Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Tuesday, November 7, 2017

Proofpoint acquires Cloudmark for $110 million

Proofpoint, a cybersecurity company based in Sunnyvale, California, agreed to acquire Cloudmark, which specializes in messaging security and threat intelligence for Internet Service Providers (ISPs) and mobile carriers worldwide. The price is $110 million in cash.

Cloudmark correlates email threat telemetry data into its Global Threat Network, including intelligence derived from malware campaigns and targeted attacks like spear phishing and business email compromise (BEC).

Proofpoint plans to integrate the Cloudmark Global Threat Network into its Nexus platform, which powers Proofpoint’s product effectiveness across the portfolio covering email, social media, mobile and SaaS products.

“We are excited to welcome Cloudmark’s ISP and mobile carrier customers to Proofpoint,” said Gary Steele, Chief Executive Officer of Proofpoint. “By combining the threat intelligence from Cloudmark with the Proofpoint Nexus platform, we can better protect all of our customers – both enterprises and ISPs – from today’s rapidly evolving threats.”

Wednesday, October 25, 2017

Skybox Security raises $150 million

Skybox Security, a privately-held company based in San Jose, California, raised $150 million in venture funding for its cybersecurity management software.

The Skybox Security Suite combines attack vector analytics and advanced threat intelligence to continuously analyze vulnerabilities in a customer's environment and correlate them with exploits in the wild. Skybox extends across complex networks, including those in physical, virtual, cloud and operational technology (OT) environments.

Skybox says it has a compound annual growth rate (CAGR) of 46 percent and positive cash flow (2014 ­– 2016).

The new funding includes $100 million from the CVC Capital Partners’ Growth Fund (CVC Growth) and $50 million from Pantheon.

Skybox was founded in 2002. The company is headed by Gidi Cohen.


Thursday, October 19, 2017

Intezer raises $8M for malware analysis

Intezer, a start-up based in San Francisco and Tel Aviv, Israel, announced $8 million in series A funding for its malware analysis and detection solution.

The funding round was led by Intel Capital with co-investors Magma and Samung NEXT. This round will be used to expand the company's global sales efforts and open new opportunities in targeted markets.

Intezer said its approach to cyber security is to replicate the concepts of the biological immune system. The idea is to map and identifying the DNA of every single piece of code within seconds. The company has demonstrated the effectiveness by detecting code similarities in the latest high profile attacks such as WannaCry, Turla and NotPetya.

“Intezer has developed the most advanced technology for detecting code-reuse, effectively performing ‘DNA mapping’ for software. With this technology, we are able to identify every single piece of code running in the organization, enabling us to detect the most sophisticated cyber attacks and help security teams to respond immediately,” stated Itai Tevet, co-founder and CEO of Intezer.

Thursday, October 12, 2017

A10 scales up its DDoS protection

A10 Networks launched its most powerful DDoS protection to date with a solution that can manage 500,000 flows per second -- more than double the performance of the nearest competitive flow-based DDoS detection system, according to the company.


The A10 Thunder Threat Protection System (TPS) Detector is now available as a virtual machine on the A10 aGalaxy 5000 management appliance or on other TPS mitigation appliances. For the full solution, the Thunder TPS Detector can be integrated with A10’s TPS Mitigator and A10 aGalaxy TPS management.

A10 Thunder TPS solution leverages more than three dozen threat intelligence sources to block malicious traffic. It monitors performance and security baselines with 28 behavioral indicators.

According to a recent report commissioned by A10, large DDoS attacks greater than 50 Gbps have quadrupled the past two years. The number of companies experiencing between 6-25 attacks per year has increased more than four times in that same time span. However, with the complete Thunder TPS solution, A10 is improving protection for companies looking to augment mitigation capacity, SecOps-friendly automation, and reduction of false positives.

“With the new Thunder TPS options and flexibility, A10 is helping service providers, cloud providers, gaming companies and enterprises combat aggressive DDoS attacks with greater intelligence and agility,” said Raj Jalan, CTO of A10 Networks. “We believe the intelligent automation, combined with the industry’s highest-performing combination of powerful detection, mitigation, and management, will increase SecOps efficiency and drive more effective defense for businesses.”

