Showing posts with label Cyber Security. Show all posts
Showing posts with label Cyber Security. Show all posts

Wednesday, January 17, 2018

Tel Aviv-based VDOO raises $13M for IoT security

VDOO, a cybersecurity start-up based in Tel Aviv, Israel raised $13 million in initial funding for its efforts to create an end-to-end platform for the automated analysis and certification of security on connected devices.

VDOO said its solution performs a security gap analysis on IoT devices, against the specific security requirements for each device type, and provides a detailed recommended plan of action to fill security gaps. Once security features have been implemented, VDOO validates that security requirements have been met and provides physical and digital certifications. The on-device digital certification agent monitors the security state of the device and communicates it to other systems such as gateways, firewalls, and edge solutions; which provides post-deployment security, ensuring the device is not being compromised.

VDOO was founded by Netanel Davidi, Uri Alter, both of whom previously founded Cyvera, a company that developed endpoint security solutions and which was acquired by Palo Alto Networks in 2014. A third founder of VDOO is Asaf Karas, who brings 2 decades of cyber experience with the IDF.

The venture round was led by 83North (formerly Greylock IL) and included participation by Dell Technology Capital and other strategic individual investors, including David Strohm, Joe Tucci, and Victor Tsao.

Anomali raises $40 million for threat mgt and collaboration

Anomali, a start-up based in Redwood City, California announced $40 million in an oversubscribed Series D funding round. The company specializes in threat management and collaboration solutions, announced today that it has closed an oversubscribed.

Anomali cited significant momentum in 2017, including the introducing new capabilities in its ThreatStream, Anomali Enterprise and STAXX solutions, enabling advanced threat forensics and threat sharing capabilities. The company also:

  • launched a 48-bank threat sharing community in the United Arab Emirates,
  • testified before the Homeland Security Committee regarding the importance of threat sharing,
  • partnered with the Bank of England to collect, integrate, hunt and investigate cyber security intelligence data, and
  • published a series of Cybersecurity Country Profiles, including Russia, China and Iran.

“2017 was another remarkable year for Anomali, in which we saw record customer growth and product innovation. We are thrilled to add Lumia Capital, DTCP, Telstra and Sozo Ventures to the Anomali family and are already preparing major initiatives with our newest partners,” said Hugh Njemanze, chief executive officer, Anomali. “Our latest investors ideally position us for growth in Europe, Japan and Australia.”

The latest funding round was led by Lumia Capital, with the participation of Deutsche Telekom Capital Partners (DTCP), Telstra and Sozo Ventures. Returning investors included GV, General Catalyst, IVP and Paladin Capital Group. This announcement marks a total of $96 million total investment raised by Anomali over four rounds of funding.

  • Anomali is headed by Hugh Njemanze, who previously co-founded ArcSight in May 2000 and served as CTO as well as Executive Vice President of Research and Development.

Tuesday, August 29, 2017

LookingGlass Cyber raises $26.3m for threat intelligence

LookingGlass Cyber Solutions announced $26.3 million, comprised of mezzanine debt funding and incremental venture capital for its threat intelligence-driven security solutions.

LookingGlass said over 40 companies and MSSP’s are subscribed to its Cyber Guardian Network partner program. CenturyLink is the latest managed security service provider (MSSP) to join the network and, like other partners, will be utilizing LookingGlass’ unique capabilities to provide their customers access to industry leading threat intelligence tools on the market.

LookingGlass is also introducing a Threat Intelligence-as-a-Service for organizations that require cybersecurity business solutions to be deployed and enacted immediately, without obtrusive lead-time and will ensure protection for company brands, intellectual property, customers, and employees.

LookingGlass also highlighted its recent discovery of 40 million voter records for sale on the dark web. Additionally, LookingGlass announced their Corporate and Supplier Cyber Attack Surface Analysis offering this spring and subsequently its comprehensive Third Party Risk Monitoring service, which delivers continuous visibility into the risk exposure and attack surface of an organization’s key vendors. This service is a completely outsourced way to analyze third party vendors’ risk impact on an organization.

“This investment acknowledges our significant growth position in the market and will help us to better service our clients and stay ahead of our competition,” said CFO Stewart Curley. “The LookingGlass portfolio delivers unified threat protection against sophisticated cyber attacks and enables both global enterprises and governments to take threat intelligence into their own hands, and act on it. We are proud to add Eastward Capital and Triangle Peak to our long-term investor group.”

http://www.lookingglasscyber.com


  • LookingGlass Cyber Solutions is based in Reston, Virginia.

Tuesday, October 4, 2016

Video: Menlo Security Highlights Isolation Platform

CISOs today are fighting a war against four basic forces: application security, access security, email security, and web security.  Greg Maudsley, Sr. Director of Product Marketing, at Menlo Security, discusses the challenge, especially with limited budgets and staff.

Menlo Security, a start-up based in Silicon Valley, offers an isolation platform to mitigate these risks. The company is now extending its isolation platform to include phishing attacks.

See video:  https://youtu.be/EP05RjySB6g






Menlo Security Extends its Cloud-based Isolation Platform

Menlo Security has extended its cloud-based isolation platform, which prevents web-based malware from infecting local by running the browser in a cloud-based container, to now also stop email threats including malicious links, credential theft and weaponized attachments. The new solution effectively prevents targeted email phishing attacks, which are a major cybersecurity concern for enterprises.

