Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Wednesday, May 12, 2021

Biden's cybersecurity order mandates zero-trust for federal networks

In the wake of recent cybersecurity incidents, notably SolarWinds, Microsoft Exchange, and Colonial Pipeline, President Biden signed an executive order aimed at improving the nation's cybersecurity posture. 

Here are the highlights:

Remove Barriers to Threat Information Sharing Between Government and the Private Sector. The Executive Order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information. 

Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period.  The Federal government must increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.

Improve Software Supply Chain Security. The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely. 

Establish a Cybersecurity Safety Review Board. The Executive Order establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. 

Create a Standard Playbook for Responding to Cyber Incidents. The Executive Order creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat.  The playbook will also provide the private sector with a template for its response efforts.

Improve Detection of Cybersecurity Incidents on Federal Government Networks. The Executive Order improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.

Improve Investigative and Remediation Capabilities. The Executive Order creates cybersecurity event log requirements for federal departments and agencies. 

https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/

Tuesday, May 11, 2021

ADVA FSP 150 multi-layer demarc adds MACsec encryption

ADVA announced an upgraded FSP 150 multi-layer demarcation solution with precise timing and MACsec encryption capabilities.

The new member of the ADVA FSP 150 programmable demarcation and edge compute portfolio supports 10 Gbps MEF 3.0 Carrier Ethernet and IP services, provides precise synchronization capabilities and now features hardware-based encryption. 

“Our FSP 150-XG118Pro (CSH) provides a simple and affordable route to high-capacity Carrier Ethernet connectivity with the highest levels of data protection. Unique in our industry, this compact and cost-efficient device combines demarcation, edge compute, synchronization and encryption,” said James Buchanan, GM, Edge Cloud, ADVA. “No other single solution offers all the features of our FSP 150-XG118Pro (CSH). Straight out of the box, it delivers data encryption compliant with the strictest standards in the industry, including FIPS 140-3. Our FSP 150-XG118Pro (CSH) has multi-layer demarcation capabilities as well as precise synchronization delivery. What’s more, its edge computing capabilities and open SDN control make it a key component for industrial IoT applications.”

https://www.adva.com/en/newsroom/press-releases/20210511-adva-adds-encryption-to-flagship-10g-edge-device

Sunday, May 9, 2021

Cyber attack on U.S. fuel pipeline may be most serious to date

The Colonial Pipeline Company, the leading fuel pipeline operator in the United States responsible for transporting over 100 million gallons of fuel daily, confirmed that it is the target of a ransomware attack.

On Friday, the company was forced to take IT systems offline to contain the threat, effectively halting all pipeline operations. 

Colonial Pipeline supplies an estimated 45% of the fuel for the East Coast of the United States.

As of Sunday evening, Colonial Pipeline had not yet established a timeline for when operations would be restored.

Media reports attribute the attack to a criminal organization known as DarkSide and not a nation-state.

Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, states "We are engaged with the company and our interagency partners regarding this situation. This underscores the threat that ransomware poses to organizations regardless of size or sector. "

Thursday, April 29, 2021

Vectra AI raises $130 million for automated threat detection/response

Vectra AI, a start-up based in San Jose, California, announced $130 million in new funding for its work in automated cyber threat detection and response. The company's mission is "to see and stop threats before they become breaches."

“Over the past year, we have witnessed a continuous series of the most impactful and widespread cyberattacks in history. To protect their employees and digital assets, our customers require security solutions that are smarter than today’s adversaries and provide coverage for cloud, data centers and SaaS applications” said Hitesh Sheth, president and chief executive officer at Vectra. “As we look to the future, Blackstone’s global presence, operational resources, and in-house technology expertise will help us achieve our mission to become one of the dominant cybersecurity companies in the world.”

The new $130 funding round was led by funds managed by Blackstone Growth. This brings Vectra's total funding since inception to more than $350 million at a post-money $1.2 billion valuation.

Viral Patel, a Senior Managing Director at Blackstone, said: “Vectra has a proven ability to stop in-progress attacks in the cloud, on corporate networks, and in private data centers for some of the top organizations in the world. The company has experienced extraordinary success through its commitment to combining innovative AI technology, first-class customer service, and top talent, and Blackstone is excited to become part of the Vectra team.”