Saturday, October 7, 2017

FireEye updates its Cybersecurity Threat Detection

FireEye announced major new software releases and next-generation hardware to drive drive performance at scale and increase deplyment flexibility. FireEye solutions updated with the new software and next-generation hardware include FireEye Network Security (NX), FireEye Email Security (EX), File Content Security (FX), Central Management (CM), and Malware Analysis (AX). The new releases include:


  • FireEye Network SmartVision is a new capability to address post-breach attacks and insider threats. It leverages a machine-learning framework to detect suspicious lateral threat movements (East-West traffic) and data exfiltration. This capability is designed to provide customers with greater detection and expanded visibility across their perimeter and now network core and servers.
  • FireEye Network (NX) deployments can now burst network traffic to FireEye’s MVX Smart Grid during periods of high-content scanning activity, to address overload and gaps in protection that might otherwise occur. Other new software capabilities include significant updates to alert handling, event change visualization, expanded logging, and overall usability improvements.
  • Fifth-generation FireEye hardware features the latest Intel processors, increased storage and port density. The four models are engineered to deliver throughput from 300 Mbps to 2500 Mbps, replacing existing fourth-generation models that are available until the end of October 2017.
  • FireEye File Content Security (FX) is a new virtual offering that extends FireEye protection further into hybrid IT environments.

Tuesday, October 3, 2017

Yahoo now believes all 3 billion user accounts hit by breach

Yahoo, which is now part of Verizon's Oath division, provided notice that all of its 3 billion user accounts were impacted by the 2013 data breach.  Previously, Yahoo had disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected. The company believes that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information.

Monday, October 2, 2017

Level 3 expands its network-based adaptive firewall service

Level 3 Communications is expanding its cloud-based, next-generation Adaptive Network Security footprint to Asia Pacific and Africa.

Level 3's Adaptive Network Security is a network-based firewall service that includes intrusion defense systems and intrusion protection systems, anti-malware sandboxing, data loss protection, URL and web content filtering, and application awareness and control. 

Customers can access the firewall service via a constellation of security gateways distributed across Asia Pacific, Europe, Middle East and Africa and North America. All of these gateways are connected via Level 3's global VPN backbone.

Level 3 said it currently monitors over 1.3 billion security events across 94 billion NetFlow sessions daily, in addition to activity by over 5,000 command and control servers (C2s) and malicious IPs, creating rules to detect and block attacks.

"While the threat landscape continues to evolve, enterprises are seeing the cost and complexity of security solutions continue to rise. Level 3's expansion of Adaptive Network Security marks the next step in delivering adaptive networking solutions to break the hardware dependency cycle and reduce the administrative burden of trying to stay ahead of bad actors. Global businesses can leverage Adaptive Network Security for the latest security technology to keep their networks and workforces secure while they focus on what matters most to their business," stated Chris Richter, SVP of Global Managed Security Services for Level 3.

Wednesday, September 20, 2017

Aruba builds analytics-driven security framework for multivendor networks

Aruba, the wireless networking division of Hewlett Packard Enterprise, is launching an analytics-driven attack detection and response framework to bolster enterprise security from the edge, to the core, to the cloud for multivendor networks.

Aruba 360 Secure Fabric is a security framework that builds on User and Entity Behavioral Analytics (UEBA) to detect and respond to advanced cyberattacks from pre-authorization to post-authorization across multivendor networks, not just its own wireless LAN gear. Aruba already offers an IntroSpect UEBA product line that leverages machine learning security to detect anomalous user and traffic patterns across multiple data sources. Aruba Introspect can ingest common data sources including Microsoft Active Directory or other LDAP authentication records and identity information, and firewall logs from sources such as Checkpoint, Palo Alto Networks, or Aruba monitoring (AMON) logs from Aruba infrastructure.

Key components of the Aruba 360 Secure Fabric include:

  • Aruba IntroSpect UEBA solution : A new network-agnostic family of continuous monitoring and advanced attack detection software. Includes a new entry-level edition and uses machine learning to detect changes in user and device behavior that can indicate attacks that have evaded traditional security defenses. Machine-learning algorithms generate a Risk Score based on the severity of an attack to speed up incident investigations for security teams.
  • Aruba ClearPass : A network access control (NAC) and policy management security solution that can profile BYOD and IoT users and devices, enabling automated attack response, is now integrated with Aruba IntroSpect. ClearPass can also be deployed on any vendor’s network.
  • Aruba Secure Core : Essential security capabilities embedded in the foundation across all of Aruba’s Wi-Fi access points, wireless controllers, and switches, including the recently introduced Aruba 8400 campus core and aggregation switch.

