Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Tuesday, February 16, 2021

Palo Alto Networks to acquire Bridgecrew

Palo Alto Networks agreed to acquire Bridgecrew, a developer-first cloud security company, for approximately $156 million in cash. 

Bridgecrew, which is based in San Francisco, is a pioneer in shift left, focusing on infrastructure as code (IaC), where infrastructure configuration is codified during development. The company’s developer-first IaC security platform offers developers and DevOps teams a systematic way to enforce infrastructure security standards throughout the development lifecycle. The proposed acquisition will enable Prisma Cloud to provide developers with security assessment and enforcement capabilities throughout the DevOps process.

Bridgecrew’s open-source IaC scanner, Checkov, has gained significant early traction with developers, surpassing 1 million downloads in 2020 — its first full year of availability. 

"Shift left security is a must-have in any cloud security platform. Developers don’t want to wait until runtime to find out their security is not working, and the CISO charged with protecting the entire organization certainly values higher security from fixing issues earlier in the development lifecycle. We are thrilled to welcome Bridgecrew, and their widely adopted and trusted developer security platform, to Palo Alto Networks. When combined, Prisma Cloud customers will benefit from having security embedded in the very foundation of their cloud infrastructure," says Nikesh Arora, chairman and CEO of Palo Alto Networks.


Styra cites rapid growth of its cloud-native Open Policy Agent authorization

Privately-held Styra, the founders of Open Policy Agent (OPA) and provides of cloud-native authorization, reported over 300 percent growth year-over-year in 2020. The company's employee headcount grew by 90% during the year.

The company said the rapid adoption of its Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. 

In 2020, OPA was awarded graduated status from the Cloud Native Computing Foundation (CNCF) after meeting the foundation’s criteria for community growth and project adoption.  OPA downloads increased from 6 million to over 35 million in 2020.

“OPA adoption across all use cases over the last year has been phenomenal,” said Torin Sandall, vice president of open source at Styra. “We’ve seen the community grow in every measurable way. Slack and openpolicyagent.org membership and participation has more than doubled, the number of public repositories on GitHub containing .rego files has also doubled and the number of Docker image downloads has gone from 6M to over 39M. We attribute much of this growth to the efforts of the community and to the need for a robust authorization policy-as-code solution in the cloud native ecosystem.”


Open Policy Agent: Building a standard for cloud-native authorization

Here is a quick introduction to Open Policy Agent (OPA), which is now a Cloud Native Computing Foundation incubating project, and which provides an open source, general-purpose policy engine for cloud infrastructure.

The cloud-native stack is becoming so complex and distributed that a common, application autorization mechanism is necessary.

 In this video, Bill Mann, CEO of Styra, talks about how OPA is gaining momentum as the de facto approach for establishing authorization policies across cloud native environments. Styra pioneered OPA. Its founding team of Tim Hinrichs and Teemu Koponen previously played key roles in the development of software-defined networking and network virtualization at Nicira.

https://youtu.be/U-a91ylm8uw

Monday, December 21, 2020

Arista begins Attack Surface Assessment service

Arista Networks will begin offering an Attack Surface Assessment, an advanced security service delivered through the recent acquisition of Awake Security, a start-up offering a Network Detection and Response (NDR) platform. 

Arista's new offering finds threats to devices and applications known to the IT and security teams, as well as shadow IT and unmanaged infrastructure across client to campus, data center and cloud.

“Sophisticated threats are no longer reliant on traditional malware,” said Rahul Kashyap, Vice President and General Manager, Arista’s NDR Security Division. “The recent supply chain attacks have exposed gaps in security programs. This new offering reinforces our commitment to help our customers defend against Sunburst and future threats.”

For more details on Awake’s approach to detecting supply chains threats like the SolarWinds / Sunburst campaign, see the blog at

https://awakesecurity.com/blog/detecting-supply-chain-threats-like-solarwinds-sunburst/

Arista to acquire Awake Security

Arista Networks agreed to acquire Awake Security, a start-up offering a Network Detection and Response (NDR) platform. Financial terms were not disclosed.