Menlo Security said its Phishing Isolation solution was developed in close collaboration with Fortune 500 customers, to specifically address prevention shortfalls in existing secure email gateway products. The solution can be integrated with existing email infrastructure including Exchange, Gmail and Office 365. By leveraging patented Adaptive Clientless Rendering (ACR) technologies, the new solution enables enterprise-wide deployment of isolation security without the need to deploy or manage endpoint software, dramatically reducing risks without impacting the user experience.

The Menlo solution is available either on-premises, as-a-service via the cloud, or as part of a managed security service.

JPMorgan Chase is named as lead customer for the Menlo Security Phishing Isolation Platform.

“Email persists as the top malware infection vector for enterprises, resulting in many forms of theft and fraud,” said Poornima DeBolle, co-founder and Chief Product Officer of Menlo Security. “Adding phishing Isolation capabilities to the MSIP creates the only phishing prevention solution that completely eliminates targeted spear-phishing attacks and drive-by exploits by isolating all email links and attachments. By stopping this top infection vector, Menlo enables CISOs to report definitive progress against malware attacks to their boards of directors, while also freeing up precious cyber security incident-response resources within their teams.”

http://www.menlosecurity.com

Thursday, September 22, 2016

Yahoo Cites State Actor for Massive Security Breach

Yahoo believes a state-sponsored actor breached its network in late 2014 and may have stole names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers from at least 500 million accounts.

Yahoo said its ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information.

http://www.yahoo.com


Sunday, May 22, 2016

Blueprint: Evolving Security for Evolving Threats in Payments

by Jose Diaz, Director, Payment Strategy, Thales e-Security

At this point in the history of cyber security, it seems like the eternal optimism of “it couldn’t happen to me” is the only reason consumers by the millions haven’t abandoned the digital life and gone back to cash-only transactions. Huge-scale data breaches persist, snatching more and more personal data. Retailers certainly want to protect their customers and their reputation, but are they really doing all they can?

There’s a reason why we are still experiencing huge breaches, and it’s not a lack of technology. Solutions that provide increased protection for cardholder data, while maintaining the highest levels of performance—up to millions of transactions per day—were defined and developed after the highly publicized breaches in 2009. The Payment Card Industry (PCI) released solution requirements for Point-to-Point Encryption to assist merchants in protecting cardholder data and reducing the scope of their environment for PCI DSS assessments. However, these approaches still seem to be a concept rather than common practice.

This is a critical issue in need of a thorough solution. Reducing the risk of payment data breaches requires encrypting sensitive data at the point of swipe (or dip in the case of EMV cards) in the payment device and only decrypting it at the processor. Direct attacks on devices in the payment acceptance process have become increasingly common and highly sophisticated, but strongly encrypted cardholder data is useless to cyber criminals. To understand the approaches, and the benefits, of implementing sensitive data protection, let’s focus on two key areas: traditional payment acceptance terminals and mobile.

Accepting Payment at the Terminal

Transaction speed is important to both customers and merchants; electronic POS solution providers need to maximize security for payment card transactions without slowing performance. Their solutions need to encrypt cardholder data from the precise moment of acceptance on through to the point of processing, where transactions can be decrypted and sent to the payment networks. By deploying point-to-point encryption (P2PE), intermediate systems that sit between the POI (point of interaction – the point of swipe) device and the point of decryption at the processor are removed from the scope of most PCI-DSS compliance requirements, since the sensitive data passing through them is encrypted.

All encryption is not the same. There’s a difference between encrypting the data at the point of swipe device and encrypting the data in the POS system, more specifically the retail terminal. POI devices are subject to a PCI certification process, thereby providing high-assurance cryptography and key management functionality. Retail terminals, on the other hand, are typically PC/tablet-based devices that in most cases only offer software-based encryption and do not have the security controls of PCI-certified devices.

Data decryption takes place at the point of processing using HSMs for secure key management, as required by PCI-P2PE requirements. HSMs perform secure key exchanges and, in most applications, key management that produces a unique key to protect each and every payment transaction. Taking advantage of these security capabilities, solution providers can build high-capacity and redundant secure systems so that multiple servers and multiple HSMs, deployed at multiple data centers, can combine seamlessly to service high transaction volumes with automated load balancing and failover.

With a distinctive combination of strong security and risk mitigation against malicious capture of cardholder data, Verifone—a provider of secure payment acceptance solutions—is one example of a P2PE solution provider that follows this approach. At the same time, this approach ensures performance and availability for transactions – a win-win for retailers. The Verifone VeriShield solution was specifically designed to enable retailers to implement Best Practices for Data Field Encryption, providing security that helps reduce the scope of PCI-DSS audits.

Accepting Payments on the Fly

Smaller merchants are now able, thanks to the mobile revolution, to afford on-the-go payment acceptance. However, with the increasing availability of mobile payment acceptance options, small merchants and mobile businesses need to take a moment to consider the security of their customers’ payment data.

Mobile devices equipped with an economical card reader “dongle” enable mobile point-of-sale, or mPOS. A mobile phone or tablet can accept payments from both EMV and magnetic stripe payment cards in this way. As with traditional POS, it is critical that the card reader encrypt the sensitive payment data it receives.