For 2020, the Vectra reported a compound annual growth rate (CAGR) exceeding 100 percent, while sales of its Cognito Detect product for Microsoft Office 365 have grown at a rate of over 700 percent. 

http://www.vectra.ai

  • Vectra AI is headed by Hitesh Sheth (president and CEO), who previously was chief operating officer at Aruba Networks. Hitesh joined Aruba from Juniper Networks, where he was EVP/GM for its switching business and before that, SVP for the Service Layer Technologies group, which included security. Prior to Juniper, Hitesh held a number of senior management positions at Cisco.

Monday, April 19, 2021

Dutch report: Huawei backdoor into KPN's mobile network

The Dutch newspaper Volksrant published a report alleging that Huawei had full access to KPN's mobile subscriber traffic as far back as 2010. 

The report states that although KPN was aware that Huawei had gained uncontrolled and unauthorized access to the core of the KPN mobile network, the company did not disclose the security threat to the public. 

The story is picked up by other leading European news media.

For its part, Huawei has denied the allegations, saying it never had access to the prime minister's phone conversations nor those of anyone else in the country. 


KPN picks Ericsson for 5G core


 KPN has awarded a five year contract to Ericsson to deploy dual-mode 5G Core software with full support services, including an accompanying systems integration program with third-line support services.

The secure cloud-native dual-mode Ericsson 5G Core will allow KPN to meet increasing data demands of customers in existing consumer markets, as well as pursue new 5G innovation opportunities in emerging enterprise segments supported by enhanced network slicing capabilities. 

Arun Bansal, President of Europe and Latin America, Ericsson, says: ”We are pleased to expand our 100-year partnership with KPN through our technology-leading 5G Core solutions. We will work closely with KPN to ensure that consumers and enterprises in the Netherlands can benefit from the emerging opportunities of 5G as it embraces digitalization. Ericsson’s cloud-native dual-mode 5G Core provides the cutting-edge, container-based, microservice architecture that will help KPN to both develop new business models as well as move onto the next level of network operational efficiency.”

Monday, April 12, 2021

Biden nominates National Cyber Director and CISA Director

 President Biden will nominate Chris Inglis as the firstNational Cyber Director and Jen Easterly as the Director of the Cybersecurity and Infrastructure Agency. 


John Chris Inglis is a former Deputy Director of the National Security Agency.

Jen Easterly is a former Army intelligence officer and currently Head of Firm Resilience and the Fusion Resilience Center at Morgan Stanley.

https://www.whitehouse.gov/

Monday, March 8, 2021

DARPA launches Data Protection in Virtual Environments

The U.S. Defense Advanced Research Projects Agency (DARPA) launched an initiative called the Data Protection in Virtual Environments (DPRIVE) program which seeks to develop a hardware accelerator for Fully Homomorphic Encryption (FHE).

Fully homomorphic encryption enables users to compute on always-encrypted data, or cryptograms. The data never needs to be decrypted, reducing the potential for cyberthreats.

DPRIVE aims to design and implement a hardware accelerator for FHE computations that is capable of drastically speeding up FHE calculations, making the technology more accessible for sensitive defense applications as well as commercial use.

DARPA has selected four teams of researchers to lead the initiative: Duality Technologies, Galois, SRI International, and Intel Federal. Each team will develop an FHE accelerator hardware and software stack that reduces the computational overhead required to make FHE calculations to a speed comparable to similar unencrypted data operations. The teams will create accelerator architectures that are flexible, scalable, and programmable, but will also explore various approaches with different native word sizes. Current standard CPUs are based on 64-bit words, which are the units of data that determine a particular processor’s design. Word size directly relates to the signal-to-noise ratio of how encrypted data is stored and processed, as well as the error generated each time an FHE calculation is processed. The selected DPRIVE research teams will explore various approaches covering a diversity of word sizes – from 64 bits to thousands of bits – to solve the challenge.

In addition, teams are exploring novel approaches to memory management, flexible data structures and programming models, and formal verification methods to ensure the FHE implementation is correct-by-design and provides confidence to the user. As the co-design of FHE algorithms, hardware, and software is critical to the successful creation of the target DPRIVE accelerator, each team is bringing varied technical expertise to the program as well as in-depth knowledge on FHE.

“We currently estimate we are about a million times slower to compute in the FHE world then we are in the plaintext world. The goal of DPRIVE is to bring FHE down to the computational speeds we see in plaintext. If we are able to achieve this goal while positioning the technology to scale, DPRIVE will have a significant impact on our ability to protect and preserve data and user privacy,” concluded Rondeau.

