Tag Archives: Protection

My latest Gartner research: Forecast Snapshot: Endpoint Detection and Response, Worldwide, 2017

3 March 2017  |  The EDR market will present large opportunities and grow at a CAGR of 45.27% from 2015 through 2020, dwarfing overall IT security and endpoint protection growth rates. Buyer demand for improved detection and response to augment failing protection methods are fueling growth….

Gartner clients can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Feds primary network security weapon needs more bang

www.networkworld.com/article/3027635/security/dhs-gao-feds-primary-network-security-weapon-needs-more-bang.html By Michael Cooney Layer 8 Network World Jan 28, 2016 In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth. That weapon – the Department of Homeland Security’s (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over. The threat is obvious


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 8 out of 10 mobile health apps open to HIPAA violations, hacking, data theft

www.healthcareitnews.com/news/8-out-10-mobile-health-apps-open-hipaa-violations-hacking-data-theft By Bill Siwicki Healthcare IT News January 13, 2016 A new report shows 84 percent of U.S. FDA-approved health apps tested by IT security vendor Arxan Technologies did not adequately address at least two of the Open Web Application Security Project top 10 risks. Most health apps are susceptible to code tampering and reverse-engineering, two of the most common hacking techniques, the report found. Ninety-five percent of the FDA-approved apps lack binary protection and have insufficient transport layer protection, leaving them open to hacks that could result in privacy violations, theft of personal health information, as well as device tampering and patient safety issues. The new research from Arxan, which this year placed special emphasis on mobile health apps, was based on analysis of 126 popular health and finance apps from the United States. United Kingdom, Germany and Japan. There is a disparity between consumer confidence and the attention given to security by app developers, the study found. While the majority of app users and app executives said they believe their apps are secure, nearly all apps Arxan assessed proved to be vulnerable […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] US Homeland Security wants heavy-duty IoT protection

www.networkworld.com/article/3014438/security/us-homeland-security-wants-heavy-duty-iot-protection.html By Michael Cooney LAYER 8 Network World Dec 11, 2015 The diversity and capabilities as well as a lack of security found in the multitude of devices in the Internet of Things world is making people at the US Department of Homeland Security more than a little concerned. This week it put out a call for “novel ideas and technologies to improve situational awareness and security measures for protecting IoT domains, as well as technologies that will help DHS operational and support components gain comprehensive and near continuous knowledge of IoT components and systems that affect their operations and assets.” By using the Internet and its various connection mediums (e.g., Bluetooth, Wi-Fi, serial interface, wireless), any IoT system can be connected to any other device on the Internet. This level of connectivity opens tremendous opportunities for the capabilities of IoT-based systems, but also allows every node, device, data source, communication link, controller and data repository attached to IoT to serve as a security threat and be exposed to security threats. Therefore, any IoT system’s security is limited to the security level of its least secure component, the DHS stated. IoT security efforts are further complicated by IoT’s convergence of physical components and the virtual information flows and connections of IoT. Therefore, DHS stated, in addition to the typical vulnerabilities of IT systems, IoT enabled systems create additional security concerns because IoT domains are:autonomous and control other autonomous systems; highly mobile and/or widely distributed; and are vulnerable to physical and virtual threats. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] DHS Contract Expands Anti-Hacker EINSTEIN Protection to Every Agency

www.nextgov.com/cybersecurity/2015/12/dhs-contract-expands-anti-hacker-einstein-protection-every-agency/124308/ By Aliya Sternstein Nextgov.com December 8, 2015 Internet Service Provider CenturyLink has won a multiyear contract worth up to $10.8 million dollars to fill gaps in a governmentwide firewall, according to the Department of Homeland Security. The deal was inked to complete a goal of making so-called EINSTEIN 3A network protections available to all civilian agencies by Dec. 31, a DHS official told Nextgov on Tuesday. It also conforms to a sweeping cyber shape-up plan the White House launched in October, following an Office of Personnel Management hack that exposed background check records on 21.5 million Americans applying for access to classified materials and their families. Right now, EINSTEIN 3A’s intrusion-blocking services are only offered to agencies receiving telecommunications services from CenturyLink, AT&T or Verizon. Agencies that connect to the Internet through Sprint, Level 3 or other providers are not protected. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hello Barbie controversy re-ignited with insecurity claims

www.theregister.co.uk/2015/11/29/hello_barbie_controversy_reignited_with_insecurity_claims/ By Richard Chirgwin The Register 29 Nov 2015 Back in February, The Register queried the security and privacy implications of Mattel’s “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy. After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski (formerly of Trustwave’s SpiderLabs) reignited it by extracting Wi-Fi network names, account IDs, and MP3 files from the toy. That brought a defensive response from Oren Jacob, CEO of ToyTalk (which provides the cloud processing chunk of Hello Barbie). He called Jakubowski an “enthusiastic researcher”, said the data is “already available” to customers, and “no major security or privacy protections have been compromised”. While it’s probably easier to get an SSID by standing outside a house and letting it pop up on your phone’s Wi-Fi connection list, an account ID is another matter, since all an attacker needs is to get a password and they have access to the Hello Barbie account. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Pacific trade deal takes aim at Chinese hacking

www.ft.com/intl/cms/s/0/89a0137a-82b1-11e5-8095-ed1a37d1e096.html By Shawn Donnan in Washington FT.com November 4, 2015 Pacific Rim countries will be required to criminalise hacking attacks on companies under a new regional trade pact that shows Washington’s determination to clamp down on Chinese cyber theft and ban new forms of digital protectionism. The US, Japan and 10 other economies concluded five years of negotiations last month on the Trans-Pacific Partnership, covering roughly 40 per cent of the global economy. Although the pact does not include China, US officials are selling the TPP as a crucial component in Washington’s efforts to write the rules of the global economy before Beijing can. The deal will reduce trade barriers on everything from beef and dairy products to textiles, with new standards for environmental protection, investment disputes and the behaviour of state-owned enterprises. The TPP agreement — details of which will be released as soon as Thursday — will also include new rules governing the free flow of data, privacy and cyber security, showing how the US intends to use a trade deal to set new benchmarks that it hopes will become global standards. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Even DHS Doesn’t Want the Power It Would Get Under CISA

www.defenseone.com/threats/2015/10/even-dhs-doesnt-want-power-it-would-get-under-cisa/123015/ By PATRICK TUCKER defenseone.com OCTOBER 21, 2015 The Senate is currently debating a bill to give Department of Homeland Security unprecedented access to personal information, a measure intended to help to protect the nation from cyber attacks. Yes, that DHS, whose director had his Comcast account hacked yesterday. Even stranger: DHS doesn’t even want the power it would be granted. The bill is the Cyber Information Sharing Act, or CISA. It would give companies legal immunity to send DHS a broad range of information about the users of their websites. DHS would then be allowed to speed that (nominally anonymized) information along to the NSA, DoD, FBI, the FCC or other bodies. Through a byzantine series of twists and turns, that could potentially include foreign militaries. In July, DHS officials pointed out various problems with CISA in a seven-page memo. They argued, among other things, that the bill “could sweep away important privacy protections, particularly the provisions in the Stored Communications Act limiting the disclosure of the content of electronic communications to the government by certain providers.” But hey, what’s a little privacy loss in the name of better security? Unfortunately, according to DHS’s memo, CISA fails there, too. “These provisions would undermine the policy goals that were thoughtfully constructed to maximize privacy and accuracy of information, and to provide the NCCIC with the situational awareness we need to better serve the nation’s cybersecurity needs,” it said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail