnessed an increase in cybersecurity challenges in the past year. In addition, 40 percent of respondents experienced at least one security incident in that time period, and 13 percent did not know if they had.

Nearly 120 security experts from a cross-section of organizations including technology, healthcare, education, food services and logistics, offered insights into the security health of their companies via SurveyTown. After 12 months of major hacks like the Equifax breach, the WannaCry and NotPetya ransomware outbreaks and the Spectre and Meltdown flaws in Intel chips, the findings reflect this surge in threats and demonstrate a need for stronger investment and education. Respondents' top three security challenges included.

Akamai's State of the Internet/Security: Report Highlights the Importance of Information Sharing in Battle Against CyberThreats

Grazed from Akamai

Akamai Technologies today announced the availability of the State of the Internet / Security: Carrier Insights Report for Spring 2018, which shows that sharing information is an important factor in helping to defend against cyber threats. The report analyzes data from more than 14 trillion DNS queries collected by Akamai between September 2017 and February 2018 from communications service provider (CSP) networks around the world.

For more than 19 years, Nominum, acquired by Akamai in 2017, has leveraged in-depth DNS data to improve overall protection against sophisticated cyberattacks such as distributed denial of service (DDoS), ransomware, trojans, and botnets. Akamai's Carrier Insight Report builds upon the Nominum expertise and highlights the effectiveness of DNS-based security that is enriched with data coming from other security layers. This layered security approach involves gathering various security solutions to collectively protect an organization's data.

"Siloed understanding of attacks against individual systems isn't enough for defenders to prepare for today's complicated threat landscape," said Yuriy Yuzifovich, Director of Data Science, Threat Intelligence, Akamai. "Communicating with varying platforms is critical when acquiring knowledge across teams, systems and data sets. We believe that the DNS queries that our service provides act as a strategic component to arming security teams with the proper data necessary for that big picture view of the threat landscape."

RedLock, Barracuda Join Forces to Help Organizations With a Cloud Threat Defense Strategy

Grazed from RedLock and Barracuda

RedLock, the Cloud Threat Defense company, and Barracuda Networks Inc., a provider of cloud-enabled security and data protection solutions, today announced their joint efforts to help organizations fulfill their responsibilities in securing public cloud environments. The joint-solution approach offers enterprises the ability to implement a broad Cloud Threat Defense strategy across Amazon Web Services, Microsoft Azure, and Google Cloud environments that aligns with the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF). The two companies plan several go-to-market initiatives, including joint sales efforts, joint product demonstrations and joint solution collateral development.

"RedLock and Barracuda products fit together to address the security challenges in public cloud computing environments," said Varun Badhwar, CEO and co-founder at RedLock. "The solutions assist enterprises with addressing the four functions of NIST CSF, which include identifying assets, protecting against threats, detecting security events, and responding to incidents. We're privileged to work with Barracuda in helping organizations obtain the benefits of public cloud computing."

Portnox Brings Increased Network Visibility and Enforcement with TrapX Integration

Grazed from Portnox

Portnox, a market leader for network visibility, access control and device risk management solutions, and TrapX Security, the global leader in deception-based advanced cyber-security defense, announced today the integration of Portnox's cloud-based and on-premise network access control (NAC) solutions, Portnox CLEAR and Portnox CORE, with TrapX's DeceptionGrid product. The joint solution will give customers the ability to detect unauthorized activity on the network, as well as enforce security policies in real time.

The integration of Portnox's solutions with DeceptionGrid provides CISOs, CSOs, IT teams and network administrators with a complete view of the network, as well as increased visibility into devices - including BYOD, Internet of Things (IoT), mobile and managed devices, anywhere in the world. As DeceptionGrid identifies threats, it shares that information with Portnox to either allow or restrict device access. Portnox generates unique risk scores for each device based on whether a device is on or off premise, over wired, VPN or wireless networks and creates accurate risk profiles and authenticates devices according to score.

Ovum Places Ericom Shield "On the Radar" for Secure Browsing

Grazed from Ericom Software

Ericom Software announced today that leading global analyst firm Ovum has chosen to cover Ericom Shield in its "On the Radar" series. Ericom Shield leverages strong remote browser isolation technology to protect organizations against known and unknown web-borne threats including ransomware, drive-by downloads, zero-day attacks, and crypto-jacking.  

According to Ovum, every "organization with an online presence is susceptible to attack and their systems can be put at risk to browser-borne malware." In the "On the Radar: Ericom Shield provides secure browsing facilities" report, Ovum recommends Ericom Shield as an additional layer of protection against malware that "penetrates and attaches itself to business systems via inadequately protected browsers", in conjunction with firewalls, URL filtering and other traditional protection tools.

Ovum singles out Ericom Shield's centrally managed design, which requires "no on-browser or on-device software" as a key advantage of the solution. The report also highlights the pre-integrated content disarm and reconstruction (CDR) tools that are included in Ericom Shield, which sanitize files of potential malware before they are downloaded from the internet to endpoints.

Protecting Your Organization's Cloud

As organizations move to the cloud, the next evolution of Network Access Control takes shape to meet business demands.
 

What are the chances that your organization has moved some of its data, systems, programs and applications to the cloud? Quite high. According to a Synergy Research survey of IT professionals, spending on private cloud and cloud-enabled solutions grew by 16% between the second quarters of 2015 to 2017. During that same period, traditional, non-cloud data center hardware and software dropped 18%. It is easy to understand why these days, cyber security threats are coming in through many new channels and vulnerabilities that are not part of the traditional IT infrastructure such as, mobile devices and cloud-based applications. The following prevalent trends in the enterprise highlight why it is essential to monitor your network with a Cloud Network Access Control (Cloud-Based NAC). 

Company Networks Go Global

Organizations are becoming perimeter-less. Traditional IT perimeters have been torn down by the adoption of BYOD, IoT devices, telecommuting and cloud computing. Therefore, one can no longer look at the network as a defined infrastructure within a physical firewall. The network is essentially global without boundaries. According to a Gallop News Service poll from 2015, 37% of U.S. workers had telecommuted for work, and this was up by 30% from the last decade but four times greater than the 9% found in 1995. Perimeter-less companies require continuous risk-monitoring and risk-assessment that can match the ever increasing mobile and cloud-based reality and this can be performed best via the cloud. 

WhiteHat Security Delivers New Crash Course Series to Grow AppSec Expertise

Written by David Marshall

Today, WhiteHat Security, leading application security provider, launched its "Crash Course" series, which includes three webinars run by Kimberly Chung, who runs the Threat Research Center's WhiteHat Academy.

"WhiteHat has made a major commitment to educating and training the wider security and developer community. The WCSD program, Crash Course series and on-demand technical webinars-all provided for free-- demonstrate the company's long-term commitment to supporting industry professionals and helping them fulfill their potential," commented Eric Sheridan, chief scientist at WhiteHat and leader of the WCSD program.

The series complements the successful WhiteHat Certified Secure Developer (WCSD) program, which has enrolled more than 3,300 people and certified more than 500 developers in 2017 alone. The series is specifically tailored for application developers, security analysts, architects, managers or auditors and any security professionals interested in learning how web application security is key to vulnerability management. 
 

2 Ways To Keep Your Business More Secure

While it may be impossible to remain 100% protected at all times, it is increasingly important that every company is making the most of its security. The growing threat of cybercrime means that alongside the huge number of benefits that the internet offers, it also comes with some substantial risks. It is this reason why it has never been more important that you look at your online security and critically view it regarding its strengths. Identifying your weak security points is the first stage of addressing them, so here are the key ways that you can assess your business security and help to keep your business much more secure.