“Fully homomorphic encryption remains the holy grail in the quest to keep data secure while in use. Despite strong advances in trusted execution environments and other confidential computing technologies to protect data while at rest and in transit, data is unencrypted during computation, opening the possibility of potential attacks at this stage. This frequently inhibits our ability to fully share and extract the maximum value out of data. We are pleased to be chosen as a technology partner by DARPA and look forward to working with them as well as Microsoft to advance this next chapter in confidential computing and unlock the promise of fully homomorphic encryption for all,” stated Rosario Cammarota, principal engineer, Intel Labs, and principal investigator, DARPA DPRIVE program.

For its part, Intel says it plans to design an application-specific integrated circuit (ASIC) accelerator to reduce the performance overhead currently associated with fully homomorphic encryption. When fully realized, the accelerator could deliver a massive improvement in executing FHE workloads over existing CPU-driven systems, potentially reducing cryptograms’ processing time by five orders of magnitude.

With its expertise in cloud infrastructure, software stacks and fully homomorphic encryption, Microsoft will be a critical partner in accelerating the commercialization of this technology when ready, enabling free data sharing and collaboration while promoting privacy throughout the data life cycle.

“We are pleased to bring our expertise in cloud computing and homomorphic encryption to the DARPA DPRIVE program, collaborating with Intel to advance this transformative technology when ready into commercial usages that will help our customers close the last-mile gap in data confidentiality —– keeping data fully secure and private, whether in storage, transit or use,” said Dr. William Chappell, chief technology officer, Azure Global, and vice president, Mission Systems, Microsoft.


Sunday, March 7, 2021

Microsoft Exchange hit by state-sponsored hackers from China

Microsoft warned enterprises using its on-premises Exchange Server platforms of multiple 0-day exploits being used in limited and targeted attacks. The exploit does not affect Microsoft 365 or Azure Cloud deployments.

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures. HAFNIUM, which primarily targets entities in the United States across a number of industry sectors,  exfiltrates data to file sharing sites like MEGA. The group is believed to use leased virtual private servers (VPS) in the United States to launch their attacks

In the attacks observed, HAFNIUM used the newly discovered vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. 

According to media reports, the attack potentially compromised up to 30,000 organizations.

Microsoft has released out-of-band security updates to address four vulnerabilities in Exchange Server. In addition, Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities.

Separately, the U.S. Cybersecurity and Infrastructure Security Agency issued a directive requiring federal civilian departments and agencies running Microsoft Exchange on-premises products to update or disconnect the products from their networks.

In addition, the European Banking Authority confirmed that it was compromised by the attack, and that as a precautionary measure, the EBA has decided to take its email systems offline.

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/



Tuesday, February 16, 2021

Palo Alto Networks to acquire Bridgecrew

Palo Alto Networks agreed to acquire Bridgecrew, a developer-first cloud security company, for approximately $156 million in cash. 

Bridgecrew, which is based in San Francisco, is a pioneer in shift left, focusing on infrastructure as code (IaC), where infrastructure configuration is codified during development. The company’s developer-first IaC security platform offers developers and DevOps teams a systematic way to enforce infrastructure security standards throughout the development lifecycle. The proposed acquisition will enable Prisma Cloud to provide developers with security assessment and enforcement capabilities throughout the DevOps process.

Bridgecrew’s open-source IaC scanner, Checkov, has gained significant early traction with developers, surpassing 1 million downloads in 2020 — its first full year of availability. 

"Shift left security is a must-have in any cloud security platform. Developers don’t want to wait until runtime to find out their security is not working, and the CISO charged with protecting the entire organization certainly values higher security from fixing issues earlier in the development lifecycle. We are thrilled to welcome Bridgecrew, and their widely adopted and trusted developer security platform, to Palo Alto Networks. When combined, Prisma Cloud customers will benefit from having security embedded in the very foundation of their cloud infrastructure," says Nikesh Arora, chairman and CEO of Palo Alto Networks.


Styra cites rapid growth of its cloud-native Open Policy Agent authorization

Privately-held Styra, the founders of Open Policy Agent (OPA) and provides of cloud-native authorization, reported over 300 percent growth year-over-year in 2020. The company's employee headcount grew by 90% during the year.

The company said the rapid adoption of its Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. 

In 2020, OPA was awarded graduated status from the Cloud Native Computing Foundation (CNCF) after meeting the foundation’s criteria for community growth and project adoption.  OPA downloads increased from 6 million to over 35 million in 2020.

“OPA adoption across all use cases over the last year has been phenomenal,” said Torin Sandall, vice president of open source at Styra. “We’ve seen the community grow in every measurable way. Slack and openpolicyagent.org membership and participation has more than doubled, the number of public repositories on GitHub containing .rego files has also doubled and the number of Docker image downloads has gone from 6M to over 39M. We attribute much of this growth to the efforts of the community and to the need for a robust authorization policy-as-code solution in the cloud native ecosystem.”


Open Policy Agent: Building a standard for cloud-native authorization

Here is a quick introduction to Open Policy Agent (OPA), which is now a Cloud Native Computing Foundation incubating project, and which provides an open source, general-purpose policy engine for cloud infrastructure.

The cloud-native stack is becoming so complex and distributed that a common, application autorization mechanism is necessary.

 In this video, Bill Mann, CEO of Styra, talks about how OPA is gaining momentum as the de facto approach for establishing authorization policies across cloud native environments. Styra pioneered OPA. Its founding team of Tim Hinrichs and Teemu Koponen previously played key roles in the development of software-defined networking and network virtualization at Nicira.

https://youtu.be/U-a91ylm8uw

Monday, December 21, 2020

Arista begins Attack Surface Assessment service

Arista Networks will begin offering an Attack Surface Assessment, an advanced security service delivered through the recent acquisition of Awake Security, a start-up offering a Network Detection and Response (NDR) platform. 

Arista's new offering finds threats to devices and applications known to the IT and security teams, as well as shadow IT and unmanaged infrastructure across client to campus, data center and cloud.

“Sophisticated threats are no longer reliant on traditional malware,” said Rahul Kashyap, Vice President and General Manager, Arista’s NDR Security Division. “The recent supply chain attacks have exposed gaps in security programs. This new offering reinforces our commitment to help our customers defend against Sunburst and future threats.”

For more details on Awake’s approach to detecting supply chains threats like the SolarWinds / Sunburst campaign, see the blog at

https://awakesecurity.com/blog/detecting-supply-chain-threats-like-solarwinds-sunburst/

Arista to acquire Awake Security

Arista Networks agreed to acquire Awake Security, a start-up offering a Network Detection and Response (NDR) platform. Financial terms were not disclosed.

Awake, which is based in Santa Clara, California, combines artificial intelligence (AI) with human expertise to autonomously hunt and respond to insider and external threats. The Awake platform analyzes network traffic and autonomously identifies, assesses, and processes threats. 

"We see an exciting future for Awake within the Arista family," said Rahul Kashyap, CEO for Awake Security. “Awake pioneered NDR platforms for real-time AI-driven situational awareness to secure digital assets and then respond to mitigate those risks. This acquisition allows us to further that mission.”

"We warmly welcome Awake Security to the Arista team,” stated Anshul Sadana, COO for Arista Networks. “With the proliferation of users, devices and Internet of Things (IOT), Awake’s best of breed threat detection platform is synergistic with Arista’s market leading cognitive cloud networks, delivering proactive security for our customers.”

  • In April 2020, Awake Security, raised $36 million in Series C financing led by Evolution Equity Partners with participation from Energize Ventures and Liberty Global Ventures, as well as existing investors Bain Capital Ventures and Greylock Partners. The latest investment brings Awake’s total funding to nearly $80 million and will be used to propel expansion in areas including R&D, sales and marketing to meet the growing demand for the company’s advanced network traffic analysis platform. Awake also said that it has increased its annual recurring revenue (ARR) by close to 700% and doubled its employee headcount over the past year. 

Sunday, December 20, 2020

Palo Alto Networks responds to SolarStorm

In a company blog post, Nikesh Arora, CEO of Palo Alto Networks, writes: "We will soon be talking about this as one of the most serious cyberattacks in history. Tainted updates to SolarWinds Orion software were distributed for months before they were identified, positioning attackers to obtain administrative privileges and establish long-term network access – potential for a complete compromise of an organization by malicious actors. We must come together to defend against an attack of this magnitude."

Also discussed in the posting:

  • Palo Alto Networks itself experienced an attempt to download Cobalt Strike on one of its IT SolarWinds servers, but its Cortex XDR instantly blocked the attempt with our Behavioral Threat Prevention capability and our SOC isolated the server.
  • Due to the disclosures on December 13, the company has reanalyzed its entire infrastructure extensively one more time to ensure that it has not been compromised.
  • Arora remains confident that Palo Alto Networks continues to be secure.
  • Palo Alto Networks is now offering a free SolarStorm rapid assessment to determine if customers have been compromised by this threat actor.

Thursday, December 17, 2020

U.S. scrambles to assess damage from nation-state cyberattack

U.S. government officials warned that the cyberattack identified earlier this week has compromised dozens of federal government networks and likely thousands of private networks globally.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) announced a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to the infiltration of U.S. government networks arising from the SolarWinds backdoor hack.

CISA issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network.

CISA said the infiltration "poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."

Some notes from CISA about the attack:

  • Compromises began at least as early as March 2020
  • This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks.
  • The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged.
  • Not all organizations that have the backdoor delivered through SolarWinds Orion have been targeted by the adversary with follow-on actions.
  • Organizations with suspected compromises need to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans. 
  • The adversary is making extensive use of obfuscation to hide their C2 communications. 
  • CISA has observed the threat actor adding authentication tokens and credentials to highly privileged Active Directory domain accounts as a persistence and escalation mechanism. In many instances, the tokens enable access to both on-premise and hosted resources.

Some recommendations from CISA:

  • Out-of-band communications guidance for staff and leadership;
  • An outline of what “normal business” is acceptable to be conducted on the suspect network;
  • A call tree for critical contacts and decision making; and
  • Considerations for external communications to stakeholders and media.

https://www.cisa.gov/ 

https://us-cert.cisa.gov/ncas/alerts/aa20-352a

Microsoft President Brad Smith stated "this latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms." 

Microsoft also noted that the initial list of victims includes not only government agencies, but security and other technology firms as well as non-governmental organizations.

https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/




  • On December 13, FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware. The attacker is using multiple techniques to evade detection and obscure their activity, which includes espionage and data theft. FireEye has released signatures to detect this threat actor and supply chain attack in the wild. 
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

Tuesday, December 8, 2020

Fireeye reports cyber attack by a nation state

FireEye confirmed that it was recently attacked by a highly sophisticated cyber threat actor in what it believes was as a state-sponsored attack. 

Kevin Mandia, FireEye's Chief Executive Officer,said the attackers tailored their world-class capabilities specifically to target certain Red Team assessment tools that the company uses to test its customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. 

FireEye will now need to release the methods and means to detect the use of the stolen Red Team tools. This includes more than 300 countermeasures to minimize the potential impact of the theft of these tools. 

FireEye also said that, consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers. 

https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

Thursday, October 29, 2020

HGC Global Communications signs MoU with CyberSecurity Malaysia

HGC Global Communications Limited (HGC) and CyberSecurity Malaysia, the national cybersecurity specialist and technical agency under the Ministry of Communications and Multimedia Malaysia (KKMM), signed a Memorandum of Understanding (MoU) that provides a framework under which HGC will facilitate its portfolio of critical cybersecurity skillsets to the telecommunications industry whilst fostering increased cybersecurity innovation by enabling CyberSecurity Malaysia to achieve its purpose of overcoming national cyber security challenges and deliver greater ICT benefits to Internet users.

The MoU will cover cybersecurity cooperation in key areas including telecom security, IoT security and threats intelligence. The parties said their exchange of information on telecommunication networks, ICT solutions and cybersecurity can further improve cyberattack readiness and prevention measures.

Ravindran Mahalingam, HGC's SVP of International Business, said: "Cybersecurity is a paramount asset, key to HGC's vision of a connected world. As a global telecommunications service provider, we are committed to promoting sustainable development of technological innovations, keeping cybersecurity at the centre of business solutions. More, cybersecurity is important in a smart city as the infrastructure can be vulnerable and needs to avoid any breaches. HGC is dedicated to support cybersecurity for ICT and network initiatives, ensuring a secure and reliable digital business environment."

