Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Tuesday, September 8, 2020

CrowdStrike expands support for AWS workloads and containers

CrowdStrike, which offers cloud-delivered endpoint protection, is expanding its support for Amazon Web Services (AWS) with new capabilities that deliver integrations for the compute services and cloud services categories.

“As security becomes an earlier part of the development cycle, development teams must be equipped with solutions that allow them to quickly and effectively build from the ground up the strength and protection needed for the evolving threat landscape,” said Amol Kulkarni, chief product officer of CrowdStrike. “Through our growing integrations with our strong collaboration with AWS, CrowdStrike is providing security teams the scale and tools needed to adopt, innovate and secure technology across any workload with speed and efficiency, making it easier to address security issues in earlier phases of development and providing better, holistic protection and uptime for end users.”

Compute Services

  • AWS Graviton - CrowdStrike provides cloud-native workload protection for Amazon Elastic Compute Cloud (Amazon EC2) A1 instances powered by AWS Graviton Processors, as well as the C6g, M6g and R6g Amazon EC2 instances based on the new Graviton2 Processors. With the Falcon lightweight agent, customers receive the same seamless protection and visibility across different compute instance types with minimal impact on runtime performance. CrowdStrike Falcon secures Linux workloads running on ARM with no requirements for reboots, “scan storms” or invasive signature updates.
  • Amazon WorkSpaces - Amazon WorkSpaces is a fully managed, Desktop-as-a-Service (DaaS) solution that provides users with either Windows or Linux desktops in just a few minutes and can quickly scale to provide thousands of desktops to workers across the globe. CrowdStrike brings its industry-leading prevention and detection capabilities that include machine learning (ML), exploit prevention and behavioral detections to Amazon WorkSpaces, supporting remote workforces without affecting business continuity.
  • Bottlerocket - Bottlerocket, a new Linux-based open source operating system purpose-built by AWS for running containers on virtual machines or bare metal hosts and designed to improve security and operations of organizations’ containerized infrastructure. CrowdStrike Falcon will provide run-time protection, unparalleled endpoint detection and response (EDR) visibility and container awareness, enabling customers to further secure their applications running on Bottlerocket.
Cloud Services
  • AWS PrivateLink - AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications on AWS, without the data having to go over the Internet. 
  • AWS Control Tower - CrowdStrike Falcon Workload Protection seamlessly integrates with AWS Control Tower via API, delivering comprehensive protection and visibility across all Amazon EC2 resources. 

Thursday, September 3, 2020

Verizon tests Quantum Key Distribution

Verizon set-up a trial Quantum Key Distribution (QKD) network in the Washington D.C. area.

Live video was captured outside of three Verizon locations in the D.C. area, including the Washington DC Executive Briefing Center, the 5G Lab in D.C and Verizon’s Ashburn, VA office. Using a QKD network, quantum keys were created and exchanged over a fiber network between Verizon locations. Video streams were encrypted and delivered more securely allowing the recipient to see the video in real-time while ensuring hackers are instantly detected.

A QKD network derives cryptographic keys using the quantum properties of photons to prevent against eavesdropping. Verizon also demonstrated that data can be further secured with keys generated using a Quantum Random Number Generator (QRNG) that creates truly random numbers that can’t be predicted. With QKD, encryption keys are continuously generated and are immune to attacks because any disruption to the channel breaks the quantum state of photons signaling
eavesdroppers are present.

"The use of quantum mechanics is a great step forward in data security,” said Christina Richmond, analyst at IDC. “Verizon's own tests, as well other industry testing, have shown that deriving "secret keys" between two entities via light photons effectively blocks perfect cloning by an eavesdropper if a key intercept is attempted. Current technological breakthroughs have proven that both the quantum channel and encrypted data channel can be sent over a single optical fiber. Verizon has demonstrated this streamlined approach brings greater efficiency for practical large-scale implementation allowing keys to be securely shared over wide-ranging networks.”


https://www.verizon.com/about/news/verizon-achieves-milestone-future-proofing-data-hackers

Monday, August 24, 2020

Palo Alto Networks to acquire The Crypsis Group

Palo Alto Networks agreed to acquire The Crypsis Group, a leading incident response, risk management and digital forensics consulting firm, for $265 million in cash.