Awake, which is based in Santa Clara, California, combines artificial intelligence (AI) with human expertise to autonomously hunt and respond to insider and external threats. The Awake platform analyzes network traffic and autonomously identifies, assesses, and processes threats. 

"We see an exciting future for Awake within the Arista family," said Rahul Kashyap, CEO for Awake Security. “Awake pioneered NDR platforms for real-time AI-driven situational awareness to secure digital assets and then respond to mitigate those risks. This acquisition allows us to further that mission.”

"We warmly welcome Awake Security to the Arista team,” stated Anshul Sadana, COO for Arista Networks. “With the proliferation of users, devices and Internet of Things (IOT), Awake’s best of breed threat detection platform is synergistic with Arista’s market leading cognitive cloud networks, delivering proactive security for our customers.”

  • In April 2020, Awake Security, raised $36 million in Series C financing led by Evolution Equity Partners with participation from Energize Ventures and Liberty Global Ventures, as well as existing investors Bain Capital Ventures and Greylock Partners. The latest investment brings Awake’s total funding to nearly $80 million and will be used to propel expansion in areas including R&D, sales and marketing to meet the growing demand for the company’s advanced network traffic analysis platform. Awake also said that it has increased its annual recurring revenue (ARR) by close to 700% and doubled its employee headcount over the past year. 

Sunday, December 20, 2020

Palo Alto Networks responds to SolarStorm

In a company blog post, Nikesh Arora, CEO of Palo Alto Networks, writes: "We will soon be talking about this as one of the most serious cyberattacks in history. Tainted updates to SolarWinds Orion software were distributed for months before they were identified, positioning attackers to obtain administrative privileges and establish long-term network access – potential for a complete compromise of an organization by malicious actors. We must come together to defend against an attack of this magnitude."

Also discussed in the posting:

  • Palo Alto Networks itself experienced an attempt to download Cobalt Strike on one of its IT SolarWinds servers, but its Cortex XDR instantly blocked the attempt with our Behavioral Threat Prevention capability and our SOC isolated the server.
  • Due to the disclosures on December 13, the company has reanalyzed its entire infrastructure extensively one more time to ensure that it has not been compromised.
  • Arora remains confident that Palo Alto Networks continues to be secure.
  • Palo Alto Networks is now offering a free SolarStorm rapid assessment to determine if customers have been compromised by this threat actor.

Thursday, December 17, 2020

U.S. scrambles to assess damage from nation-state cyberattack

U.S. government officials warned that the cyberattack identified earlier this week has compromised dozens of federal government networks and likely thousands of private networks globally.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) announced a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to the infiltration of U.S. government networks arising from the SolarWinds backdoor hack.

CISA issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network.

CISA said the infiltration "poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."

Some notes from CISA about the attack:

  • Compromises began at least as early as March 2020
  • This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks.
  • The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged.
  • Not all organizations that have the backdoor delivered through SolarWinds Orion have been targeted by the adversary with follow-on actions.
  • Organizations with suspected compromises need to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans. 
  • The adversary is making extensive use of obfuscation to hide their C2 communications. 
  • CISA has observed the threat actor adding authentication tokens and credentials to highly privileged Active Directory domain accounts as a persistence and escalation mechanism. In many instances, the tokens enable access to both on-premise and hosted resources.

Some recommendations from CISA:

  • Out-of-band communications guidance for staff and leadership;
  • An outline of what “normal business” is acceptable to be conducted on the suspect network;
  • A call tree for critical contacts and decision making; and
  • Considerations for external communications to stakeholders and media.

https://www.cisa.gov/ 

https://us-cert.cisa.gov/ncas/alerts/aa20-352a

Microsoft President Brad Smith stated "this latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms." 

Microsoft also noted that the initial list of victims includes not only government agencies, but security and other technology firms as well as non-governmental organizations.

https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/




  • On December 13, FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware. The attacker is using multiple techniques to evade detection and obscure their activity, which includes espionage and data theft. FireEye has released signatures to detect this threat actor and supply chain attack in the wild. 
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

Tuesday, December 8, 2020

Fireeye reports cyber attack by a nation state

FireEye confirmed that it was recently attacked by a highly sophisticated cyber threat actor in what it believes was as a state-sponsored attack. 

Kevin Mandia, FireEye's Chief Executive Officer,said the attackers tailored their world-class capabilities specifically to target certain Red Team assessment tools that the company uses to test its customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. 

FireEye will now need to release the methods and means to detect the use of the stolen Red Team tools. This includes more than 300 countermeasures to minimize the potential impact of the theft of these tools. 

FireEye also said that, consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers. 

https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

Thursday, October 29, 2020

HGC Global Communications signs MoU with CyberSecurity Malaysia

HGC Global Communications Limited (HGC) and CyberSecurity Malaysia, the national cybersecurity specialist and technical agency under the Ministry of Communications and Multimedia Malaysia (KKMM), signed a Memorandum of Understanding (MoU) that provides a framework under which HGC will facilitate its portfolio of critical cybersecurity skillsets to the telecommunications industry whilst fostering increased cybersecurity innovation by enabling CyberSecurity Malaysia to achieve its purpose of overcoming national cyber security challenges and deliver greater ICT benefits to Internet users.

The MoU will cover cybersecurity cooperation in key areas including telecom security, IoT security and threats intelligence. The parties said their exchange of information on telecommunication networks, ICT solutions and cybersecurity can further improve cyberattack readiness and prevention measures.

Ravindran Mahalingam, HGC's SVP of International Business, said: "Cybersecurity is a paramount asset, key to HGC's vision of a connected world. As a global telecommunications service provider, we are committed to promoting sustainable development of technological innovations, keeping cybersecurity at the centre of business solutions. More, cybersecurity is important in a smart city as the infrastructure can be vulnerable and needs to avoid any breaches. HGC is dedicated to support cybersecurity for ICT and network initiatives, ensuring a secure and reliable digital business environment."

Dato' Ts. Dr. Haji Amirudin Bin Abdul Wahab, CyberSecurity Malaysia's Chief Executive Officer, said: "Today, cyber security is a major concern for most industries and the vulnerabilities are rising at an alarming rate; hence IT professionals are in high demand to analyse and overcome these threats. Moreover, these attacks could have been dealt with if those businesses have better cyber resilience. Organizations today are beginning to complement their cybersecurity strategies with cyber resilience. CyberSecurity Malaysia, a national cyber security specialist and technical center under the purview of the Ministry of Communications and Multimedia Malaysia, identifies collaboration as one way to strengthen the cybersecurity ecosystem in Malaysia. "

Thursday, October 1, 2020

Cisco to acquire Portshift for Kubernetes-native security platform

 Cisco agreed to acquire Portshift, a start-up based in Tel Aviv, Israel, offering a Kubernetes-native security platform. Financial terms were not disclosed.

Portshift is focused on application security solutions. Its platform adopts an agentless approach using a Kubernetes admission controller for seamless integration and native enforcement. This serves as Kubernetes-native guardrails for deployed containers.

In a blog post, Cisco's Liz Centoni writes that "Portshift aligns to Cisco’s approach of providing secure connectivity between users, devices and apps, wherever they reside; visibility and actionable insights from the end user to the application; a simplified consumption model that includes cloud-first Secure Access Service Edge (SASE) capabilities; commitment to an open source and open standards philosophy; and breaking down the siloes between developers, security teams, infrastructure teams, operations and SRE teams."

https://www.portshift.io/

Monday, September 28, 2020

Arista to acquire Awake Security

Arista Networks agreed to acquire Awake Security, a start-up offering a Network Detection and Response (NDR) platform. Financial terms were not disclosed.

Awake, which is based in Santa Clara, California, combines artificial intelligence (AI) with human expertise to autonomously hunt and respond to insider and external threats. The Awake platform analyzes network traffic and autonomously identifies, assesses, and processes threats. 