Dato' Ts. Dr. Haji Amirudin Bin Abdul Wahab, CyberSecurity Malaysia's Chief Executive Officer, said: "Today, cyber security is a major concern for most industries and the vulnerabilities are rising at an alarming rate; hence IT professionals are in high demand to analyse and overcome these threats. Moreover, these attacks could have been dealt with if those businesses have better cyber resilience. Organizations today are beginning to complement their cybersecurity strategies with cyber resilience. CyberSecurity Malaysia, a national cyber security specialist and technical center under the purview of the Ministry of Communications and Multimedia Malaysia, identifies collaboration as one way to strengthen the cybersecurity ecosystem in Malaysia. "

Thursday, October 1, 2020

Cisco to acquire Portshift for Kubernetes-native security platform

 Cisco agreed to acquire Portshift, a start-up based in Tel Aviv, Israel, offering a Kubernetes-native security platform. Financial terms were not disclosed.

Portshift is focused on application security solutions. Its platform adopts an agentless approach using a Kubernetes admission controller for seamless integration and native enforcement. This serves as Kubernetes-native guardrails for deployed containers.

In a blog post, Cisco's Liz Centoni writes that "Portshift aligns to Cisco’s approach of providing secure connectivity between users, devices and apps, wherever they reside; visibility and actionable insights from the end user to the application; a simplified consumption model that includes cloud-first Secure Access Service Edge (SASE) capabilities; commitment to an open source and open standards philosophy; and breaking down the siloes between developers, security teams, infrastructure teams, operations and SRE teams."

https://www.portshift.io/

Monday, September 28, 2020

Arista to acquire Awake Security

Arista Networks agreed to acquire Awake Security, a start-up offering a Network Detection and Response (NDR) platform. Financial terms were not disclosed.

Awake, which is based in Santa Clara, California, combines artificial intelligence (AI) with human expertise to autonomously hunt and respond to insider and external threats. The Awake platform analyzes network traffic and autonomously identifies, assesses, and processes threats. 

"We see an exciting future for Awake within the Arista family," said Rahul Kashyap, CEO for Awake Security. “Awake pioneered NDR platforms for real-time AI-driven situational awareness to secure digital assets and then respond to mitigate those risks. This acquisition allows us to further that mission.”

"We warmly welcome Awake Security to the Arista team,” stated Anshul Sadana, COO for Arista Networks. “With the proliferation of users, devices and Internet of Things (IOT), Awake’s best of breed threat detection platform is synergistic with Arista’s market leading cognitive cloud networks, delivering proactive security for our customers.”

  • In April 2020, Awake Security, raised $36 million in Series C financing led by Evolution Equity Partners with participation from Energize Ventures and Liberty Global Ventures, as well as existing investors Bain Capital Ventures and Greylock Partners. The latest investment brings Awake’s total funding to nearly $80 million and will be used to propel expansion in areas including R&D, sales and marketing to meet the growing demand for the company’s advanced network traffic analysis platform. Awake also said that it has increased its annual recurring revenue (ARR) by close to 700% and doubled its employee headcount over the past year. 




 

MobileIron to be acquired by Ivanti for $872 million in cash

 Ivanti, which offers enterprise-grade IT management and security software solutions, agreed to acquire all outstanding shares of MobileIron (NASDAQ:MOBL) for $872 million in cash. MobileIron stockholders will receive $7.05 in cash per share, representing a 27% premium to the unaffected closing price as of September 24, 2020.

MobileIron’s mobile security platform combines unified endpoint management (UEM) capabilities with passwordless multi-factor authentication (Zero Sign-On) and mobile threat defense (MTD) to validate the device, establish user context, verify the network, and detect and remediate threats. This ensures that only authorized users, devices, apps, and services can access business resources in a “work from everywhere” world. The MobileIron platform is used by over 20,000 organizations.

Ivanti also announced it has entered into an agreement to acquire Pulse Secure LLC, a leading provider of Secure Access and mobile security solutions to enterprise customers.

Privately-held Ivanti, which is based in South Jordan, Utah, is backed by Clearlake Capital Group, L.P. and TA Associates Management L.P..