The Crypsis Group's more than 150 security consultants have handled some of the most complex and significant cybersecurity incidents, responding to more than 1,300 security engagements per year. The company was named one of the Top 10 Digital Forensics Services Companies of 2019 and 2020 by Enterprise Security magazine.

Palo Alto Networks already provides prevention, detection and response capabilities through its Cortex XDR. The addition of The Crypsis Group's security consulting and forensics capabilities will strengthen Cortex XDR's ability to collect rich security telemetry, manage breaches and initiate rapid response actions. The Crypsis Group's experts and insights will also fuel the Cortex XDR platform with a continuous feedback loop between incident response engagements and product research teams to prevent future cyberattacks. The company expects to integrate The Crypsis Group's processes and technology into Cortex XDR to further enhance its ability to safeguard organizations at every stage of the security lifecycle.

"The proposed acquisition of The Crypsis Group will significantly enhance our position as the cybersecurity partner of choice, while expanding our capabilities and strengthening our Cortex strategy. By joining forces, we will be able to help customers not only predict and prevent cyberattacks but also mitigate the impact of any breach they may face," said Nikesh Arora, chairman and CEO of Palo Alto Networks.

Monday, July 20, 2020

Fortinet acquires OPAQ Networks for SASE

Fortinet has acquired OPAQ Networks, a Secure Access Service Edge (SASE) cloud provider based in Herndon, Virginia. Financial terms were not disclosed.

OPAQ’s Zero Trust Network Access (ZTNA) cloud solution protects organizations’ distributed networks – from data centers, to branch offices, to remote users, and Internet of Things (IoT) devices.

Fortinet said OPAQ’s patented ZTNA solution enhances its own SASE offering to form the best-in-class SASE cloud security platform with the industry’s only true Zero Trust access and security by providing industry-leading next-generation firewall and SD-WAN capabilities, web security, sandboxing, advanced endpoint, identity/multi factor authentication, multi-cloud workload protection, cloud application security broker (CASB), browser isolation, and web application firewalling capabilities.

Ken Xie, Founder, Chairman of the Board, and CEO, states: "The recent SASE market momentum further validates our Security-driven Networking approach and underscores what we’ve been saying for years. In the era of hyperconnectivity and expanding networks, with the network edge stretching across the entire digital infrastructure, networking and security must converge. In fact the acquisition of OPAQ actually further enhances our existing SASE offering. Now, we will deliver the most complete SASE platform on the market with the broadest security and industry-leading SD-WAN and networking offerings that can all be delivered to customers and partners through a flexible, cost efficient and patented zero-trust cloud architecture."

Wednesday, July 15, 2020

Twitter suffers major security breach

Twitter suffered a major security breach impacting the verified accounts of Joe Biden, former President Barack Obama, Bill Gates, Elon Musk, Jeff Bezos, Michael Bloomberg, Apple and many other high-profile users.

The hackers apparently were able to breach the two-factor authentication of multiple users simultaneously, raising the possibility that Twitter's own systems were compromised. An investigation is underway.

 

Thursday, June 18, 2020

Australia hit by sophisticated cyber attack from state actor

The Australian federal government advised of a sophisticated cyber attack targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure.

The Prime Minister's office said it is convinced that a state-based cyber actor is involved because of the scale and nature of the targeting and the tradecraft used.

The attack leverages a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure — primarily through the use of remote code execution vulnerability in unpatched versions of Telerik UI.

https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks

RedShift delivers Cloud Unified Communication Threat Management

RedShift Networks introduced a Cloud Unified Communication Threat Management (UCTM) service for securing communication & collaboration applications for Service Providers and enterprises.

The new UCTM service automates real-time application traffic security including eMeeting, eMessaging and VDI offerings. Defense in depth approaches are well addressed in the data realm but conspicuously absent from real time cloud security until now. RedShift Networks UCTM Cloud addresses this gap with four (4) critical capabilities:

  • Non-blocking application inspection with analytics correlations,
  • Preventing robocalls, VoIP threats, DDoS and TDoS with a real-time threat service,
  • Eliminating more than 40,000 different real time threats from “bad actors” at multiple application layers based on traffic analysis, and
  • Advanced threat protection globally in real-time with a virtual, software or cloud-based solution

These capabilities are also available in RedShift’s on-prem and virtual appliance solution.