"We see an exciting future for Awake within the Arista family," said Rahul Kashyap, CEO for Awake Security. “Awake pioneered NDR platforms for real-time AI-driven situational awareness to secure digital assets and then respond to mitigate those risks. This acquisition allows us to further that mission.”

"We warmly welcome Awake Security to the Arista team,” stated Anshul Sadana, COO for Arista Networks. “With the proliferation of users, devices and Internet of Things (IOT), Awake’s best of breed threat detection platform is synergistic with Arista’s market leading cognitive cloud networks, delivering proactive security for our customers.”

  • In April 2020, Awake Security, raised $36 million in Series C financing led by Evolution Equity Partners with participation from Energize Ventures and Liberty Global Ventures, as well as existing investors Bain Capital Ventures and Greylock Partners. The latest investment brings Awake’s total funding to nearly $80 million and will be used to propel expansion in areas including R&D, sales and marketing to meet the growing demand for the company’s advanced network traffic analysis platform. Awake also said that it has increased its annual recurring revenue (ARR) by close to 700% and doubled its employee headcount over the past year. 




 

MobileIron to be acquired by Ivanti for $872 million in cash

 Ivanti, which offers enterprise-grade IT management and security software solutions, agreed to acquire all outstanding shares of MobileIron (NASDAQ:MOBL) for $872 million in cash. MobileIron stockholders will receive $7.05 in cash per share, representing a 27% premium to the unaffected closing price as of September 24, 2020.

MobileIron’s mobile security platform combines unified endpoint management (UEM) capabilities with passwordless multi-factor authentication (Zero Sign-On) and mobile threat defense (MTD) to validate the device, establish user context, verify the network, and detect and remediate threats. This ensures that only authorized users, devices, apps, and services can access business resources in a “work from everywhere” world. The MobileIron platform is used by over 20,000 organizations.

Ivanti also announced it has entered into an agreement to acquire Pulse Secure LLC, a leading provider of Secure Access and mobile security solutions to enterprise customers.

Privately-held Ivanti, which is based in South Jordan, Utah, is backed by Clearlake Capital Group, L.P. and TA Associates Management L.P..

“By combining MobileIron and Pulse Secure with Ivanti, we are creating a leader in the large and growing Unified Endpoint Management, Security and Enterprise Service Management markets. We now have the most comprehensive set of software solutions that addresses the growing market demand for the future of work, where working from anywhere on any device type is the new normal,” said Jim Schaper, Ivanti Chairman and CEO. “With the integration of our industry knowledge and complementary product offerings, Ivanti will be well positioned to provide our expansive customer base with the critical tools needed to tackle IT challenges in the new normal. We welcome MobileIron’s and Pulse Secure’s employees, customers, and partner network to the Ivanti family, and thank Clearlake and TA Associates for their strong support in enabling these transformational transactions.”

https://www.ivanti.com/




Tuesday, September 8, 2020

CrowdStrike expands support for AWS workloads and containers

CrowdStrike, which offers cloud-delivered endpoint protection, is expanding its support for Amazon Web Services (AWS) with new capabilities that deliver integrations for the compute services and cloud services categories.

“As security becomes an earlier part of the development cycle, development teams must be equipped with solutions that allow them to quickly and effectively build from the ground up the strength and protection needed for the evolving threat landscape,” said Amol Kulkarni, chief product officer of CrowdStrike. “Through our growing integrations with our strong collaboration with AWS, CrowdStrike is providing security teams the scale and tools needed to adopt, innovate and secure technology across any workload with speed and efficiency, making it easier to address security issues in earlier phases of development and providing better, holistic protection and uptime for end users.”