It can be challenging to secure mPOS solutions. CreditCall and ROYAL GATE, two payment services providers, overcame this challenge by using point-to-point encryption (P2PE) to protect the sensitive payment data from their mobile acceptance offerings. They integrated HSMs with their processing application as a critical component to manage keys and secure customer data following PCI P2PE solution requirements. The use of HSMs enables them to defend against external data extraction threats and to protect against compromise by a malicious insider.

Securing Payment Credentials

There are several options on the market that allow mobile devices to make payments, but Host Card Emulation (HCE) has distinct market advantages. Because the security of the payment data and transaction is not dependent on hardware embedded in the phone, it has much broader applicability; any smartphone could use the HCE approach by loading payment credentials on the device and using it in place of a physical card.

Mobile devices have a NFC (near field communications) controller, which HCE-based applications leverage to interact with a contactless payment terminal. However, since the application cannot rely on secure hardware embedded in the phone for protection of the payment credentials, alternative approaches for protecting sensitive data and transaction security have to be used. These approaches include tokenizing payment credential numbers as well as actively managing and rotating keys used for transaction authorization. This enables issuers to manage the risk introduced by having a less secure mobile device environment for payment credential data.

The approaches that protect this data are based on HSMs in the issuer environment, which not only create the rotating keys but also to send them securely to the mobile device. In addition, the HSMs are also a critical part of the tokenization and transaction authorization process. The HCE infrastructure does not actually introduce any new security processes or procedures for retailers and processors; it just enables issuers to combine their existing strong security practices—comprising key generation/distribution, data encryption and message authentication—into a cohesive offering to enable payments with mobile devices.

Protecting What’s Yours

The sophistication and determination of malicious actors has resulted in a global,
multi-billion-dollar industry. The real possibility of huge financial reward spurs cyber criminals to evolve their methods, including attacks on payment devices themselves. But the reality is that retailers and their acquirers can reduce their risk and fear if the sensitive cardholder data in their possession is nonsense to hackers. This is why P2PE is so critical in the fight to reduce fraud.

In addition to using P2PE and PCI-certified devices to keep card data safe, merchants are using HSMs in the processing environment to protect critical secure data protection and transaction keys. These steps also create a trust environment that complies with PCI requirements and reduces risk on payment acceptance and HCE-based credentials. Following these best practices will help merchants and their acquirers safeguard the lifeblood of their business, protecting their bottom line and their good name.

About the Author

Jose Diaz has worked with the Thales group for over 35 years and is currently responsible for payment product strategy at Thales e-Security. He has worked with payment application providers in developing solutions and roadmaps for securing the payments ecosystem. During his tenure at Thales, Jose has worked in Product Development, Systems Design, Sales in Latin America and the Caribbean, as well as Business Development.


Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.  See our guidelines.

Tuesday, February 9, 2016

President Obama Proposes 35% Boost in Cybersecurity Initiatives

President Obama outlined a $19 billion plans to bolster the nation's cybersecurity posture. This represents a more than 35 percent increase from last year’s national cybersecurity initiatives.

Highlights of the Cybersecurity National Action Plan (CNAP):

  • Establishes a Commission on Enhancing National Cybersecurity that will bring top strategic, business, and technical thinkers from outside the government to make critical recommendations on how to use new technical solutions and best practices to protect privacy and public safety
  • Transforms how the government will manage cybersecurity through the proposal of a $3.1 billion Information Technology Modernization Fund and a new Federal Chief Information Security Officer to help retire, replace, and modernize legacy IT across the government
  • Empowers Americans to secure their online accounts by using additional security tools – like multi-factor authentication and other identity processing steps – and by working with Google, Facebook, DropBox, Microsoft, Visa, PayPal, and Venmo to secure online accounts and financial transactions.

https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan



Tuesday, August 25, 2015

Skyport Ships SkySecure with Secure Hosting for VMware vCenter

Skyport Systems announced the general availability of SkySecure -- a cloud-managed, on-premises, secure server.

When VMware vCenter is hosted on a SkySecure Server, an application-specific firewall for VMware vCenter secures the computing foundation and all communications channels. Essentially,, the SkySecure Server creates a customized firewall protecting VMware vCenter. This application-specific firewall implementation hardens each protocol and communication channel for:

  • Administrative access to vCenter Server
  • DNS access to/from vCenter Server
  • Microsoft Active Directory for user and admin identity management
  • Partner API usage such as Software Defined Networking controllers or VM backup systems
  • Network Attached Storage entitlements for image management
  • ESX Server to vCenter administrative control channel

http://www.skyportsystems.com

See 1 minute video:  https://youtu.be/tp_cye0AARc

Skyport Unveils its Hyper-Secured Servers

Skyport Systems, a start-up based in Mountain View, California unveiled its "hyper-secured" server architecture for delivering trusted computing and policy enforcement at the application edge.

The SkySecure System enforces policy on hosted workloads without software agents or network changes. The architecture tightly integrates the components of multiple security appliances that were not designed to work together, reduces the threat surface by removing physical attack vectors and implements Intel's Trusted Execution Technology. SkySecure is designed for deployment at the most critical points of infrastructure, including exposed DMZs, branch and remote environments, high-value business applications and foundational IT control systems such as Microsoft Active Directory, DNS servers and virtualization/cloud/big data/SDN controllers. No changes are required to networks, applications, or operating systems. The company says its server is designed to catch and contain malware and rootkits.