“RedShift’s new cloud-native UCTM offering delivers our award-winning product and technology to every type of customer  – Service Providers and Enterprises – in their choice of hardware, software and cloud-based product form factors,” says Amitava Mukherjee, CEO and Co-Founder at RedShift Networks.

https://redshiftnetworks.com/


Monday, June 15, 2020

Intel announces Control-Flow Enforcement Technology

Intel is introducing a new security capability in its silicon microarchitecture to help protect against common malware attack methods that have been a challenge to mitigate with software alone.

Intel's new Control-Flow Enforcement Technology (Intel CET), which will be first available on Intel’s upcoming mobile processor code-named "Tiger Lake," is designed to protect against the misuse of legitimate code through control-flow hijacking attacks – widely used techniques in large classes of malware.

Intel CET offers software developers two key capabilities to help defend against control-flow hijacking malware: indirect branch tracking and shadow stack. Indirect branch tracking delivers indirect branch protection to defend against jump/call-oriented programming (JOP/COP) attack methods. Shadow stack delivers return address protection to help defend against return-oriented programming (ROP) attack methods. These types of attack methods are part of a class of malware referred to as memory safety issues and include tactics such as the corruption of stack buffer overflow and use-after-free.

Microsoft's support Intel CET in Windows 10 is called Hardware-enforced Stack Protection, and a preview of it is available today in Windows 10 Insider Previews. This new Hardware-enforced Stack Protection feature only works on chipsets with Intel CET instructions. It relies on a new CPU architecture that is compliant with Intel CET specifications. For applications running on an OS that supports Intel CET, users can expect detailed guidance from our partners on how applications “opt-in” for protection.

Friday, May 15, 2020

SK Telecom shows 5G phone with quantum random number generator

SK Telecom, together with Samsung Electronics and ID Quantique, demonstrated the first 5G smartphone equipped with a quantum random number generator chipset.

The Samsung Galaxy A Quantum with integrated quantum-enhanced cryptography will allow customers to experience advanced security through two-factor authentication for T-ID, biometric authentication-based payment for SK Pay and mobile e-certification service.

“Securing mobiles phones has become a top priority for mobile operators, who are also looking to generate new revenues,” Says Grégoire Ribordy, co-founder and CEO of ID Quantique. “With its compact size and low power consumption, our latest Quantis QRNG chip can be embedded in any smartphone, to ensure trusted authentication and encryption of sensitive information. It will bring a new level of security to the mobile phone industry.”

  • Last year, SK Telecom and ID Quantique were awarded quantum communication network-building projects in the U.S. and Europe (EU), and applied QRNG to SK Telecom’s 5G authentication center (AuC) for the first time in the world. Going forward, SK Telecom will expand its footprint in the quantum security business by integrating QRNGs to more devices and networks.



Tuesday, May 12, 2020

Taiwan-based MediaTek announces 800G MACsec PHY

MediaTek announced its MT3729 800G (400G dual port) MACsec retimer PHY for data centers and cloud infrastructure.

The new device, which integrates MediaTek’s 56G PAM4 SerDes technology, is available as a standalone application-specific standard part (ASSP) or it can be integrated into a network controller chip.  The MT3729 800G PHY is ideal for line cards or switch fabrics in conjunction with network controller application-specific integrated circuits (ASICs) to build multi-terabit network servers, switches and routers. It enables secure data links and highly accurate precision time protocol (PTP) timestamping.

“With our broad portfolio of networking solutions, MediaTek is meeting the growing bandwidth and security needs of modern network infrastructure, including hyper-scale, cloud, service provider and enterprise networks,” said Jerry Yu, MediaTek Corporate Vice President. “Our MT3729 PHY integrates advanced MACsec-based encryption for secure communications and highly accurate PTP timestamping for the latest 5G synchronization requirements, while also giving our customers different integration options for added flexibility.”