“By combining MobileIron and Pulse Secure with Ivanti, we are creating a leader in the large and growing Unified Endpoint Management, Security and Enterprise Service Management markets. We now have the most comprehensive set of software solutions that addresses the growing market demand for the future of work, where working from anywhere on any device type is the new normal,” said Jim Schaper, Ivanti Chairman and CEO. “With the integration of our industry knowledge and complementary product offerings, Ivanti will be well positioned to provide our expansive customer base with the critical tools needed to tackle IT challenges in the new normal. We welcome MobileIron’s and Pulse Secure’s employees, customers, and partner network to the Ivanti family, and thank Clearlake and TA Associates for their strong support in enabling these transformational transactions.”

https://www.ivanti.com/




Tuesday, September 8, 2020

CrowdStrike expands support for AWS workloads and containers

CrowdStrike, which offers cloud-delivered endpoint protection, is expanding its support for Amazon Web Services (AWS) with new capabilities that deliver integrations for the compute services and cloud services categories.

“As security becomes an earlier part of the development cycle, development teams must be equipped with solutions that allow them to quickly and effectively build from the ground up the strength and protection needed for the evolving threat landscape,” said Amol Kulkarni, chief product officer of CrowdStrike. “Through our growing integrations with our strong collaboration with AWS, CrowdStrike is providing security teams the scale and tools needed to adopt, innovate and secure technology across any workload with speed and efficiency, making it easier to address security issues in earlier phases of development and providing better, holistic protection and uptime for end users.”

Compute Services

  • AWS Graviton - CrowdStrike provides cloud-native workload protection for Amazon Elastic Compute Cloud (Amazon EC2) A1 instances powered by AWS Graviton Processors, as well as the C6g, M6g and R6g Amazon EC2 instances based on the new Graviton2 Processors. With the Falcon lightweight agent, customers receive the same seamless protection and visibility across different compute instance types with minimal impact on runtime performance. CrowdStrike Falcon secures Linux workloads running on ARM with no requirements for reboots, “scan storms” or invasive signature updates.
  • Amazon WorkSpaces - Amazon WorkSpaces is a fully managed, Desktop-as-a-Service (DaaS) solution that provides users with either Windows or Linux desktops in just a few minutes and can quickly scale to provide thousands of desktops to workers across the globe. CrowdStrike brings its industry-leading prevention and detection capabilities that include machine learning (ML), exploit prevention and behavioral detections to Amazon WorkSpaces, supporting remote workforces without affecting business continuity.
  • Bottlerocket - Bottlerocket, a new Linux-based open source operating system purpose-built by AWS for running containers on virtual machines or bare metal hosts and designed to improve security and operations of organizations’ containerized infrastructure. CrowdStrike Falcon will provide run-time protection, unparalleled endpoint detection and response (EDR) visibility and container awareness, enabling customers to further secure their applications running on Bottlerocket.
Cloud Services
  • AWS PrivateLink - AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications on AWS, without the data having to go over the Internet. 
  • AWS Control Tower - CrowdStrike Falcon Workload Protection seamlessly integrates with AWS Control Tower via API, delivering comprehensive protection and visibility across all Amazon EC2 resources. 

Thursday, September 3, 2020

Verizon tests Quantum Key Distribution

Verizon set-up a trial Quantum Key Distribution (QKD) network in the Washington D.C. area.

Live video was captured outside of three Verizon locations in the D.C. area, including the Washington DC Executive Briefing Center, the 5G Lab in D.C and Verizon’s Ashburn, VA office. Using a QKD network, quantum keys were created and exchanged over a fiber network between Verizon locations. Video streams were encrypted and delivered more securely allowing the recipient to see the video in real-time while ensuring hackers are instantly detected.

A QKD network derives cryptographic keys using the quantum properties of photons to prevent against eavesdropping. Verizon also demonstrated that data can be further secured with keys generated using a Quantum Random Number Generator (QRNG) that creates truly random numbers that can’t be predicted. With QKD, encryption keys are continuously generated and are immune to attacks because any disruption to the channel breaks the quantum state of photons signaling
eavesdroppers are present.

"The use of quantum mechanics is a great step forward in data security,” said Christina Richmond, analyst at IDC. “Verizon's own tests, as well other industry testing, have shown that deriving "secret keys" between two entities via light photons effectively blocks perfect cloning by an eavesdropper if a key intercept is attempted. Current technological breakthroughs have proven that both the quantum channel and encrypted data channel can be sent over a single optical fiber. Verizon has demonstrated this streamlined approach brings greater efficiency for practical large-scale implementation allowing keys to be securely shared over wide-ranging networks.”


https://www.verizon.com/about/news/verizon-achieves-milestone-future-proofing-data-hackers