Hardware, firmware and software components are validated at the point of manufacture and continuously monitored once deployed. After properly attesting, the system boots a fully
whitelisted Security Enhanced Linux (SELinux) implementation. SkySecure Compartments enable a dynamic whitelist and application-layer protections around each workload deployed on a SkySecure Server, houses them in a synthetic operating environment and assumes a zero-trust posture regarding all network access.

Tuesday, August 18, 2015

Palo Alto Debuts Highest Performance Firewall

Palo Alto Networks introduced its highest performance, next-generation firewall.

The new PA-7080 next-generation firewall, which can deliver up to 200Gbps throughput and 100Gbps with all security capabilities enabled, is designed for non-disruptive integration into large networks and data centers. It uses nearly 700 function-specific processors for networking, security, content inspection, and management.  It supports virtual wire, L2 and L3 networking, high availability modes combined with simplified management, simplified licensing, and intelligent traffic management. The PA-7080 is NEBS compliant, has front-to-back cooling, and AC/DC power supply options as standard features.

"By providing industry-leading performance with the full set of Palo Alto Networks security capabilities enabled, the PA-7080 is architected to deliver safe application enablement and to prevent against cyberattacks at the scale needed by service providers and the largest enterprises; it is an integral component of a prevention-minded, integrated platform approach to securing these organizations' networks," said Lee Klarich, Senior Vice President of Product Management.

https://www.paloaltonetworks.com/content/campaigns/pa-7000-series/pa-7000-series/index.html

Monday, August 10, 2015

Black Hat Conference Attracts 11,000

Black Hat USA 2015, which was held last week in Las Vegas, attracted a record-11,000+ professionals across the InfoSec spectrum – spanning academia, world-class researchers, and leaders in the public and private sectors.

Top sponsors of Black Hat USA 2015 include: Diamond Sponsors: FireEye, Lieberman Software, Qualys, RSA, and Tenable Network Security; Platinum Plus Sponsors: AlienVault, Cisco, Digital Guardian, Fidelis Cybersecurity, HP, Lockheed Martin Corporation, LogRhythm, Palo Alto Networks, Inc., Raytheon | Websense, and Webroot; Platinum Sponsors: Bromium, Core Security Technologies, Fortinet, IBM, Optiv Security, Proofpoint, Inc., Tripwire, and ZeroFOX Inc.

The next Black Hat event will be in Amsterdam, November 10-13, 2015.

http://www.blackhat.com/

Sunday, August 9, 2015

E8 Security Targets Security Intelligence based on Machine Learning

E8 Security, a start-up based in Redwood City, California, named Matt Jones as its new CEO. Ravi Devireddy, founder and original CEO, will continue to drive core technology innovation as the Chief Technology Officer and will remain on the board of the company.

Jones most recently he was Executive Chairman of InterAct a leading cloud-based software provider for public safety. He has also served as CEO of CloudShield Technologies, a provider of cybersecurity solutions and Allocity, a software company focused on storage management, and was instrumental in the sale of CloudShield to SAIC and Allocity to EMC.

E8 Security is developing behavioral intelligence and cybersecurity solutions. The approach leverages machine learning based behavioral analytics to empower security teams to find and prioritize previously unknown threats, provide insight for faster resolution and increase efficacy of the security infrastructure. E8 Security is funded by March Capital Partners, Allegis Capital and The Hive.

http://www.e8security.com


Tuesday, August 4, 2015

Menlo Security Adds Webroot to its Isolation Platform

Menlo Security, which offers a security solution that isolates all Web content in the cloud, announced a partnership with Webroot, a leading provider of real-time, actionable threat intelligence.

Webroot will deliver granular threat intelligence for Menlo Security’s Isolation Platform through integration with the Webroot BrightCloud Web Classification Service.

The Web classification data and threat intelligence from Webroot enable administrators of the Menlo Security Web Isolation Platform to establish granular policies that selectively allow, block, or isolate websites based on 83+ categories. This combines the productivity-enhancing benefits of advanced Web filtering with the unique malware-prevention benefits of the Isolation Platform. Additionally, the classification intelligence from Webroot augments the logs and reports provided by the Web Isolation Service, enabling administrators to track and analyze all Web usage.

“Webroot has the most comprehensive and effective Web classification service in the market,” said Poornima DeBolle, chief product officer at Menlo Security. “Integrating the Webroot BrightCloud Web Classification Service with our Web Isolation Platform enables us to give our customers comprehensive control, security, and visibility for their organization’s Web activity.”

http://www.Webroot.com
http://www.menlosecurity.com

In June, Menlo Security emerged from stealth to unveil its Isolation Platform, a new technology that eliminates the threat of malware from key attack vectors, including Web and email.

The solution does not use endpoint software. Instead, the Menlo Security Isolation Platform isolates and executes all Web content in the cloud and away from the endpoint. It uses patent-pending, clientless rendering technology, Adaptive Clientless Rendering (ACR), to deliver a non-executable, malware-free copy of the user’s session to their native browser, creating a transparent user experience.