The MT3729 packs four different operation modes:

  • Retimer Mode: Built-in signal enforcement technology extends the SerDes connection distance and transmission to the edge for more precise timestamping. 
  • Forward/Reverse Gearbox Mode: Support for bitrate translation between 56G and 28G links enables next generation switches to seamlessly connect with existing infrastructure.
  • MUX/DeMUX Mode: Hitless MUX and broadcast switching meets networking redundancy requirements. 
  • MACsec Mode: IEEE 802.1AE MACsec support enables secure communications with AES-128 and AES-256 encryption from 1G to 400G per port.

The MT3729 PHY supports up to 16 bi-directional links at 56G PAM4, up to 28G NRZ SerDes and 1G SGMII. To meet the stringent 5G infrastructure timing requirements, the MT3729 supports IEEE 1588v2 and SyncE up to Class-C for greater accuracy and more flexibility with timestamping formats.

ADVA supports Quantum-Secure VPN (QuaSiModO) project

ADVA is playing a key role in a unique research initiative extending post-quantum security to VPN networks.

The company has supplied its ADVA FSP 150 with ConnectGuard Ethernet encryption for the Quantum-Secure VPN Modules and Operation Modes (QuaSiModO) project, which is being conducted by the Fraunhofer Institute of Applied and Integrated Security, the Ludwig Maximilian University of Munich and genua GmbH. Funding is provided by the German Federal Ministry of Education and Research.

The QuaSiModO project is testing new quantum-resistant algorithms in the packet domain. The goal is to develop viable security solutions that can protect Layer 2 and 3 data against all forms of cyberattack, including those from quantum computers.

“As part of the QuaSiModO project, we’re continuing to drive innovation in future-proof cryptography. This initiative extends comprehensive post-quantum security to VPNs and enables businesses and government institutions to protect their data from tomorrow’s attacks,” said Jörg-Peter Elbers, SVP, advanced technology, ADVA. “Together with our partners, we’re ensuring that network security technology doesn’t fall behind in the computing power race. Our role in the project combines our experience with transport layer post-quantum security and our proven expertise when it comes to encrypting Carrier Ethernet connectivity. We’re helping to create a solution able to protect packet services today and ready to be upgraded later to comply with emerging specifications from standards bodies such as the USA’s National Institute of Standards and Technology.”

“When quantum computers emerge, they’ll be able to quickly crack complex problems that would take today’s most powerful supercomputers many years to solve. That’s why enterprises, governments and communication service providers are looking to leverage security technology built on quantum-safe algorithms,” commented Alexander von Gernler, head of research, genua GmbH. “For a decade, we’ve been focused on the threat posed by large quantum computers, and much of our work in recent years has been about developing practical quantum-resistant signatures and key establishment protocols. Now, we’re leading the QuaSiModO consortium, working with ADVA and the other partners to bring post-quantum security to network Layers 2 and 3, and deliver the robust future-proof protection that classical encryption technologies simply can’t.”

https://www.adva.com/en/newsroom/press-releases/20200512-adva-brings-post-quantum-security-to-packet-networks

https://www.genua.de/en/news/insights/2019/new-quasimodo-research-project-launched.html


Europe's OPENQKD uses ADVA for quantum key distribution

The OPENQKD project, whose mission is to create and trial a secure communication network across Europe based on quantum key distribution (QKD), will leverage ADVA's FSP 3000 and FSP 150 platforms.

ADVA will provide optical and Ethernet encryptors as well as open line systems for multiple testbed locations.

OPENQKD, which is funded by the European Commission, seeks to accelerate the commercial adoption of QKD technology and to promote interoperability through an ecosystem of 38 partners, including academic institutions, network operators, and manufacturers of network and QKD equipment.

“By bringing our technology and expertise to the OPENQKD project, we’re helping to address vital security issues in critical communications. Whether in telecoms or government networks, quantum hacking puts the long-term security of sensitive data at risk,” said Helmut Grießer, director, advanced technology, ADVA. “Our ConnectGuard™ encryption technology has earned a strong reputation for protecting service provider and enterprise networks while ensuring highest capacity, lowest latency and maximum scale. In OPENQKD, we’ll demonstrate in practical use cases how our ConnectGuard™ technology can be augmented with QKD to make encrypted communication resistant against quantum computer attacks.”

https://www.adva.com/en/newsroom/press-releases/20200128-adva-to-play-key-role-in-openqkd-project

Quantum Network Link goes live in UK

The world’s first commercial-grade quantum test network link is now operational between the BT Labs in Suffolk and the Cambridge node of the UK’s new Quantum Network, which is being built by the Quantum Communications Hub, a collaboration between research and industry, supported by the UK’s National Quantum Technologies Programme. The new connection stretches from BT’s Adastral Park research campus near Ipswich in the East of England, to Cambridge. The wider UKQN network then extends onward over the National Dark Fibre Infrastructure Service to Bristol in the South-West.