Aruba said its new framework delivers betters and complementary attack detection with leading third-party security solutions. An emphasis is places on rapid response for breach investigations based on forensic traffic analysis.

Tuesday, September 19, 2017

Level 3 introduces encrypted wavelength service

Level 3 Communications has launched an encrypted wavelength service to help global enterprises secure their optical connections from unlawful interception and fiber tapping.

The encrypted waves service, which uses AES 256-bit encryption, provides enterprises with a single network view. Customers maintain complete control over their encryption keys via the MyLevel3 portal and a Level 3-provided key management system.

Unlike with cloud-based encryption schemes, Level 3 says its optical layer service does not incur a performance penalty, ultra-low latency is preserved and there is no throughput degredation. In addition, customers do not need to invest in in additional encryption equipment to leverage encrypted waves between key customer locations.

"Every element of a critical network today has to be hardened against security attacks. Level 3 encrypted waves offer enterprises peace of mind by addressing security threats such as unlawful interception and fiber tapping, without sacrificing network performance. Unlike other optical encryption solutions on the market today, our solution provides greater direct customer control with built-in encryption key management through our portal. This is just one example of how Level 3 continues to deliver a truly customer-defined adaptive networking experience," stated Paul Savill, SVP of Core Products for Level 3.

Thursday, September 14, 2017

Microsoft intros Azure confidential computing

Microsoft Azure is introducing a new data security capability called Azure confidential computing that provides encryption for data that is in use.

Microsoft said it has been working on this capability with Intel for over four years.

Confidential computing protects data in use from the following threats:

  • Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
  • Hackers and malware that exploit bugs in the operating system, application, or hypervisor
  • Third parties accessing it without their consent

Microsoft said that when data is “in the clear” it is protected inside a Trusted Execution Environment (TEE - also known as an enclave), which ensures there is no way to view data or the operations inside from the outside, even with a debugger.

https://azure.microsoft.com/en-us/blog/introducing-azure-confidential-computing/

Thursday, September 7, 2017

Equifax reports major cyber intrusion

Equifax, which is one of the three big consumer credit reporting agencies, suffered a major cybers intrusion between mid-May through July 2017 that potentially impacts some 143 million U.S. consumers.

The company said the attackers exploited a U.S. website application vulnerability to gain access to certain files, but not its core consumer or commercial credit reporting databases. Equifax said information stolen could include names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, the intruders accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

https://www.equifaxsecurity2017.com/

Friday, September 1, 2017

Juniper to acquire Cyphort for security analytics

Juniper Networks agreed to acquire Cyphort, a start-up specializing in security software. Financial terms were not disclosed.

Cyphort, which is based in Santa Clara, California, describes its security analytics and advanced threat defense platform as the Anti-SIEM (security information and event management) because it leverages machine learning to address the time, cost, and complexity challenges associated with traditional SIEMs. Cyphort’s open, scalable Cyphort security analytics platform helps incident responders and security analysts work more effectively.

Juniper said the acquisition will strengthen the capabilities of its Sky Advanced Threat Prevention (ATP), giving security practitioners a consistent feature set for both on-premises and cloud solutions. Combined with Sky ATP, Cyphort will provide increased efficiency and performance, a wider range of supported file types, and new threat-detection functionality that draws from advanced machine learning and behavioral analytics.

The acquisition is expected to close within the next month.

http://www.juniper.net

Thursday, August 31, 2017

Qadium raises $40m for indexing every device on public Internet

Qadium, a start-up based in San Francisco, announced $40 million in Series B funding for its automated, global Internet intelligence operation.

Qadium said it "indexes every device on the public Internet every hour, similar to how search companies crawl web pages." Qadium then uses these data to continually monitor the global Internet for large organizations’ true network boundary, surfacing comprehensive information about all of an organization’s Internet-facing risks.