The Menlo Security Isolation Platform is available now as a public cloud-based service or as a virtual appliance for on-premise deployment. The Platform is compatible with any hardware (desktop, laptop, tablet, smartphone), any OS (Windows, MacOS, iOS, Android) and any browser (IE, Chrome, Safari, FireFox).

Menlo Security also announced $25 million in Series B funding, led by new investor Sutter Hill Ventures and joined by existing investors General Catalyst, Osage University Partners and Engineering Capital.

Tuesday, July 21, 2015

Gigamon Launches Security Visibility Platform for Advanced Persistent Threats

Gigamon introduced its "GigaSECURE" Security Delivery Platform for providing pervasive visibility of network traffic, users, applications and suspicious activity, and then delivering it to multiple security devices simultaneously without impacting network availability.

The idea is to counter Advanced Persistent Threats (APTs) by leveraging a traffic visibility fabric to extract scalable metadata across a network, including cloud and virtual environments, and thereby empower third party security applications. This enables improved forensics and the isolation of applications for targeted inspection. The company also said its solution is also able to deliver visibility to encrypted traffic for threat detection.  The architecture supports inline and out-of-band security device deployments.

Gigamon's GigaSECURE is comprised of scalable hardware and software elements:

  • Infrastructure-wide reach via GigaVUE-VM and GigaVUE nodes;
  • High-fidelity, un-sampled Netflow/IPFIX generation;
  • Application Session Filtering;
  • SSL decryption; and
  • Inline bypass capabilities.

Gigamon also highlighted its Application Session Filtering (ASF), a new, patent-pending GigaSMART application that can identifies applications based on signature or patterns that appear within a packet or packets. Once positively identified, ASF extracts the entire session corresponding to the matched application flow from the initial packet to the last packet of the flow, even if the match occurs well after the first packet. This allows an administrator to forward specific “traffic of interest” to security appliances thereby optimizing their operational efficiency and improving overall performance.

The GigaSECURE platform already supports a broad ecosystem of security partners and their respective security functions, including:

Advanced Malware Protection: Check Point, Cisco, Cyphort, FireEye and Lastline;
Behavior Analytics: Damballa, Lancope, LightCyber and Niara;
Forensics/Analytics: ExtraHop, PinDrop, RSA and Savvius;
IPS: Check Point and Cisco;
NGFW: Check Point, Cisco, Fortinet and Palo Alto Networks;
Secure Email Gateways: Cisco;
SIEMs: LogRythm and RSA;
WAFs: Imperva.

https://www.gigamon.com/

Gigamon's Shehzad Merchant: Intersection of Open and Security


The open networking movement is here to stay. It's not just about open source software, says Shehzad Merchant, CTO of Gigamon, but really about taking a vertically-integrated networking stack and disaggregating it. With various components of the networking stack supplied by different vendors, maintaining visibility across every layer of that stack becomes critical.

By disaggregating the networking stack, you are, in principle, opening up new attack vectors across multiple surfaces. On the other hand, there will be a much broader ecosystem moving much quicker to address vulnerabilities.

This 9-minute sponsored video covers (1) whether the many open networking projects help or hurt the case for better network security (2) the overlapping trands of virtualization and higher networking speeds (3) security as the use case for SDN (4) redefining security boundaries with SDN

http://open.convergedigest.com/2015/05/gigamon.html

Automating Visibility inside the Cisco Live Network with Gigamon and JDSU

The Cisco Live Network and its state-of-the-art network operations center serve all of the attendees of Cisco's big annual event. Equipment must be deployed rapidly. As soon as the show begins, the network supports tens of thousands of clients and pushes terabytes of data to the Internet.

This video takes a look at the Cisco Live Network and the use of Gigamon's new software-defined visibility,  which leverages APIs to make real-times changes in the types of data under analysis. Software-defined visibility allows the NOC to change the nature of the visibility fabric to provide only the type data needed by the testing tools in real-time.  In addition, the video features a live use-case presented by JDSU covering software-defined visibility and their tools.

Presented by Andy Huckridge, Director of Service Provider Solutions at Gigamon; Joe Clarke, Distinguished Engineer at Cisco; and Charles Thompson, Senior Director, Product Line Management, at JDSU.

See video:  https://youtu.be/giYXwy2thlQ

Friday, July 17, 2015

Rapid7 Pops in IPO

Rapid7, which provides security data and analytics solutions, completed an initial public offering of 6,450,000 shares of common stock at a price to the public of $16.00 per share.

On the first day of trading, shares of Nasdaq: RPD closed at $25.28, up 58% for the day.

http://www.rapid7.com/

Thursday, July 16, 2015

"Darkode" Cyber Crime Forum Taken Down

The U.S. Department of Justice and the FBI, with the assistance of law enforcement authorities in 19 countries, have taken down "Darkode" -- underground, password-protected, online forum for buying, selling, and trading malware, botnets, stolen personally identifiable information, credit card information, hacked server credentials, and other pieces of data and software that facilitated complex cyber crimes all over the globe.

Operation Shrouded Horizon has resulted in legal charges, arrests, and searches involving 70 Darkode members and associates around the world; U.S. indictments against 12 individuals associated with the forum, including its administrator; the serving of several search warrants in the U.S.; and the Bureau’s seizure of Darkode’s domain and servers.