The link uses over 125km of standard BT optical fibre between Cambridge and Adastral Park, with BT Exchanges acting as ‘trusted nodes’ along the route. The link will carry both quantum and non-quantum traffic; the QKD technique shares data encryption keys via an ultra-secure quantum channel over the same fibre that carries the encrypted data itself.

ADVA confirmed that its FSP 3000 is playing a key role in the new UKQNtel transport network secured by quantum key distribution (QKD). As part of an initiative led by QComm Hub, and with partners BT, ID Quantique and the universities of Cambridge and York, ADVA has constructed a QKD link capable of carrying classical and quantum channels on the same standard, installed fiber.

Tuesday, February 18, 2020

Telco Security Alliance share threat intelligence

The Telco Security Alliance, whose members include AT&T, Singtel and Telefónica, announced new collaborative efforts to detect and eliminate threats from customer environments.

The hope is that by continuously sharing the latest threat intelligence and indicators of compromise (IoCs) related to cybersecurity threats and global attack campaigns, operators can help organizations as the threat landscape evolves.

Telco Security Alliance threat intelligence is derived from multiple sources including anonymized data from alliance member security operations centers and security investigations. By pooling valuable information on new malware campaigns and indicators of compromise from ongoing attacks, our customers gain a more global and complete view of cybersecurity developments that may impact operations.

Joint threat intelligence sharing will allow our security analysts to take more proactive means to combat malicious activities. We will accomplish this by writing and pushing signatures for newly discovered malware and phishing campaigns across customer products and environments down to individual endpoints. The different feeds serving the threat intelligence instruments will utilize the AT&T Alien Labs® Open Threat Exchange® (OTX™) platform.

The Telco Security Alliance formed by AT&T, Etisalat, Singtel, SoftBank and Telefónica, is the first global security alliance between telecom operators. The alliance aims to improve each member’s ability to respond rapidly to cybersecurity threats. The Telco Security Alliance aims to help enterprises and government agencies address the growing threat of cyber-attacks and the evolving threat landscape. AT&T, Singtel and Telefónica are the first Telco Security Alliance members to participate in the threat intelligence sharing initiative but expansion to other members is planned.

“Access to global actionable threat intelligence has become increasingly crucial as cyber threats traverse sovereign boundaries,” said Chng Tien San, Global Head of Alliances at Trustwave, a Singtel company. “Trustwave helps enterprises perform continuous threat detection and response, and we look forward to our continued collaboration with the Telco Security Alliance as we collectively help businesses embrace digital transformation securely.”

“Our customers demand us to deliver contextualized threat intelligence, delivering as many details as possible to reveal undetected attacks. By leveraging the Alliance members’ most relevant IoCs into one single platform, it will allow us to improve our detection and response, and the emerging playbooks will let our analysts focus on the analysis and investigations of the advanced threat defeating techniques,” said Sebastián García de Saint-Léger, Telco Sector manager at ElevenPaths, Telefónica’s cybersecurity unit.

“This relationship supports the global fight against cybercrime,” said Jaime Blasco, AVP of Product Development for AT&T Cybersecurity. “This initiative already proved valuable to AT&T’s visibility into current threats, and as we continue to work together, our focus is on utilizing this relationship to deliver better threat intelligence to our customers.”

Thursday, January 23, 2020

CloudKnox raises $12M for identity authorization for cloud

CloudKnox Security, a start-up based in Sunnyvale, California, raised $12 million for its work in identity authorization for hybrid and multi-cloud environments.

CloudKnox recently added new privilege-on-demand, auto remediation and anomaly detection capabilities, integration with AWS IAM Access Analyzer and support for VMware Cloud on AWS. The company was also recently awarded two patents: the first for activity-based access control in heterogeneous environments; and the second for a method and system to detect discrepancy in infrastructure security configurations.

