Monday, February 29, 2016

Top Twelve Cloud Computing Threats

The Cloud Security Alliance (CSA) Top Threats Working Group published a report listing The Treacherous 12: Cloud Computing Top Threats in 2016:

  • Data Breaches
  • Weak Identity, Credential and Access Management
  • Insecure APIs
  • System and Application Vulnerabilities
  • Account Hijacking
  • Malicious Insiders
  • Advanced Persistent Threats (APTs)
  • Data Loss
  • Insufficient Due Diligence
  • Abuse and Nefarious Use of Cloud Services
  • Denial of Service
  • Shared Technology Issues

"Our last Top Threats report highlighted developers and IT departments rolling out their own self-service Shadow IT projects, and the bypassing of organizational security requirements. A lot has changed since that time and what we are seeing in 2016 is that the cloud may be effectively aligned with the Executive strategies to maximize shareholder value," said Jon-Michael Brook, co-Chair of the Top Threats Working Group. "The 'always on' nature of cloud computing impacts factors that may skew external perceptions and, in turn, company valuations."

https://cloudsecurityalliance.org/

Gigamon Revs Metadata Engine for Contextual Security Analytics

Gigamon unveiled its Metadata Engine for their GigaSECURE Security Delivery Platform (SDP).

The solution centrally generates and aggregates contextual information about network traffic. It sends that metadata to the security analytics devices that can leverage the information.

The company said its Metadata Engine will ‘super-charge’ security information and event management systems (SIEMs), enabling forensics solutions and user behavioral analytics products to connect to its GigaSECURE Security Delivery Platform and receive output of the Metadata Engine, that includes:
  • NetFlow/IPFIX records
  • URL/URI information
  • SIP request information
  • HTTP response codes
  • DNS queries
  • DHCP queries (future)
  • Certificate information (future)
  • Custom data (future)
Gigamon also announced a number of ecosystem partners supporting this approach: FlowTraq, Lancope, now a Cisco company, LogRhythm, Niara, Plixer and SevOne.

“We want to enable our customers to drastically improve their security posture by taking advantage of the latest trends in security analytics,” said Shehzad Merchant, CTO, Gigamon. “By enabling both context and packet based security analytics, Gigamon’s customers benefit by improving their ability to uncover intruder threats faster.”

http://www.gigamon.com

Gigamon Launches Security Visibility Platform for Advanced Persistent Threats

Gigamon introduced its "GigaSECURE" Security Delivery Platform for providing pervasive visibility of network traffic, users, applications and suspicious activity, and then delivering it to multiple security devices simultaneously without impacting network availability.

The idea is to counter Advanced Persistent Threats (APTs) by leveraging a traffic visibility fabric to extract scalable metadata across a network, including cloud and virtual environments, and thereby empower third party security applications. This enables improved forensics and the isolation of applications for targeted inspection. The company also said its solution is also able to deliver visibility to encrypted traffic for threat detection.  The architecture supports inline and out-of-band security device deployments.

Gigamon's GigaSECURE is comprised of scalable hardware and software elements:

  • Infrastructure-wide reach via GigaVUE-VM and GigaVUE nodes;
  • High-fidelity, un-sampled Netflow/IPFIX generation;
  • Application Session Filtering;
  • SSL decryption; and
  • Inline bypass capabilities.
Gigamon also highlighted its Application Session Filtering (ASF), a new, patent-pending GigaSMART application that can identifies applications based on signature or patterns that appear within a packet or packets. Once positively identified, ASF extracts the entire session corresponding to the matched application flow from the initial packet to the last packet of the flow, even if the match occurs well after the first packet. This allows an administrator to forward specific “traffic of interest” to security appliances thereby optimizing their operational efficiency and improving overall performance.

The GigaSECURE platform already supports a broad ecosystem of security partners and their respective security functions, including:

Advanced Malware Protection: Check Point, Cisco, Cyphort, FireEye and Lastline;
Behavior Analytics: Damballa, Lancope, LightCyber and Niara;
Forensics/Analytics: ExtraHop, PinDrop, RSA and Savvius;
IPS: Check Point and Cisco;
NGFW: Check Point, Cisco, Fortinet and Palo Alto Networks;
Secure Email Gateways: Cisco;
SIEMs: LogRythm and RSA;
WAFs: Imperva.

https://www.gigamon.com/

Pica8 Cranks Up OpenFlow Switching by 1000x

Pica8 is introducing a Table Type Patterns (TTP) functionality in its PicOS network operating system that overcomes limitations in OpenFlow scaling for very large data centers.

The company said TTP enables its PicOS to scale to 2 million flows with Cavium’s XPliant switch ASIC, and to 256,000 flows with Broadcom’s StrataXGS Tomahawk switch ASIC. Typical TCAM flow capacity in the top-of-rack installed base today is between 1,000 and 2,000 flows, and with Pica8’s TTP implementation, production networks can scale 1,000 times more.

TTP defines how tables are set up in a switch, which an SDN controller can program via the OpenFlow switch protocol. The development of a TTP-based approach has been motivated by several factors, including: to maximize the available capacity, to better accommodate heterogeneity of existing hardware switches, to enable future innovation in hardware switches through more seamless SDN application development, and to enable granular and automated communication between application / controller developers and switch vendors.

“TTP and our own abstraction technology – vASIC -- unlock custom ASICs to bring choice, programmability and scale to application developers,” said Dan Tuchler, vice president of product management at Pica8. “Application developers no longer have to worry about the limitations or differences between ASICs when delivering their solutions to the market.”

TTP is in early release and will be generally available with PicOS in March.

http://www.pica8.com/news/pica8s-ttp-increases-sdn-scaling-on-data-center-switches-by-1000x

IBM to Acquire Resilient Systems for Security Incident Response

IBM agreed to acquire Resilient Systems, a leader in security incident response solutions, based in Cambridge, Mass. Financial terms were not disclosed.