Access to the Darkode forum was "by invitation only" and authorities believe 200~300 individuals participated.

"Hackers and those who profit from stolen information use underground Internet forums to evade law enforcement and target innocent people around the world,” said Assistant Attorney General Caldwell. “This operation is a great example of what international law enforcement can accomplish when we work closely together to neutralize a global cybercrime marketplace.”

“Of the roughly 800 criminal Internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said U.S. Attorney David J. Hickton. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”

Some charges announced by the FBI include:

  • Johan Anders Gudmunds, aka Mafi aka Crim aka Synthet!c, 27, of Sollebrunn, Sweden, is charged by indictment with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He is accused of serving as the administrator of Darkode, and creating and selling malware that allowed hackers to create botnets. 
  • Morgan C. Culbertson, aka Android, 20, of Pittsburgh, is charged by criminal information with conspiring to send malicious code. He is accused of designing Dendroid, a coded malware intended to remotely access, control, and steal data from Google Android cellphones. The malware was allegedly offered for sale on Darkode.
  • Eric L. Crocker, aka Phastman, 39, of Binghamton, New York, is charged by criminal information with sending spam. He is accused of being involved in a scheme involving the use of a Facebook Spreader which infected Facebook users’ computers, turning them into bots which Crocker controlled through the use of command and control servers. Crocker sold the use of this botnet to others for the purpose of sending out massive amounts of spam.
  • Naveed Ahmed, aka Nav aka semaph0re, 27, of Tampa, Florida; Phillip R. Fleitz, aka Strife, 31, of Indianapolis; and Dewayne Watts, aka m3t4lh34d aka metal, 28, of Hernando, Florida, are each charged by criminal information with conspiring to send spam. 
  • Murtaza Saifuddin, aka rzor, 29, of Karachi, Sindh, Pakistan, is charged in an indictment with identity theft. Saifuddin is accused of attempting to transfer credit card numbers to others on Darkode.
  • Daniel Placek, aka Nocen aka Loki aka Juggernaut aka M1rr0r, 27, of Glendale, Wisconsin, is charged by criminal information with conspiracy to commit computer fraud. He is accused of creating the Darkode forum, and selling malware on Darkode designed to surreptitiously intercept and collect e-mail addresses and passwords from network communications.

https://www.fbi.gov/pittsburgh/press-releases/2015/major-computer-hacking-forum-dismantled

Tuesday, June 30, 2015

Blueprint: Two-factor Authentication Signals the Death of the Password and Physical Token

by Andy Kemshall, Co-founder and CTO of SecurEnvoy

Considering the frequency and severity of data breaches today, we have reached a point of Cybercrime 2.0.  This requires an approach of Security 2.0. The challenge of protecting company data and systems is a continually evolving IT infrastructure.   Companies need enhanced authentication solutions that allow them to protect access to the data and resources critical for operations remotely. With that, the case for multi-factor authentication becomes stronger.

According to the Ponemon “2015 Cost of Data Breach Study: Global Analysis,” the average total cost of a data breach increased from $3.52 to $3.79 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in this year’s study1.

Once only considered for high-end companies (e.g., banks), today companies large and small in the government, healthcare, energy, financial services, insurance, manufacturing, marketing, retail, telecommunications, charity, legal and construction sectors are turning to two-factor authentication (2FA) for their internal security needs.  Although the evolution is slow, a change in attitude is taking place due to the growing concern what a breach can result in including: company downtime, lawsuits, lost business and a damaged reputation. This is motivating executives to pay closer attention to their company’s security.

Within a work environment, most companies utilize standard security measures.  This is with either a simple username and password or a physical token to enable employees to access important data and applications.

The Password

Over the years, we’ve trusted the password.  We trust its ability to keep our companies safe from thieves and those who would do us harm. Passwords met an impasse five years ago, and today they need to have 12 characters or you need to write them down in order to keep track of them.  Moore’s law tells us that every two years computing power doubles – meaning every two years the amount of time it takes to crack a password using a brute force attack is cut in half. It’s now reached the point where a password can be cracked in minutes, sometimes seconds. The antidote: 2FA.  This incorporates something you know, such as a password or PIN, something you are, such as a fingerprint or retinal scan, and something you own, which can either be a physical token or a soft token on a device you use every day, such as a mobile phone. The idea behind 2FA is to bring two of these separate methods together for a stronger level of security, should one of the methods become compromised.

The Physical Token

Companies employing the traditional physical token are likely to experience the following downsides to this approach including: contractors and employees can misplace them, overloading the IT department in replacements; physical tokens do not scale well, can be expensive, deployment of a newer version can take a while (three months to a year) and are less secure than 2FA.

These are non-issues when considering 2FA with a mobile device approach as it is extremely simple to deploy, easy-to-use and adoption with employees is quick. There are seven billion GSM devices in the world and people are very attached to their mobile devices.  Also, if employees want to upgrade their mobile device, the user self-enrolls their new device rendering the old one safe for disposal.