The funding round was led by Sorenson Ventures with participation from early investors, including ClearSky Security, Dell Technologies Capital and Foundation Capital. This brings total funding raised to date to $22.75M.

CloudKnox also announced several key additions to the company’s board and executive team. Stephen Ward, CISO at The Home Depot; Ken Elefant, managing partner at Sorenson Ventures and Suresh Batchu, co-founder and CTO at MobileIron, joined the company’s Board of Directors. The company also appointed John Donnelly as vice president of sales. John has more than 30 years of experience as a sales leader, including roles as VP of sales for MobileIron, Vontu and, most recently, as a sales advisor for ClearSky Security and Wing Venture Capital.

“We’ve seen exceptional growth from customers and prospects looking to address the number one risk in their cloud infrastructure,” said Balaji Parimi, CEO and founder at CloudKnox Security. “This positioned us to pre-emptively secure another round of funding to leverage strong market adoption and accelerate our customer expansion. We’re delighted to have Sorenson Ventures join our current investors, who continue to show their commitment to our success, welcome John to our team, and Stephen and Suresh to our board.”

Wednesday, January 22, 2020

Automating Threat Awareness in Networks



Thanks to breakthroughs in behavioral analytics, threat intelligence continues to advance. How can points-of-enforcement leverage these gains to build more secure networks?

Samantha Madrid, Vice President of Network Security Business & Strategy, Juniper Networks, discusses strategic considerations for connected security.

For more great insights from top thought leaders and access to free market reports visit https://nginfrastructure.com/

NETSCOUT brings its next gen DDoS protection for Service Providers

NETSCOUT SYSTEMS introduced a new solution for delivering DDoS visibility and protection for service providers and large enterprises. Arbor Sightline with Sentinel combines core ARBOR NETWORKS and NETSCOUT Layer 7 technologies with intelligent analytics, machine learning, and automation.

“A majority of the world’s internet service providers, along with data center operators and large network operators, rely on NETSCOUT Arbor solutions for advanced DDoS protection,” said Tom Lyons, vice president of product management, NETSCOUT. "Sightline with Sentinel significantly builds upon NETSCOUT’s Smart Data technology, which uses its patented Adaptive Service Intelligence (ASI) technology leveraging Layer 7 visibility and intelligent analytics to deliver smart visibility and detection that identifies application-layer threats at Terabit scale. NETSCOUT is the first to deliver inter-provider signaling to give ISPs and large network operators the means to coordinate their attack response. Also, Sightline with Sentinel provides orchestrated mitigation that allows the network to play an active role as a defense shield to block threats closer to the network’s edge, enabling next-generation always-on, value-added services.”

For ISPs, Sightline with Sentinel leverages NETSCOUT Smart Data to provide service- and application-layer visibility, augmenting flow data to deliver additional insight and enabling OTT service analysis and content delivery optimization across complex, high-scale networks. Using Layer 7 visibility, Sightline with Sentinel will provide ISPs with a deep understanding of the services their customers use, as well as allow them to detect a broader range of application-layer threats to enable a new breed of visibility and security value-added services.

Through inter-provider signaling, Sightline with Sentinel allows for sharing of attack data between ISPs and large network operators regionally and across the globe. The new inter-provider signaling function allows these network operators to share their attack data and proactively coordinate defense against DDoS attacks, stopping them nearer to their source.

http://www.netscout.com

Tuesday, January 7, 2020

MYHSM brings Payment Hardware Security to Equinix

MYHSM, which offers Payment Hardware Security Modules (HSMs) as a Service, will host its equipment on Platform Equinix and use Equinix connectivity services.

Equinix operates over 200 data centers around the world with access to all Tier 1 Network routes and with a 99.9999% uptime record.

MYHSM that Equinix data centers are certified to PCI DSS (Payment Card Industry Data Security Standard) meaning that payments organisations across the world can now secure their transactions by connecting to MYHSM’s PCI PIN certified service with high levels of performance, security, and reliability, in a fully PCI-compliant environment.