Compute Services

  • AWS Graviton - CrowdStrike provides cloud-native workload protection for Amazon Elastic Compute Cloud (Amazon EC2) A1 instances powered by AWS Graviton Processors, as well as the C6g, M6g and R6g Amazon EC2 instances based on the new Graviton2 Processors. With the Falcon lightweight agent, customers receive the same seamless protection and visibility across different compute instance types with minimal impact on runtime performance. CrowdStrike Falcon secures Linux workloads running on ARM with no requirements for reboots, “scan storms” or invasive signature updates.
  • Amazon WorkSpaces - Amazon WorkSpaces is a fully managed, Desktop-as-a-Service (DaaS) solution that provides users with either Windows or Linux desktops in just a few minutes and can quickly scale to provide thousands of desktops to workers across the globe. CrowdStrike brings its industry-leading prevention and detection capabilities that include machine learning (ML), exploit prevention and behavioral detections to Amazon WorkSpaces, supporting remote workforces without affecting business continuity.
  • Bottlerocket - Bottlerocket, a new Linux-based open source operating system purpose-built by AWS for running containers on virtual machines or bare metal hosts and designed to improve security and operations of organizations’ containerized infrastructure. CrowdStrike Falcon will provide run-time protection, unparalleled endpoint detection and response (EDR) visibility and container awareness, enabling customers to further secure their applications running on Bottlerocket.
Cloud Services
  • AWS PrivateLink - AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications on AWS, without the data having to go over the Internet. 
  • AWS Control Tower - CrowdStrike Falcon Workload Protection seamlessly integrates with AWS Control Tower via API, delivering comprehensive protection and visibility across all Amazon EC2 resources. 

Thursday, September 3, 2020

Verizon tests Quantum Key Distribution

Verizon set-up a trial Quantum Key Distribution (QKD) network in the Washington D.C. area.

Live video was captured outside of three Verizon locations in the D.C. area, including the Washington DC Executive Briefing Center, the 5G Lab in D.C and Verizon’s Ashburn, VA office. Using a QKD network, quantum keys were created and exchanged over a fiber network between Verizon locations. Video streams were encrypted and delivered more securely allowing the recipient to see the video in real-time while ensuring hackers are instantly detected.

A QKD network derives cryptographic keys using the quantum properties of photons to prevent against eavesdropping. Verizon also demonstrated that data can be further secured with keys generated using a Quantum Random Number Generator (QRNG) that creates truly random numbers that can’t be predicted. With QKD, encryption keys are continuously generated and are immune to attacks because any disruption to the channel breaks the quantum state of photons signaling
eavesdroppers are present.

"The use of quantum mechanics is a great step forward in data security,” said Christina Richmond, analyst at IDC. “Verizon's own tests, as well other industry testing, have shown that deriving "secret keys" between two entities via light photons effectively blocks perfect cloning by an eavesdropper if a key intercept is attempted. Current technological breakthroughs have proven that both the quantum channel and encrypted data channel can be sent over a single optical fiber. Verizon has demonstrated this streamlined approach brings greater efficiency for practical large-scale implementation allowing keys to be securely shared over wide-ranging networks.”


https://www.verizon.com/about/news/verizon-achieves-milestone-future-proofing-data-hackers

Monday, August 24, 2020

Palo Alto Networks to acquire The Crypsis Group

Palo Alto Networks agreed to acquire The Crypsis Group, a leading incident response, risk management and digital forensics consulting firm, for $265 million in cash.

The Crypsis Group's more than 150 security consultants have handled some of the most complex and significant cybersecurity incidents, responding to more than 1,300 security engagements per year. The company was named one of the Top 10 Digital Forensics Services Companies of 2019 and 2020 by Enterprise Security magazine.

Palo Alto Networks already provides prevention, detection and response capabilities through its Cortex XDR. The addition of The Crypsis Group's security consulting and forensics capabilities will strengthen Cortex XDR's ability to collect rich security telemetry, manage breaches and initiate rapid response actions. The Crypsis Group's experts and insights will also fuel the Cortex XDR platform with a continuous feedback loop between incident response engagements and product research teams to prevent future cyberattacks. The company expects to integrate The Crypsis Group's processes and technology into Cortex XDR to further enhance its ability to safeguard organizations at every stage of the security lifecycle.

"The proposed acquisition of The Crypsis Group will significantly enhance our position as the cybersecurity partner of choice, while expanding our capabilities and strengthening our Cortex strategy. By joining forces, we will be able to help customers not only predict and prevent cyberattacks but also mitigate the impact of any breach they may face," said Nikesh Arora, chairman and CEO of Palo Alto Networks.