Lastly, the costs of tokens versus a mobile 2FA approach.  The life of a token is three to five years and to replace all of them in a medium or large-sized company can cost hundreds of thousands of dollars, plus it can take three to twelve months to completely roll out.  This holds companies back in terms of productivity.  A mobile 2FA approach simply leverages devices employees already have with them, saving companies money and time to change over new systems.

Implementation of 2FA

If a company wishes to implement a mobile 2FA approach for its network architecture, networking insiders can choose to deploy this in three different ways: on-premise, through managed service provisioning (MSP) or via the cloud.

On-premise allows direct integration within your own network. This unique approach seamlessly dovetails an existing infrastructure. A major benefit of this is that user data resides within the company and leverages existing replication infrastructure such as Active Directory.

Some solutions providers have a partner network for MSP deployment. Utilizing a dedicated MSP partner allows greater choice of integration to suit your network. This approach also allows a security vendor to take over the overall operation and day-to-day administration of your tokenless two-factor authentication system. Reducing the burden of one’s resources, this approach makes it easy for the vendor to provide 2FA solutions for the cloud, integrating into the login seamlessly into your environment.

Although on-premise is the most ideal approach, cloud should be considered if there is a different setup, for SMBs and for companies with several servers and several locations.  Although a lot of companies turn to the cloud as a solution, when it comes to security, there are drawbacks.  These include:

  • Needing constant synchronization with the information people have any time it changes;
  • A cloud environment can be ceased by any government; and
  • The cloud environment cloud stores the seed records (with sensitive information and passwords), which can be hacked.


An additional advantage of on-premise approach is that the seed records are under the control of your company security as security providers like SecurEnvoy do not hold any seed records.

In conclusion, two-factor authentication via mobile devices is evolving into an ideal method that should be considered today to authenticate the end user. It is stronger, the adoptability is easy - as the end-user can pick what mobile device they can use (and in some cases, how they can receive a passcode via SMS, email or voice), it is simple to deploy and overall, it costs less.

About the Author

Andy Kemshall, Co-Founder and CTO at SecurEnvoy is one of the leading European experts in two-factor authentication. As the co-founder and CTO of SecurEnvoy, he brings nearly 20 years of IT security authentication experience to SecurEnvoy. Andy is the inventor of both SMS and secure mail recipient -based two-factor authentication, and more recently NFC based one-swipe authentication. Prior to his role at SecurEnvoy, Andy was one of the original customer-facing technical experts at RSA Europe.  While at RSA, he served as the Sales Engineering Manager where he managed high-level customer relationships, developed the product and advised RSA HQ on new and emerging technologies from Europe.

About SecurEnvoy

SecurEnvoy (www.securenvoy.com) is the trusted global leader of mobile phone-based Tokenless® two-factor authentication. Its innovative approach to the multi-factor authentication market now sees millions of users benefitting from its solutions all over the world. Controlling endpoints located across five continents, SecurEnvoy design innovative two-step verification solutions that leverage both the device the user carries with them and their existing infrastructure. The solutions are the fastest to deploy and the most secure in the industry. With no hardware or deployment issues, the ROI is dramatically reduced and easily managed.

Ponemon’s 2015 Cost of Data Breach Study: Global Analysis 
http://public.dhe.ibm.com/common/ssi/ecm/se/en/sew03053wwen/SEW03053WWEN.PDF


Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.

Cisco to acquire OpenDNS for $635 Million

Cisco agreed to acquire OpenDNS, a privately held security company based in San Francisco, for approximately $635 million in cash and assumed equity awards.

OpenDNS provides a secure DNS offering with advanced threat protection for "any device, across any port, protocol or app." Its predictive security model is designed to anticipate malicious activity, including botnets and phishing. Its DNSCrypt technology converts regular DNS traffic into encrypted DNS traffic to prevent eavesdropping and man-in-the-middle attacks. The service is hosted in peering data centers around the world.

Cisco said the acquisition will boost its Security Everywhere approach by adding broad visibility and threat intelligence from the OpenDNS cloud delivered platform.

"As more people, processes, data and things become connected, opportunities for security breaches and malicious threats grow exponentially when away from secure enterprise networks," said Hilton Romanski, Cisco chief technology and strategy officer. "OpenDNS has a strong team with deep security expertise and key technology that complements Cisco's security vision. Together, we will help customers protect their extended network wherever the user is and regardless of the device."

https://www.opendns.com/


  • OpenDNS was founded in 2006 by David Ulevitch. Investors included Sutter Hill Ventures, Greylock Partners, and Sequoia Partners.

Wednesday, June 24, 2015

HackerOne Raises $25 Million for Vulnerability Tracking

HackerOne, a start-up based in San Francisco with offices in the Netherlands, raised $25 million in Series B funding for its vulnerability management and bug bounty platform.

HackerOne, which was created by people who scaled a new security approach at Facebook, Microsoft and Google, relies on the worldwide hacker community to find and disclose software security holes. The company said it can identify security vulnerabilities on a continuous basis, allowing companies to fix issues before attackers have a chance to exploit them.

More than 250 organizations use the HackerOne platform, including Yahoo!, Twitter, Adobe, Dropbox, LinkedIn, Square, Airbnb, Slack, Snapchat, Mail.ru, QIWI and Vimeo. In addition, HackerOne is the founding member of Internet Bug Bounty, a program for hackers to divulge bugs for the most important open source software that supports the Internet, including Ruby on Rails, OpenSSL and Flash.