John Cragg, CEO at MYHSM, commented: “MYHSM is delighted to be working with Equinix, which is a real enabler for the payments industry. We are now partners with the global leader in interconnection as well as with Thales, the global leader in Payment HSMs. These partnerships put us in pole position to meet not only the existing demand for Payment HSM as a Service but also the explosive growth being generated by the dash for the cloud which is happening all around us."

https://myhsm.com

Thursday, December 5, 2019

CyrusOne hit by ransomware attack

CyrusOne was hit by a ransomware attack impacting at least six of its data center colocation managed services customers.

In a statement, CyrusOne said its working to restore availability after a ransomware program encrypted certain devices. The customers are primarily serviced by CyrusOne’s New York Data Center.

CyrusOne’s data center colocation services, including IX and IP Network Services, are not involved in this incident.

CyrusOne said it is working closely with third-party experts and legal authorities to address this matter.

https://cyrusone.com/

Monday, November 4, 2019

Broadcom completes acquisition of Symantec Enterprise Security

Broadcom completed its previously-announced acquisition of Symantec's Enterprise Security Business.

The acquired product portfolio includes enterprise endpoint security, web security services, cloud security and data loss prevention.

The deal was valued at $10.7 billion in cash when it was first announced in August.

Symantec's Enterprise Security business will now operate as the Symantec Enterprise division of Broadcom and will be led by Art Gilliland as SVP and General Manager. Mr. Gilliland most recently served as General Manager of Symantec's Enterprise Security business where he oversaw the Enterprise Security product and engineering teams, Enterprise Security Worldwide Sales and the Enterprise Security customer support organization. He brings more than 20 years of experience in the security software industry.

"Today represents an important milestone as Symantec's Enterprise Security business joins our other semiconductor and software franchises that together form the Broadcom platform," said Hock Tan, President and Chief Executive Officer of Broadcom. "Symantec's Enterprise Security business expands our footprint of mission critical infrastructure software for the Global 2000. We are pleased to welcome the talented team of employees at Symantec Enterprise Security to the Broadcom family."

Thursday, October 24, 2019

Blueprint column: Stop the intruders at the door!

by Prayson Pate, CTO, Edge Cloud, ADVA

Security is one of the biggest concerns about cloud computing. And securing the cloud means stopping intruders at the door by securing its onramp – the edge. How can edge cloud can be securely deployed, automatically, at scale, over public internet?

The bad news is that it’s impossible to be 100% secure, especially when you bring internet threats into the mix.

The good news is that we can make it so difficult for intruders that they move on to easier targets. And we can ensure that we contain and limit the damage if they do get in.

To achieve that requires an automated and layered approach. Automation ensures that policies are up to date, passwords and keys are rotated, and patches and updates are applied. Layering means that breaching one barrier does not give the intruder the keys to the kingdom. Finally, security must be designed in – not tacked on as an afterthought.

Let’s take a closer look at what edge cloud is, and how we can build and deliver it, securely and at scale.

Defining and building the edge cloud

Before we continue with the security discussion, let’s talk about what we mean by edge cloud.

Edge cloud is the delivery of cloud resources (compute, networking, and storage) to the perimeter of the network and the usage of those resources for both standard compute loads (micro-cloud) as well as for communications infrastructure (uCPE, SD-WAN, MEC, etc.), as shown below.
For maximum utility, we must build edge cloud in a manner consistent with public cloud. For many applications that means using standard open source components such as Linux, KVM and OpenStack, and supporting both virtual machines and containers.

One of the knocks against OpenStack is its heavy footprint. A standard data center deployment for OpenStack includes one or more servers for the OpenStack controller, with OpenStack agents running on each of the managed nodes.

It’s possible to optimize this model for edge cloud by slimming down the OpenStack controller and running it the same node as the managed resources. In this model, all the cloud resources – compute, storage, networking and control – reside in the same physical device. In other words, it’s a “cloud in a box.” This is a great model for edge cloud, and gives us the benefits of a standard cloud model in a small footprint.

Security out of the box

Security at an edge cloud starts when the hosting device or server is installed and initialized. We believe that the best way to accomplish this is with secure zero-touch provisioning (ZTP) of the device over public IP.