Resilient Systems' incident response platform technology enables clients to respond to security breaches faster and with greater precision and coordination, allowing orchestration of response process across functions (security, HR, finance, government relations, etc.) and across security systems (those monitoring data, applications, end points, networks, etc.). It also helps clients to respond to increasing regulation.

"We are excited to be joining IBM Security, the industry's fastest-growing enterprise security company," said John Bruce, Resilient Systems Co-Founder and CEO. "By combining, the market now has access to the leading prevention, detection and response technologies available in the same portfolio – the security trifecta."

A major benefit will be the planned combinations of Resilient Systems' Incident Response Platform with IBM QRadar Security Intelligence Incident Forensics, BigFix, IBM X-Force Exchange and IBM Incident Response Services that can enable an orchestrated process for addressing security incidents.

IBM also launched new X-Force Incident Response Services, which include consulting and managed security services to help clients manage all aspects of responding to a cyber breach. IBM X-Force security experts will help clients develop response strategies, including Computer Incident Response Team playbooks, and a means to more effectively discover, track, respond to and report on security incidents.  These new capabilities will be further enhanced through the planned acquisition of Resilient Systems.

http://www-03.ibm.com/press/us/en/pressrelease/49243.wss

Trend Micro Cloud App Security Integrates Box, Dropbox and Google Drive

Trend Micro has extended its Cloud App Security solution to Box, Dropbox and Google Drive.

Cloud App Security capabilities include:

  • Guards against advanced threats with sandbox malware analysis
  • Uses DLP to provide visibility into sensitive data use with cloud file sharing
  • Detects malware hidden in office files using document exploit detection
  • Supports all user functionality and devices with simple API integration in the cloud
  • Integrates with Trend Micro Control Manager for central visibility of threat and DLP events across hybrid Exchange environments as well as endpoint, web, mobile, and server security layers.
  • Cloud App Security has been integrated with a number of leading marketplaces and cloud commerce platforms to give partners and customers a complete end-to-end purchasing and provision experience.

http://www.trendmicro.com

Check Point and IBM Form Threat Intelligence Alliance

Check Point Software Technologies and IBM announced an expanded alliance, including the sharing of threat intelligence, as the security industry moves to a more collaborative approach to defend against cybercrime.

The new alliance includes four main areas of collaboration:

  • Shared threat intelligence. An open approach to collaborative defense in the security industry is needed to effectively protect against new and evolving threats. IBM X-Force and Check Point’s security research team will directly collaborate through the bi-directional sharing of threat identification and analysis using IBM X-Force Exchange (XFE), IBM’s threat intelligence sharing platform. This collective threat intelligence may be integrated into each company’s threat intelligence products, to help deliver proactive threat protection to customers of both companies.
  • Integrated event management. Sharing capabilities across the security management platforms deployed by customers accelerates the company’s collective response to threat activity, and extends the value of security technology investments for clients. Check Point will be launching a new SmartConsole application in the IBM Security App Exchange for integration with the IBM Security QRadar Intelligence Platform. The app will deliver network data and security events from Check Point devices to QRadar to enable operators to view threat information in real-time directly from the QRadar console for faster incident response.
  • Advanced mobile protection. Integration within IBM Maas360 enterprise mobility management (EMM) will allow customers to easily deploy and manage Check Point Mobile Threat Prevention to limit compromised devices from accessing enterprise networks and data, based on real-time insights. The combination of these capabilities provides automated protection against advanced threats across mobile devices, apps and networks, while significantly simplifying the implementation and ongoing monitoring of mobile security technology across the enterprise.
  • Managed security services. IBM Managed Security Services (MSS) will continue to deepen its expertise in delivering and managing Check Point solutions for IBM customers. The deployment and management of a broader range of Check Point network security offerings will be supported through new lab equipment and ongoing training of IBM SOC analysts and solution architects, providing customers with cost-effective access to resources and expertise as their security requirements evolve.

“Today’s business environment is more connected and more innovative than ever before, requiring equally innovative ways to help customers keep a step ahead of possible threats,” said Avi Rembaum, vice president of security solutions, Check Point. “Both Check Point and IBM Security take a prevent-first approach to security. Through intelligence sharing and technology integration we aim to help improve our customers' security programs and create a new model for industry cooperation.”

http://www.ibm.com

Hibernia Networks Opens PoP in Dubai

Hibernia Networks has established a Point of Presence (PoP) in Dubai, UAE in one of the city's major telco hubs. The Ethernet-based connectivity service leverages the unmatched latency performance of the Hibernia Express cable across the Atlantic, which connects Europe and North America.

“With its strategic location, Dubai is a major international hub for financial markets as well as media and content distribution throughout the region and beyond,” states Omar Altaji, CCO of Hibernia Networks. “Hibernia Networks’ presence in Dubai confirms our commitment to strategically expanding our global network reach into new geographic locations in order to provide customers with the high-speed, high-quality connections they require around the globe for applications such as split second financial transactions and live broadcast feeds. We look forward to continued growth in key local and regional markets to better serve increasing global demand for secure and diverse low latency connectivity solutions.”

http://www.hibernianetworks.com

Krish Prabhu joins University of Texas (Arlington) Faculty

Krish Prabhu, president of AT&T Labs and chief technology officer, has been named to The University of Texas at Arlington's Engineering Hall of Achievement and appointed a research professor in the Department of Computer Science and Engineering. He will remain in his current role at AT&T while serving as a resource for UTA as it bolsters its research and teaching in his areas of expertise.

Prabhu previous was chief executive officer of Tellabs. Before that, he served as chief operating officer of Alcatel in Paris from 1991 to 2001.

http://www.att.com

See also