The company said it has helped companies find nearly 10,000 security holes paying over $3.19 million in bounties to more than 1,500 independent hackers to date. HackerOne runs over 90 public programs as well as invitation-only programs from companies in banking, insurance, retail, technology and telecommunications, among others.

The funding was led by New Enterprise Associates (NEA) and included existing investors Benchmark along with numerous angel investors:  Salesforce Chairman and CEO Marc Benioff, Digital Sky Technologies Founder Yuri Milner, Dropbox CEO and Co-Founder Drew Houston, Yelp CEO and Co-Founder Jeremy Stoppelman, Zenefits COO David Sacks, Riot Games CEO and Co-Founder Brandon Beck, and Berggruen Holdings Chairman Nicolas Berggruen, among others.

“Fulfilling the promise of a safer Internet requires a fundamentally new approach to vulnerability management,” said Merijn Terheggen, co-founder and CEO, HackerOne. “Identifying and fixing software security holes at scale truly takes an army. HackerOne’s early success has been driven entirely by word-of-mouth, proving that our model really works. With this new funding we will be one step closer to our mission of enabling any company to run a world-class vulnerability management program.”

http://www.hackerone.com

Monday, June 8, 2015

Cisco Targets "Security Everywhere," Intros Firepower 9300

Cisco is rolling out a "Security Everywhere" initiative aimed at embedding security throughout the extended network – from the data center out to endpoints, branch offices, and the cloud. The goal is pervasive threat visibility and control for enterprises and service provider networks. To get there, Cisco is adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks.

Cisco is launching the following set of solutions across the entire networking portfolio:

Endpoints: With Cisco AnyConnect Featuring Cisco AMP for Endpoints, customers using the Cisco AnyConnect 4.1 VPN client now can easily deploy and significantly expand their threat
protection to VPN-enabled endpoints to continuously and retrospectively guard against advanced malware.

Campus and Branch: FirePOWER Services solutions for Cisco Integrated Services Rou
ters (ISR) provides centrally managed Next-Generation Intrusion Prevention System (NGIPS) and
Advanced Malware Protection (AMP) at the branch office integrated in the network fabric, where dedicated security appliances may not be feasible.

Network as a Sensor and Enforcer: Cisco has embedded multiple security technologies into the network infrastructure to provide broad threat visibility to rapidly identify users and
devices associated with anomalies, threats and misuse of networks and applications. New capabilities include:

o Broader Integration between Identity Services Engine (ISE) and Lancope StealthWatch: Enterprises can go beyond just mapping IP addresses to identifying threat vectors based
on ISE’s context of who, what, where, when and how users and devices are connected and access network resources. This provides greater contextual threat visibility with
StealthWatch for accelerated identification of threats.

o NetFlow on Cisco UCS: Extending Cisco’s network-as-a-sensor capabilities to the physical and virtual servers, customers now have greater visibility into network traffic
flow patterns and threat intelligence information in the data center.

Using the new embedded security capabilities, Cisco networks now have the ability to automate and dynamically enforce security policies. Customers can segment applications and
users throughout the network – across the extended enterprise to use policy to define which users can get which applications and what traffic can traverse the network then automate
security operations.

o TrustSec + ISE and StealthWatch Integration: StealthWatch can now block suspicious network devices by initiating segmentation changes, providing rapid response to identified
malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with TrustSec technology.

Hosted Identity Services provide a secure, 24/7, cloud-delivered service for the Cisco Identity Services Engine, a security policy management platform that unifies and automates secure
network access control. The new hosted service speeds time to deployment, supporting business growth and providing role-based, context-aware identity enforcement of users and devices permitted on the network, streamlining enterprise mobility experiences.

pxGrid Ecosystem: Eleven new partners have joined the pxGrid Ecosystem with the addition of several new ecosystem technology categories, including cloud security and network/application performance management. pxGrid is Cisco’s security context information exchange fabric that enables security platforms to share information to drive better threat detection, mitigation and overall security operations.

Cisco is also expanding advanced threat-centric protection for its Evolved Programmable Network (EPN), which is its open network architecture designed to advance the adoption of Software Defined Networking (SDN) and Network Functions Virtualization (NFV). Cisco’s new service provider security solutions include the following:

Cisco Firepower 9300 Integrated Security Platform is a carrier-grade, high-performance, scalable and modular multi-services security platform purpose-built for service providers, that
can scale security for increased data flows due to accelerated service demands and carrier class requirements.

Expanded Advanced Orchestration and Cloud Capabilities enable Cisco’s new security solutions to integrate with the Cisco architecture and third-party SDN/NFV solutions, as
well as Cisco’s Adaptive Security Appliance Virtual (ASAv) with Cisco’s Network Service Orchestrator (NSO) and Application-Centric Infrastructure (ACI). These orchestration and cloud capabilities also include open APIs for integration with orchestration, Operation Support Systems/Business Support Systems, and Cloud Security-as-a-Service solutions.

• Advanced features such as secure containers to accommodate future security services and applications. Additionally, Cisco ASA firewall and third-party DDoS mitigation from Radware
are currently supported, with additional capabilities planned for the second half of 2015.

http://www.cisco.com

See also