The process starts when an unconfigured server is delivered to an end user. Separately, the service provider sends a digital key to the end user. The end user powers up the server and enters the digital key. The edge cloud software builds a secure tunnel from the customer site to the ZTP server, and delivers the security key to identify and authenticate the edge cloud deployment. This step is essential to prevent unauthorized access if the hosting server is delivered to the wrong location. At that point, the site-specific configuration can be applied using the secure tunnel.

The secure tunnel doesn’t go away once the ZTP process completes. The management and orchestration (MANO) software uses the management channel for ongoing control and monitoring of the edge cloud. This approach provides security even when the connectivity is over public IP.

Security on the edge cloud

One possible drawback to the distributed compute resources and interface in an edge cloud model is an increased attack surface for hackers. We must defend edge cloud nodes with layered security at the device, including:
• Application layer – software-based encryption of data plane traffic at Layers 2, 3, or 4 as part of platform, with the addition of third-party firewall/UTM as a part of the service chain
• Management layer – two-factor authentication at customer site with encryption of management and user tunnels
• Virtualization layer – safeguard against VM escape (protecting one VM from another, and prevention of rogue management system connectivity to hypervisor) and VNF attestation via checksum validation
• Network layer – Modern encryption along with Layer 2 and Layer 3 protocols and micro-segmentation to separate management traffic from user traffic, and to protect both

Security of the management software

Effective automation of edge cloud deployments requires sophisticated MANO software, including the ZTP machinery. All of this software must be able to communicate with the managed edge cloud nodes, and do so securely. This means the use of modern security gateways to both protect the MANO software, as well as to provide the secure management tunnels for connectivity.

But that’s not enough. The MANO software should support scalable deployments and tenancy. Scalability should be built using modern techniques so that tools like load balancers can be used to support scaleout. Tenancy is a useful tool to separate customers or regions and to contain security breaches.

Security is an ongoing process

Hackers aren’t standing still, and neither can we. We must perform ongoing security scans of the software to ensure that vulnerabilities are not introduced. We must also monitor the open source distributions and apply patches as needed. A complete model would include:
Automated source code verification by tools such as Protecode and Black Duck
Automated functional verification by tools such as Nessus and OpenSCAP
Monitoring of vulnerability within open source components such as Linux and OpenStack
Following recommendations from the OpenStack Security Group (OSSG) to identify security vulnerabilities and required patches
Application of patches and updates as needed

Build out the cloud, but secure it

The move to the cloud means embracing multi-cloud models, and that should include edge cloud deployments for optimization of application deployment. But ensuring security at those distributed edge cloud nodes means applying a security in an automated and layered approach. There are tools and methods to realize this approach, but it takes discipline and dedication to do so.

Sunday, August 11, 2019

McAfee acquires NanoSec for container security

McAfee has acquired NanoSec, a start-up offering a multi-cloud, zero-trust application and security platform for containers. Financial terms were not disclosed.

NanoSec developed a wrapper technology that works as an agent and runs on any flavor of Linux and many flavors of Windows OS. NanoSec also provides an agentless Container scanning and Config Audit (including CIS Benchmarks). The NanoSec Intelligent backend can be hosted by the customer on any midsize server on-premise/cloud or as a SaaS service.

Nanosec is based in Santa Clara, California and Bengaluru, Karnataka, India.

McAfee said the acquisition will enable organizations to improve governance and compliance and to reduce risk of their cloud and container deployments. NanoSec’s security capabilities will be applied to applications and workloads deployed in containers and Kubernetes and will be integrated into McAfee MVISION Cloud and MVISION Server Protection offerings. These capabilities include continuous configuration compliance and vulnerability assessment as well as runtime application-level segmentation for detecting and preventing lateral movement of threats.

“NanoSec’s technology is a natural extension for McAfee MVISION Cloud, enhancing our current CASB and CWPP products, and adding to our ‘Shift-Left’ capabilities to deliver on the DevSecOps best practice to improve governance and security," said Rajiv Gupta, senior vice president and general manager of the cloud security business unit, McAfee.

“Joining forces with McAfee means that our groundbreaking capabilities including our unique application-identity based approach for app-level protection and micro-segmentation will be available on a global scale,” said Vishwas Manral, founder and CEO of NanoSec.