Monday, July 20, 2020

Fortinet acquires OPAQ Networks for SASE

Fortinet has acquired OPAQ Networks, a Secure Access Service Edge (SASE) cloud provider based in Herndon, Virginia. Financial terms were not disclosed.

OPAQ’s Zero Trust Network Access (ZTNA) cloud solution protects organizations’ distributed networks – from data centers, to branch offices, to remote users, and Internet of Things (IoT) devices.

Fortinet said OPAQ’s patented ZTNA solution enhances its own SASE offering to form the best-in-class SASE cloud security platform with the industry’s only true Zero Trust access and security by providing industry-leading next-generation firewall and SD-WAN capabilities, web security, sandboxing, advanced endpoint, identity/multi factor authentication, multi-cloud workload protection, cloud application security broker (CASB), browser isolation, and web application firewalling capabilities.

Ken Xie, Founder, Chairman of the Board, and CEO, states: "The recent SASE market momentum further validates our Security-driven Networking approach and underscores what we’ve been saying for years. In the era of hyperconnectivity and expanding networks, with the network edge stretching across the entire digital infrastructure, networking and security must converge. In fact the acquisition of OPAQ actually further enhances our existing SASE offering. Now, we will deliver the most complete SASE platform on the market with the broadest security and industry-leading SD-WAN and networking offerings that can all be delivered to customers and partners through a flexible, cost efficient and patented zero-trust cloud architecture."

Wednesday, July 15, 2020

Twitter suffers major security breach

Twitter suffered a major security breach impacting the verified accounts of Joe Biden, former President Barack Obama, Bill Gates, Elon Musk, Jeff Bezos, Michael Bloomberg, Apple and many other high-profile users.

The hackers apparently were able to breach the two-factor authentication of multiple users simultaneously, raising the possibility that Twitter's own systems were compromised. An investigation is underway.

 

Thursday, June 18, 2020

Australia hit by sophisticated cyber attack from state actor

The Australian federal government advised of a sophisticated cyber attack targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure.

The Prime Minister's office said it is convinced that a state-based cyber actor is involved because of the scale and nature of the targeting and the tradecraft used.

The attack leverages a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure — primarily through the use of remote code execution vulnerability in unpatched versions of Telerik UI.

https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks

RedShift delivers Cloud Unified Communication Threat Management

RedShift Networks introduced a Cloud Unified Communication Threat Management (UCTM) service for securing communication & collaboration applications for Service Providers and enterprises.

The new UCTM service automates real-time application traffic security including eMeeting, eMessaging and VDI offerings. Defense in depth approaches are well addressed in the data realm but conspicuously absent from real time cloud security until now. RedShift Networks UCTM Cloud addresses this gap with four (4) critical capabilities:

  • Non-blocking application inspection with analytics correlations,
  • Preventing robocalls, VoIP threats, DDoS and TDoS with a real-time threat service,
  • Eliminating more than 40,000 different real time threats from “bad actors” at multiple application layers based on traffic analysis, and
  • Advanced threat protection globally in real-time with a virtual, software or cloud-based solution

These capabilities are also available in RedShift’s on-prem and virtual appliance solution.

“RedShift’s new cloud-native UCTM offering delivers our award-winning product and technology to every type of customer  – Service Providers and Enterprises – in their choice of hardware, software and cloud-based product form factors,” says Amitava Mukherjee, CEO and Co-Founder at RedShift Networks.

https://redshiftnetworks.com/


Monday, June 15, 2020

Intel announces Control-Flow Enforcement Technology

Intel is introducing a new security capability in its silicon microarchitecture to help protect against common malware attack methods that have been a challenge to mitigate with software alone.

Intel's new Control-Flow Enforcement Technology (Intel CET), which will be first available on Intel’s upcoming mobile processor code-named "Tiger Lake," is designed to protect against the misuse of legitimate code through control-flow hijacking attacks – widely used techniques in large classes of malware.

Intel CET offers software developers two key capabilities to help defend against control-flow hijacking malware: indirect branch tracking and shadow stack. Indirect branch tracking delivers indirect branch protection to defend against jump/call-oriented programming (JOP/COP) attack methods. Shadow stack delivers return address protection to help defend against return-oriented programming (ROP) attack methods. These types of attack methods are part of a class of malware referred to as memory safety issues and include tactics such as the corruption of stack buffer overflow and use-after-free.

Microsoft's support Intel CET in Windows 10 is called Hardware-enforced Stack Protection, and a preview of it is available today in Windows 10 Insider Previews. This new Hardware-enforced Stack Protection feature only works on chipsets with Intel CET instructions. It relies on a new CPU architecture that is compliant with Intel CET specifications. For applications running on an OS that supports Intel CET, users can expect detailed guidance from our partners on how applications “opt-in” for protection.

Friday, May 15, 2020

SK Telecom shows 5G phone with quantum random number generator

SK Telecom, together with Samsung Electronics and ID Quantique, demonstrated the first 5G smartphone equipped with a quantum random number generator chipset.

The Samsung Galaxy A Quantum with integrated quantum-enhanced cryptography will allow customers to experience advanced security through two-factor authentication for T-ID, biometric authentication-based payment for SK Pay and mobile e-certification service.

“Securing mobiles phones has become a top priority for mobile operators, who are also looking to generate new revenues,” Says GrĂ©goire Ribordy, co-founder and CEO of ID Quantique. “With its compact size and low power consumption, our latest Quantis QRNG chip can be embedded in any smartphone, to ensure trusted authentication and encryption of sensitive information. It will bring a new level of security to the mobile phone industry.”

  • Last year, SK Telecom and ID Quantique were awarded quantum communication network-building projects in the U.S. and Europe (EU), and applied QRNG to SK Telecom’s 5G authentication center (AuC) for the first time in the world. Going forward, SK Telecom will expand its footprint in the quantum security business by integrating QRNGs to more devices and networks.



Tuesday, May 12, 2020

Taiwan-based MediaTek announces 800G MACsec PHY

MediaTek announced its MT3729 800G (400G dual port) MACsec retimer PHY for data centers and cloud infrastructure.

The new device, which integrates MediaTek’s 56G PAM4 SerDes technology, is available as a standalone application-specific standard part (ASSP) or it can be integrated into a network controller chip.  The MT3729 800G PHY is ideal for line cards or switch fabrics in conjunction with network controller application-specific integrated circuits (ASICs) to build multi-terabit network servers, switches and routers. It enables secure data links and highly accurate precision time protocol (PTP) timestamping.

“With our broad portfolio of networking solutions, MediaTek is meeting the growing bandwidth and security needs of modern network infrastructure, including hyper-scale, cloud, service provider and enterprise networks,” said Jerry Yu, MediaTek Corporate Vice President. “Our MT3729 PHY integrates advanced MACsec-based encryption for secure communications and highly accurate PTP timestamping for the latest 5G synchronization requirements, while also giving our customers different integration options for added flexibility.”

The MT3729 packs four different operation modes:

  • Retimer Mode: Built-in signal enforcement technology extends the SerDes connection distance and transmission to the edge for more precise timestamping. 
  • Forward/Reverse Gearbox Mode: Support for bitrate translation between 56G and 28G links enables next generation switches to seamlessly connect with existing infrastructure.
  • MUX/DeMUX Mode: Hitless MUX and broadcast switching meets networking redundancy requirements. 
  • MACsec Mode: IEEE 802.1AE MACsec support enables secure communications with AES-128 and AES-256 encryption from 1G to 400G per port.

The MT3729 PHY supports up to 16 bi-directional links at 56G PAM4, up to 28G NRZ SerDes and 1G SGMII. To meet the stringent 5G infrastructure timing requirements, the MT3729 supports IEEE 1588v2 and SyncE up to Class-C for greater accuracy and more flexibility with timestamping formats.