“Our technology would have been impossible just a few years ago,” says Co-Founder and CTO Matt Kraning. “Now, we leverage distributed and massively parallelized computation to monitor the global Internet in real time. It’s the first game-changer in a decade for defenders in cyberspace, allowing them to find and fix risks faster than attackers can exploit them.”

Qadium is available on a SaaS basis. Cited customers include PayPal, Capital One, Allergan, and Fluor, among others.

The new funding round was led by IVP, joined by new investor TPG Growth. Prior investors New Enterprise Associates (NEA), Founders Fund, Susa Ventures, and angels also participated.

https://qadium.com/

Tuesday, August 15, 2017

Trend Micro brings Deep Security to AWS GovCloud

Trend Micro is now offering its Deep Security agent in the recently launched Amazon Web Services (AWS) GovCloud Marketplace.

Trend Micro said its Deep Security provides cloud protection from a single agent that scales seamlessly, helping government organizations maintain continuous compliance. .

https://www.trendmicro.com/aws/


Monday, August 14, 2017

Amazon Macie protects sensitive cloud data

Amazon Web Services (AWS) introduced Amazon Macie, a new security service that uses machine learning to help customers prevent data loss by automatically discovering, classifying, and protecting sensitive data in AWS. The service protects data stored in Amazon Simple Storage Service (Amazon S3), with support for additional AWS data stores coming later this year.

AWS said its fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides customers with dashboards and alerts that give visibility into how this data is being accessed or moved. Customers pay only for the GBs of Amazon S3 content classified and the AWS CloudTrail events analyzed,.

https://aws.amazon.com/macie

Friday, August 11, 2017

Cylance reports 283% YoY revenue growth

Cylance, a privately held company that offers AI-powered cyber defense, reported the following metrics:

  • 283 percent growth in overall revenue
  • 119 percent growth in overall bookings
  • 169 percent growth in the number of customers
  • Over 5 million endpoints sold
  • 171 percent growth in deals
  • 100 percent growth in the number of OEM partnerships

Cylance also announced the appointment of Brian Robins as chief financial officer. Robins previously served as chief financial officer at AlienVault. Before that, he served as vice president and chief financial officer of Global Business Services at CSC, a multinational IT and professional services corporation. Earlier in his career, Robins was executive vice president and chief financial officer of Verisign.

http://www.cylance.com

Cylance: AI and Cybersecurity


Stuart McClure, CEO and founder of Cylance, discusses the intersection of artificial intelligence and cybersecurity. Cylance, which has been selling its AI-based solution for about 2 years, has grown to over 700 employees and about 3,000 customers with some 3 million endpoints. Filmed at Net Events' Global Press & Analyst Summit in California.   See video: https://youtu.be/27yUlW0lskg http://www.netevents.o...


Thursday, July 13, 2017

Cisco to Acquire Observable Networks

Cisco announced plans to acquire Observable Networks, a privately held software developer based in St. Louis. Financial ters were not disclosed.

Observable Networks provides cloud-native network forensics security applications delivered as a service. The technology is based on dynamic behavioral modeling of all devices on the network.

Observable Network said its solutions provide security analysts with the ability to gain real-time situational awareness of all users, devices and traffic on the network, whether in the data center or the cloud. Its cloud-native machine learning techniques for device modeling identifies insider and external threats faster and more accurately. This design supports cloud environments and enables turn-key activation for customers using Amazon Web Services and Microsoft Azure.

Cisco said the acquisition will extend its Stealthwatch solution into the cloud with highly scalable behavior analytics and comprehensive visibility.

https://blogs.cisco.com/news/cisco-announces-cloud-security-news

Wednesday, June 28, 2017

Linux Foundation Launches Open Security Controller Project

A new Open Security Controller Project is being launched by The Linux Foundation to help centralize security services orchestration for multi-cloud environments.

Founding members include Huawei, Intel, McAfee, Nuage Networks from Nokia, and Palo Alto Networks.

The main idea for the Open Security Controller Project is to orchestrate virtual network security policies for virtualized network security functions, like next-generation firewall, intrusion prevention systems and application data controllers to protect east-west traffic inside the data center. A centralized controller would apply the correct policy to the appropriate workload, and it would broker services among cloud management platforms. A open standard would enable seamless integration of multi-vendor virtual security controls.
                               
“Software-defined networks are becoming a standard for businesses, and open source networking projects are a key element in helping the transition, and pushing for a more automated network” said Arpit Joshipura, General Manager of Networking and Orchestration at The Linux Foundation. “Equally important to automation in the open source community is ensuring security. The Open Security Controller Project touches both of these areas. We are excited to have this project join The Linux Foundation, and look forward to the collaboration this project will engender regarding network security now and in the future.”

Open Security Controller Project technology is licensed under Apache 2. Governance for the Open Security Controller Project has been structured to nurture a vibrant technical community. A Governing Board will guide business decisions, marketing and ensure alignment between the technical communities and members. The technical steering committee will provide leadership on the code and guide the technical direction of the project. Visit https://www.opensecuritycontroller.org for more information.

https://www.opensecuritycontroller.org

Saturday, May 13, 2017

Worldwide Disruptions from WannaCry Ransomware

On Friday 12-May-2017 major organizations worldwide fell victim to a rapidly spreading ransomware attack known as WannaCry, WCry, WanaCrypt and WanaCrypt0r.  The ransomeware ecrypts files on the victim's Windows PC and displays a note demanding $300 or $600 in Bitcoin to unlock the machine. Here's a roundup:

The ransomware exploits a vulnerability (MS17-010) in the Windows Operating that was once part of the NSA's toolkit and was leaked earlier this year by a group calling itself Shadow Brokers. The exploit provides the attacker with system priviledges on the target Windows machine.
  • Avast reported that the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but has impacted an estimated 130,000 unpatched Windows systems worldwide. 
  • McAfee identified this MS17-010) exploit as the Equation Group’s ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. 
  • The infection vector appears to be phishing emails.
  • Microsoft released a security update for the MS17-010 (link is external) vulnerability on March 14, 2017. Windows users are urged to update their systems ASAP.
  • A British blogger under the handle @MalwareTechBlog appears to have come across a method that has slowed or stopped the spread of the infection. The ransomeware relied on an unregistered domain. By registering the domain, a kill switch for the virus was created.
  • The remediation step recommended by the United States Computer Emergency Readiness Team (US-CERT) is to restore infected systems from a known clean back-up.
  • The UK's National Health Service (NHS) reported widespread ransomware incidents leading to an inability to access patient records, postponement of non-emergency treatement and cancellation of many other services on Friday. Technical teams worked overnight to restore systems.
  • Deutsche Bahn suffered delays and cancellations when terminals in many stations were infected.
  • Telefónica Spain confirmed that some PCs on its internal network were affected.
  • The Russian Interior Ministry reported that its operations were disrupted.
  • McAfee reported on a new kind of RaaS (ransomware-as-a-service) portal named Fatboy Ransomware that is capable of adjusting the ransom based on the victim's location. McAfee says that while Fatboy is not as technically sophisticated, it is an example of the evolving business model for cybercriminals.


Tuesday, March 7, 2017

Cylance Plans AI-powered Antivirus for Consumers

Cylance disclosed plans to launch a consumer version of its AI-powered antivirus which blocks everyday malware along with advanced cyber threats.  The company named security industry veteran Christopher Bray to launch its consumer division. Cylance currently sells its artificial intelligence-based CylancePROTECT product to businesses, universities, and government organizations.  The consumer version is planned for 2018.

“All of us at Cylance are thrilled to bring Christopher on board to architect our consumer strategy,” said Stuart McClure, president and CEO at Cylance. “His direct experience building business relationships and consumer businesses for security software companies will provide a strong foundation and ensure a successful launch.”

Bray began his career in brand management for Procter & Gamble, but quickly moved into sales and marketing management positions for Dell in South Africa. Following that period, Bray held a variety of executive positions during more than a decade spent with McAfee Security, ultimately advancing to become the senior vice president and general manager of consumer PC OEM/ISP/Retail/Mobile. Most recently Bray served as senior vice president of Norton Field Sales and Marketing at Symantec, where he spearheaded Norton’s re-entry into PC OEM and other large, high-volume consumer distribution partnerships, positioning the Norton business for a return to growth.

http://www.cylance.com

See also