Tag Archives: come

My latest Gartner Research: SWOT: Palo Alto Networks, Network Security, Worldwide

While growing commoditization and execution issues led to some sustainable growth setbacks in 2016, Palo Alto Networks is well-placed to become the largest firewall provider. Technology product management leaders should further strengthen management capabilities and prioritize firmware releases….

Gartner clients can read this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Random numbers aren’t, says infosec boffin

http://www.theregister.co.uk/2015/08/11/your_numbers_arent_random_says_infosec_boffin/ By Richard Chirgwin The Register 11 Aug 2015 The randomness (or rather, lack thereof) of pseudo-random number generators (PRNGs) is a persistent pain for those who work at the low layers of cryptography. Security researcher Bruce Potter, whose activity in the field stretches back more than a decade, when he demonstrated war-driving using Bluetooth, says problems both in design and implementation undermine the effectiveness of common crypto libraries. Now Potter’s work (his BlackHat presentation is here [PDF]) has led to the claim that nobody really understands what’s going on. Part of the problem, he writes, is that people tend to conflate “entropy” with “randomness”, when in fact the two mean different things: entropy is a measurement of the uncertainty of an outcome, while randomness is a long-term assessment of entropy. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Intel Assessment: Weak Response to Breaches Will Lead to More Cyber Attacks

http://freebeacon.com/national-security/intel-assessment-obama-admin-response-to-cyber-encourages-more-attacks/ By Bill Gertz Follow @BillGertz Washington Free Beacon July 28, 2015 The United States will continue to suffer increasingly damaging cyber attacks against both government and private sector networks as long as there is no significant response, according to a recent U.S. intelligence community assessment. Disclosure of the intelligence assessment, an analytical consensus of 16 U.S. spy agencies, comes as the Obama administration is debating how to respond to a major cyber attack against the Office of Personnel Management. Sensitive records on 22.1 million federal workers, including millions cleared for access to secrets, were stolen by hackers linked to China’s government. U.S. officials familiar with the classified cyber assessment discussed its central conclusion but did not provide details. Spokesmen for the White House and office of the director of national intelligence declined to comment. Recent comments by President Obama and senior military and security officials, however, reflect the intelligence assessment. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Smartwatches a new frontier for cyber attack, HP study shows

http://www.computerweekly.com/news/4500250398/Smartwatches-a-new-frontier-for-cyber-attack-HP-study-shows By Warwick Ashford Security Editor ComputerWeekly.com 23 Jul 2015 Smartwatches with network and communication functionality represent a new and open frontier for cyber attack, according to a study by HP Fortify. The study revealed that 100% of the tested smartwatches contained significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns. The study report entitled Internet of things security study: Smartwatches makes recommendations for secure smartwatch development and use in home and work environments. As the internet of things (IoT) market advances and smartwatches become more mainstream, they will increasingly store more sensitive information, such as health data, the report said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GAO: Early look at fed’s ‘Einstein 3’ security weapon finds challenges

http://www.networkworld.com/article/2946040/security0/gao-early-look-at-feds-einstein-3-security-weapon-finds-challenges.html By Michael Cooney Network World July 9, 2015 When it comes to the government protecting all manner of state and personal information, the feds can use all the help it can get. One of the most effective tools the government has is the National Cybersecurity Protection System (NCPS), known as “EINSTEIN.” In a nutshell EINSTEIN is a suite of technologies intended to detect and prevent malicious network traffic from entering and exiting federal civilian government networks. The Government Accountability Office has been tracking EINSTEIN’s implementation since about 2010 and will later this year issue an update on the status of the system. But this week, it included some details of its report in an update on the state of federal security systems, and all is not well. Preliminary EINSTEIN observations from the GAO: •The Department of Homeland Security [which administers EINSTEIN] appears to have developed and deployed aspects of the intrusion detection and intrusion prevention capabilities, but potential weaknesses may limit their ability to detect and prevent computer intrusions. For example, NCPS detects signature anomalies using only one of three detection methodologies identified by NIST: signature-based, anomaly-based, and stateful protocol analysis. Further, the system has the ability to prevent intrusions, but is currently only able to proactively mitigate threats across a limited subset of network traffic (i.e., Domain Name System traffic and e-mail). […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Encryption Hinders Investigations: FBI Chief

http://www.informationweek.com/mobile/mobile-devices/encryption-hinders-investigations-fbi-chief/d/d-id/1321231 By Thomas Claburn Informationweek.com July 8, 2015 FBI Director James Comey appeared before the Senate Judiciary Committee on Wednesday to argue for legal support to weaken strong encryption, which he claims obstructs criminal investigations. The title of the hearing, “Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy,” borrows Comey’s characterization of encryption as way to conceal evidence of criminal acts. “We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet, or a laptop—evidence that may be the difference between an offender being convicted or acquitted,” said Comey and Sally Quillian Yates, US Deputy Attorney General, in joint prepared remarks. “If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders.” The concerns of Comey and Yates were echoed by Cyrus Vance Jr., District Attorney for New York County, who complained about the device encryption deployed by Apple and Google last fall. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Pentagon Contractors Rank Below Retailers and Banks When it Comes to Cybersecurity

http://www.nextgov.com/cybersecurity/2015/07/pentagon-contractors-ranked-below-retailers-and-banks-when-it-comes-cybersecurity/116899/ By Aliya Sternstein Nextgov.com July 5, 2015 After revelations that a compromised contractor login abetted a grandiose breach of federal employees’ background investigations, now comes word that Defense Department suppliers score below hacked retailers when it comes to cyber defense. The new industry-developed cyber rankings


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Overcoming paralysis – why financial services organisations have to race to update their Windows Server strategy

http://www.bobsguide.com/guide/news/2015/Jul/6/overcoming-paralysis-why-financial-services-organisations-have-to-race-to-update-their-windows-server-strategy.html By Dave Foreman, ECS, Practice Director Bob’s Guide July 6, 2015 Most of the technical support teams we work with know their Microsoft Server operating system inside out and have hardly lifted their phone to call Microsoft support in years. But this well-oiled machine is about to become IT departments’ biggest headache. With the end of Microsoft’s support for Server 2003 on July 14th 2015, migration from this rather old operating system has escalated from being a niggling worry to a high-risk agenda item. Only a handful of businesses have started their migration and even they will have to rely on Microsoft extended support. But this is not a cost-effective or risk-free option in the long term. At some point a new vulnerability in the operating system will be discovered and exploited; businesses will be exposed and the regulators will have a stronger case for non-compliance. According to the credit card industry’s PCI Security Council standards, if an unsupported operating system is Internet-facing, it will be logged as an automatic compliance failure. CIOs are caught between a rock and a hard place. Nobody wants to be caught in a position where they have to answer tough questions about plans to meet compliance and mitigate risk. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail