STE WILLIAMS

Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.

Cybersecurity startups Expanse, Armis, Bitglass, and Tufin announced financial news during a busy week for industry funding, giving a peek into the technology that is top-of-mind for investors.

The security market, expected to grow 8.7% and reach $124 billion in 2019, has been rife with funding activity. Venture capital investments hit a record high of $5.3 billion in 2018, about 20% more than the $4.4 billion in 2018 and 81% higher than in 2016. Experts say this rate of investment is unsustainable; however, security firms will continue to receive funding in 2019 and beyond.

But which ones? It’s tough to predict the security startups that will stick around for the long term. This week helped shed some light on which tech they think has the most potential now.

Let’s start with Expanse, a Bay Area startup formerly called Qadium, which this week announced $70 million in Series C funding. The company indexes global IP addresses with the goal of providing governments and large organizations with visibility into their “global Internet attack surface.” The startup has its roots in government: Co-founders Tim Junio, previously with the CIA, and Matt Kraning met at DARPA, where they first launched the security research lab Qadium that later became Expanse.

Expanse monitors activity linked to more than 400 million public IPs; customers include the US Department of Defense, Department of Energy, CVS, and PayPal. Its latest funding round was led by TPG Growth, with participation from NEA, IVP, Founders Fund, and MSD Capital. It also received investment from Peter Thiel, Arianna Huffington, Taylor Glover, and Sam Palmisano.

Enterprise Internet of Things (IoT) security firm Armis Security snagged $65 million in Series C investment and reported 700% growth in the past year. Founded in 2015, it offers an agentless IoT security tool created to help organizations view and control unmanaged IoT devices. The system monitors devices on the network and analyzes their behaviors to identify risks and potential attacks.

IoT is a growing security concern for businesses, and it seems investors think Armis can help meet their needs. Sequoia Capital led its Series C funding round with participation from Insight Venture Partners and Intermountain Ventures, as well as Bain Capital, Red Dot Capital Partners, and Tenaya Capital as return investors. Its latest round brings Armis’ total funding to $112 million.

Cloud security company Bitglass secured $70 million in Series D funding from new investor Quadrille Capital and current investors Future Fund, New Enterprise Associates (NEA), Norwest, and Singtel Innov8. Its latest round brings total funding to $150.1 million since it was founded in 2013. It plans to leverage the additional funds to continue growing its position within the cloud access security broker (CASB) market.

In other financial news, Tufin Software saw its stock rise more than 30% in its first day of trading. The Israeli security company sold 7.7 million shares priced at $14 each to raise at least $107.8 million at an initial valuation of about $454 million. The money will go toward research and development, as well as adding more people to Tufin’s marketing and sales teams.

Tufin, headquartered in Boston and Tel Aviv, calls itself a security policy company, focused on how businesses manage security and network infrastructure. Its security policy management platform aims to help organizations implement and enforce policies across networks.

Related Content:

• 8 ‘SOC-as-a-Service’ Offerings
• Cloudy with a Chance of Security Breach
• ‘Dragonblood’ Vulnerabilities Seep Into WPA3 Secure Wifi Handshake
• In Security, All Logs Are Not Created Equal 

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/risk/this-week-in-security-funding-where-the-money-went/d/d-id/1334414?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.

At least four major VPN vendors could be enabling attackers to do the very thing VPNs are made to protect against. 

The Cybersecurity and Infrastructure Security Agency issued a warning today after US-CERT reported that multiple VPN vendors store authentication and/or session cookies insecurely in memory and/or log files.

“If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods,” the US-CERT advisory states. “An attacker would then have access to the same applications that the user does through their VPN session.”

US-CERT confirmed that Cisco, Palo Alto Networks, F5 Networks and Pulse Secure products are affected by this vulnerability. However, the issue is repaired in the latest versions of Palo Alto’s products and partly fixed in F5’s.  

Checkpoint and pfSense are unaffected. Status is unknown for over 200 other vendors.

For more information, see here. 

 

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/us-cert-cisa-warn-of-vuln-in-at-least-4-major-vpns/d/d-id/1334413?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Google just announced a new security feature that allows users of Android 7 and later to use their smartphones to authenticate themselves to their Google accounts.

The surprise announcement was buried inside a pile of enterprise-oriented enhancements revealed at Google Cloud Next 2019 in San Francisco on Wednesday.

Released in beta, the feature is designed to protect Google users from phishing attacks. Once enabled, the user logs into their Google account using their username and password as normal before authenticating that their enrolled smartphone is present by clicking on a message that appears on the screen.

It’s identical in principle to using a FIDO USB token such as the YubiKey (or Google’s Titan key equivalent launched last year), except that the smartphone itself becomes the token.

This defeats phishing in the same way a token does because even if attackers get hold of someone’s Google username and password they can’t access the account without also having the smartphone.

Requirements

To use your Android phone (tablets don’t appear to be supported yet) as a security key, you must have a phone running Android version 7.x or later, and you need to turn on Bluetooth.

Your computer must also have Bluetooth, and be running the latest version of the Chrome browser, on a Chrome OS, macOS X or Windows computer.

How to turn it on

From Google’s support blog:

Step 1: Add the security key to your Google Account

1. Turn on 2-Step Verification and add a verification method like Google Prompt.
   • If you already use 2-Step Verification, you can move on.
2. On your Android phone, go to myaccount.google.com/security.
3. Under “Signing in to Google,” select 2-Step Verification. You might need to sign in.
4. Scroll down to “Set up an alternative second step.”
5. Select Add Security Key  Your Android phone  Turn on.

Step 2: Use your Android phone’s built-in security key

1. On your computer, make sure Bluetooth is turned on in your settings or preferences.
2. On your computer, sign in to your Google Account with your username and password.
3. Check your Android phone for a notification.
4. On your Android phone, double-tap the “Are you trying to sign in?” notification.

How does it work?

Google’s blog on the topic is light on technical detail but we can confidently assume this is the predicted marrying of FIDO2 protocols recently added to Android, and the wider WebAuthn authentication standard.

To simplify, browsers supporting WebAuthn communicate securely with the server, in this case, Google’s, verifying their authenticity. The FIDO2 protocol, meanwhile, handles the part where the computer and smartphone communicate to verify that the user has the smartphone present.

The latter works using FIDO2’s Client to Authenticator Protocol (CTAP), which performs the authentication with the smartphone via Bluetooth.

One report from the event also mentions something called “cloud-assisted Bluetooth Low Energy (caBLE)”. It’s not clear what this is although it could be Google’s next addition to the FIDO2 standard that adds additional security checks.

What happens if you lose or don’t have your smartphone? In that case, you’ll either need to have enabled the Authenticator app as a fallback or have a security key (the YubiKey or Titan), or have made a note of the backup security codes Google lets you download and print.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/lIEUpJb4txE/

Photo-sharing website Flickr is trying to combat copyright infringement with a service that spots copies of its users’ images online. The company is partnering with image monitoring company Pixsy to offer the AI-powered feature.

Flickr began offering the service this week, claiming it as a step forward in the fight to protect its members’ rights, stating:

We remain aware of the fact that photo theft is a sad reality of the online world and a major issue for photographers trying to make a living off of their work

It will offer the service to paying members under its Pro subscription. It enables them to monitor up to 1000 images and lets users send 10 DMCA takedown notices for free. The Digital Millennium Copyright Act lets copyright owners send cease and desist letters to people using their content online without permission.

Pixsy scours the internet looking for images that are registered with it, and tries to find a match. The BBC tested the service with mixed results. The AI tool found an image of its reporter Cody Goodwin used in a news story on its site used by 26 other news websites.

However, it also tested a picture of the same reporter in its Los Angeles bureau with the Hollywood sign in the background, and it flagged up an image of (very different person) Stormy Daniels in that studio instead. Apparently, the software still has some work to do.

What if you are not a Flickr Pro user? All is not lost. You can head over to Pixsy and sign up for a free account, which gives you the ability to monitor 500 images without paying a penny. You don’t get the free takedown notices that you get with a Flickr Pro account, though.

Image theft is a big problem

There’s no doubt that image theft is a problem on the internet. A report from rival image copyright enforcement service Copytrack found 2.5 billion unlicensed images shared each day during 2018. The company extrapolates this data by statistically analysing Data from 12,000 of its own users, it explained.

Flickr images were the subject of a report over unauthorized use of another kind just last month.

The company released a data set of 100 million Flickr photos back in 2014 called YFCC100M, including hundreds of thousands of images that showed faces. Then last month, IBM used nearly a million photos from the dataset and shared them with outside researchers as part of a project to increase diversity in facial recognition algorithms.

The problem was that while the photos were all published under a Creative Commons license, the people in the photos had not given permission for their images to be used in facial recognition training, as NBC revealed.

Not just a copyright issue

Photo-owners’ copyright over their images isn’t the only issue here. Unscrupulous types on social media have been known to steal photos from other people’s profiles and pass them off as their own:

• Scammers used Steve Bustin‘s social profile pics to woo women on dating sites, with the aim of swindling them out of cash as their relationships progressed.
• A man lost his job after a picture of “his” son went viral, and he used the picture to direct fans to his CashApp page. Needless to say, the boy’s actual parents were furious about their son’s picture being used “for likes or money”.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/X1BTk2O0qa0/

A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race.

The report is called a joint intelligence bulletin (JIB), and it comes from the Department of Homeland Security and the FBI. It is an unclassified document intended for internal distribution to state and local authorities.

Intelligence newsletter OODA Loop reports that the JIB reveals stronger evidence of Russian interference. Agencies believe that Russian agents targeted more than the 21 states initially suspected.

According to the bulletin:

Russian cyber actors in the summer of 2016 conducted online research and reconnaissance to identify vulnerable databases, usernames, and passwords in webpages of a broader number of state and local websites than previously identified, bringing the number of states known to be researched by Russian actors to greater than 40.

Although there are some gaps in the data, the bulletin claims “moderate confidence” that Russia conducted “at least reconnaissance” against all US states because its research was so methodical, it added.

Russia’s cyberspace election meddling played out between June and October 2016, with most activity occurring in July, the JIB said. They researched election-related websites and information in at least 39 states or territories, with Secretary of State websites drawing the most attention. They proceeded alphabetically through the states “with some exceptions”, although OODA Loop doesn’t say what they were.

The agency also went beyond mere reconnaissance, though. According to the bulletin, they regularly tried to find vulnerabilities in SQL databases behind state election websites. They were able to access voter registration files in one place, and a sample ballot from a US county website in another.

The bulletin builds on previous joint work done by the two agencies. The most detailed was a joint analysis report released in December 2016 that identified two Russian groups interfering in the 2016 election.

The first was Advanced Persistent Threat (APT) 29, which entered the fray in 2015, while the second, APT28 (also known as Fancy Bear), entered in spring 2016. Both of these groups used spearphishing attacks to distribute malware. The 2016 attack resulted in the Democratic National Committee hack that saw senior party members’ emails distributed online.

A subsequent indictment of several Russian military officers as part of the Mueller investigation into Russian election interference surfaced more details. These included the theft of data on around 500,000 voters from an unnamed state’s board of elections. They took names, addresses, partial Social Security numbers, dates of birth, and driving license numbers.

The news comes as the US Senate considers a bill calling for sanctions on any country found meddling in US elections. The Defending Collections from Threats by Establishing Redlines (DETER) bill calls for the US Director of National Intelligence to compile reports on any foreign interference within 60 days of the election. It particularly calls out Russia, singling out its financial institutions for economic sanctions should it be caught interfering in the US election.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/It7h5-HdfAQ/

Julian Assange, founder of whistleblowing organisation WikiLeaks (or co-founder, depending on whom you ask) , and arguably Ecuador’s most famous Londoner (or infamous, depending on whom you ask), is in custody following his arrest yesterday.

Assange rose to fame by leaking secret government documents that the WikiLeaks organisation acquired from a wide range of sources.

The best-known WikiLeaks exposé is probably Cablegate, a massive dump of US State Department diplomatic cables exfiltrated by junior US soldier Bradley Manning, now Chelsea Manning, who was arrested in 2010 for making off with some 30 years’ worth of confidential US data.

Manning apparently burned the data to a rewritable CD, pretending she was listening to Lady Gaga tunes from the CD while writing hundreds of thousands of diplomatic cables onto it.

Amazingly, one person – and a soldier with the rank of Private, at that – was able to copy everything without triggering any sort of “data access overload” warning at any point.

For her part in that leak, Manning received a whopping 35-year prison sentence, ultimately serving seven years before being released by then-President Barack Obama at the end of his term in office.

Assange, however, remained free, after a fashion, until yesterday afternoon, when he was arrested by police in London.

In principle, and in law, say Assange’s supporters, journalists are allowed to publish data that’s in the public interest, even if it was illegally acquired, and are allowed – nay, required, or else who would ever blow the whistle again? – to protect their sources, even if they know those sources are crooks.

Journalists aren’t supposed to break the law themselves to get hold of leaks, for the simple reason that breaking the law is illegal, and they aren’t supposed to collude with crooks to organise for leaks to happen, but it’s OK to report on important information that comes their way otherwise.

That’s an important principle, say supporters of a free press, because it serves the public interest and helps to prevent rogues and rotters in high places from sweeping their sneaky shenanigans under the carpet every time.

At the same time, keeping a degree of separation between journalists and their sources avoids offering journalists a blank cheque to break the law knowing that as long as they find something, anything, before they get caught, they can turn it into a “get out of jail free card” by claiming to have acted for the greater good.

(Think of the distiction between receiving leaks indirectly and actively going after them yourself as the difference between writing about a political intrigue that was exposed in a hacked voicemail that was sent to you anonymously, and hacking into a politician’s voicemail yourself in the hope of exposing an intrigue.)

Inside the embassy

Where Assange’s case gets fascinating is that, when arrested yesterday, he was actually inside the Ecuadorean embassy in London.

Assange had been living in this “virtual Ecuador” since 2012, when he jumped bail to avoid being extradited to Sweden to face a criminal investigation into allegations of sexual assault.

Technically, the Ecuadorean embassy isn’t actually part of Ecuador – there’s no formal land border at the door, and the space occupied by the embassy hasn’t been ceded in a treaty by the UK.

Indeed, ceding the territory would be almost unspeakably complicated, given that it’s a first floor flat (or a second story apartment in American English) in an upmarket Kensington residential block.

Nevertheless, by international agreement, police from the host country generally leave diplomatic premises alone, and don’t exercise their right of entry to effect an arrest except in very special and unusual cases.

That was the sort of protection from arrest that Assange had enjoyed, until yesterday, inside the Ecuadorean embassy.

Assange and his followers had successfully argued that if he were extradited from the UK to Sweden to answer his sex offence charges, he would then be almost certainly be extradited a second time to the US to face charges related to his data-leaking activities, which would be unthinkable – he might even, they said, face the death penalty.

So Ecuador granted him asylum and with it permission to stay in the London embassy, where Ecuador would refuse to allow UK police to come in and nab him for failing to face the music in court over those Swedish sex crime allegations.

Complicated!

No way out

In a bigger embassy, Assange might have been better off because he could have got into a diplomatic vehicle on the embassy property, and then been driven out of the embassy, and perhaps even have left the country, under what would amount to continuous diplomatic protection.

But the London embassy of Ecuador is a flat that’s above ground level, so he’d need to have left the embassy proper and walked through plain old London to reach the street or the car park and get into a diplomatic car.

Until 2015, a regular police patrol that was maintained around the flat would almost certainly have nabbed him, so he didn’t try to get out.

Ater 2015 he stayed put, perhaps because the Ecuadoreans weren’t willing to create a diplomatic incident by knowingly letting him out of their diplomatic protection, even briefly, without informing their British hosts.

Anyway, that all ended yesterday when Ecuador withdrew his asylum, thus presumably removing any special claim he might have for ongoing diplomatic protection from arrest, and calmly invited in the UK police to arrest him for skipping bail back in 2012.

According to reports he was whisked off to court and tried for the bail-jumping offence, where he pleaded not guilty but was convicted by the magistrate and remanded in custody to await sentencing.

Apparently, he can expect a fine or a prison sentence up to a year.

He was also arrested a second time, this time for what he’s always said he was afraid of in Sweden – to face extradition to the US.

So, after seven years holed up in the Ecuadorean embassy – he was even granted citizenship during his stay – he’s now facing extradition anyway.

A hacker, not a spy

The silver lining for Assange is that he’s not wanted on charges of publishing leaked US data, something that the US Bill of Rights seems to consider constitutionally protected.

Very simply put, he’s wanted on hacking charges that could get him up to five years in prison if convicted, for allegedly conspiring with Chelsea Manning to crack passwords and break into accounts in order to make the Cablegate leak happen.

Sadly for Manning, she’s back in custody for refusing to testify against Assange at a recent hearing in the US – a hearing that has acquired a lot more significance since yesterday.

Fascinating stuff – and you simply couldn’t make it up.

Hurry up and wait

Ironically, Assange is now stuck in a UK lockup, remanded in custody to await sentencing on his bail conviction and to face his new extradition hearing.

There’s also a chance that Sweden might ask for him once again – he evaded some of the allegations he was facing there because the Swedes ran out of time to charge him, but a more serious allegation remains that the Swedes can apparently prosecute until 2020, when it too will drop off the radar.

If Assange fights US extradition as hard as you might expect him to, he could spend years more locked up even if he eventually gets off – the chance that the UK judiciary might grant him bail again feels vanishingly small given the disappearing act he pulled last time.

Gary McKinnon, a UK resident wanted in the US on hacking charges dating back to 2001 – offences that he actually admitted – went through 10 years of legal hearings before being told he wouldn’t be sent to the US, on the grounds that he was seriously ill.

Lauri Love, a UK hacktivist wanted in the US for alleged hacking crimes committed in 2012 and 2013, went through nearly five years of court wrangling to avoid extradition, but may yet face trial in the UK instead.

It almost feels as though Assange would gain his freedom fastest by getting to the US as quickly as he can of his own accord, doing some plea bargaining and avoiding a trial, serving his time and then letting himself be deported to Australia or Ecuador, being a citizen of both countries.

Somehow, we don’t see that happening.

What do you think? Sex crime fugitive or information freedom fighter? Journalist or cybercrook? Radical or rotter?

---

Featured image courtesy of Wikipedia.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/rn7tpuQFQr8/

A US official has repeated his country’s threats against its allies over Huawei – stating that the US’s goal is a process that leads “inevitably to the banning” of the Chinese company’s products.

“We have encouraged countries to adopt risk-based security frameworks,” said Robert Strayer, speaking on a call with the world’s press on Wednesday, expressing the hope that such frameworks would “lead inevitably” to bans on Huawei.

Strayer, who is the American foreign ministry’s deputy assistant secretary for Cyber and International Communications and Information Policy, told journalists that his country may withdraw some co-operations with its allies on security matters if they install Huawei equipment on internet and phone networks.

“The most fundamental security standard, really, is that you cannot have this extrajudicial, non-rule of law-compliant process where a government can tell its companies to do something,” Strayer told the Bloomberg newswire. This appears to be a reference to China’s National Intelligence Law, which forces companies to co-operate with the nation’s spy agencies, which in substance is no different from Western laws mandating the same thing.

The US’s main fear appears to be that China will soon be in a position to exercise the same sort of global surveillance that the US does through its dominance of the worldwide tech sector, challenging American hegemony.

Bloomberg also reported that the French parliament is considering a bill that would, in effect, replicate Britain’s Huawei Cyber Security Evaluation Centre part-run by spies from eavesdropping agency GCHQ. HCSEC, also known as The Cell, inspects Huawei source code for evidence of state backdoors. The Chinese company has come under increasing fire from the British state for the pisspoor state of its software development processes.

America’s allies have varied in their responses to the country’s call for a ban. Australia, its closest Pacific ally, has enthusiastically taken up the cudgel. Germany, meanwhile, has pointedly chosen to do its own thing, taking the EU along with it on that path. ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/04/12/us_huawei_security_threats/

Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.

The forecast calls for clouds, and they show no signs of clearing up. Cloud platforms are everywhere. In fact, IDG’s 2018 Cloud Computing Study showed 73% of all businesses have placed at least one application or part of their infrastructure in the cloud. The public cloud space is particularly hot at the moment as Google moves to aggressively compete with Microsoft and Amazon.

Digital transformation has been the primary catalyst for this explosion. Typically, cloud adoption starts when some workloads are moved to public providers — usually, development and test environments that are less critical. After a while, noncritical applications might migrate over, followed by storage — files and databases — and then, bigger deployments.

The public cloud is attractive because underlying parts of the infrastructure and orchestration procedures hosting the application components are fully managed and mostly hidden — such as network functions, Internet access, security, storage, servers, and computing virtualization. Everything is easily configurable through a simple user interface or an API. Security is enforced by using private networks isolated from Internet… or is it?

Information on private networks hosted in a public cloud is not safe. This is because private networks, even without access to the Internet, are still able to communicate with it via DNS. Most of the time, no specific configuration is required to get full DNS access from the workloads pushed onto public cloud infrastructures. As a result, DNS tunneling, DNS file systems, and data exfiltration are possible on most public cloud providers by default. It is not a security flaw; it’s a feature that’s built-in on purpose, mainly to help workloads that need to access cloud serverless services to ease the digital transformation. This opens up any business to a wide range of possible data leaks.

Four of the most likely scenarios are as follows:

1. Malicious code is inserted into the back end to perform DNS resolution to extract data. Typically, access is gained through standard methods (such as SQL injection, heap overflow, known vulnerability, and unsecured API) from outside the organization.

2. Malicious code is inserted into a widely used library so that it affects all users (such as a supply chain attack) regardless of the language (such as Java, Python, and Node.js).

3. People inside an enterprise who have access to a host can modify/install/develop an application that uses DNS to perform a malicious operation (contact command and control, push data, or get malware content).

4. A developer inserts specific code that doesn’t require a change in the infrastructure and that uses DNS to extract production data, events, or account information. The code will pass the quality gates of the continuous integration and testing part and be automatically deployed to production.  

So, what can an organization do — especially when it is deploying multitiered applications on multiple cloud services?

First, a private DNS service should be deployed for any business information stored on a private network hosted in public cloud, even if it’s temporary. A private DNS service will allow you to filter what is accessible and what should not be. It will allow you to also regularly audit cloud architecture which is now mandatory in any public cloud environment. This requires specific identifying cloud patterns that are new to most systems and network architects. Most workloads don’t require full access to the Internet. But sometimes, it’s necessary — for example, when a DevOps team needs to update the infrastructure, installation packages, or dependencies because it simplifies the deployment phase. Businesses can approach this by designing an “immutable infrastructure” with prebuilt images, private networks, and controlled communication inbound and outbound. They should also perform testing phases, especially since options of cloud providers may change without being integrated.

Second, cloud providers propose private networking solutions to deploy internal resources and back-end services (e.g., databases, file storage, specific computation, back-office management). This addresses security and regulatory concerns like data protection (e.g., GDPR), data ciphering, or simply to stop parts of an application from being exposed directly to the Internet. All good practice. However, a better practice is to deploy computational back-end resources on subnets or networks not connected to the Internet, and that can only be reached by known sources. Then, filtering rules can be enforced to restrict access and comply with security policies.  

Finally, ensure there is a flexible DDI (DNS-DHCP-IPAM) solution integrated into the cloud orchestrator to make the configuration easier. DDI will automatically push appropriate records in the configuration once the service is enabled. This will not only bring considerable time savings to your organization, but it will also enforce policies to help secure public cloud deployments.

Moving applications to either a public or private cloud is inevitable. And as businesses continue to transform themselves, cloud usage will tag along on the journey. But businesses need to be aware that the public cloud isn’t infallible when it comes to security, and must not assume that every angle is covered. Otherwise, the convenience of the cloud will turn into an inconvenience for your data.

Related Content:

• 8 Tips for Monitoring Cloud Security
• Under Attack: Over Half of SMBs Breached Last Year
• On Norman Castles and the Internet
• The 12 Worst Serverless Security Risks

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

 

Ronan David is Chief Marketing Officer and Vice President of Business Development for EfficientIP. He is responsible for the global marketing activities and strategic alliances for a leading provider of network security and automation solutions … View Full Bio

Article source: https://www.darkreading.com/cloud/cloudy-with-a-chance-of-security-breach-/a/d-id/1334354?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.

The UK’s Home Office has issued an apology to hundreds of EU citizens after accidentally sharing their private email addresses.

All victims were applying for “settled status” in the UK as part of a new program launched last June. EU citizens who have been in the UK for a minimum of five years are able to receive settled status, a designation that would let them live and work there after Brexit. The Home Office reports more than 400,000 EU nationals have applied; this incident affects 240 of them.

On April 7, the Home Office sent an email to some applications requesting they resend information – but it didn’t check “BCC,” exposing contact info for applicants in the email.

Upon recognizing the mistake, the Home Office sent an email apologizing to affected applicants and requesting they delete the original email. It also said it had improved systems to prevent a similar mistake from happening in the future. Still, some critics say the process to obtain settled status has proved tedious; others express distrust in the Home Office’s ability to handle data.

“We’ve already heard far too many cases of EU citizens facing technical problems or being wrongly refused,” said Ed Davey, home affairs spokesman for the Liberal Democrats, to the Financial Times. “Now 240 have had their privacy compromised.”

This is the second time Home Office has apologized for data misuse in recent days. Earlier this week, it confirmed people and organizations listed as having interest in the Windrush scandal compensation scheme were sent emails with email addresses of other interested parties.

Read more details here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/home-office-apologizes-for-eu-citizen-data-exposure/d/d-id/1334409?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.

Image Source: Adobe Stock: tonsnoei

At the RSA Conference in San Francisco last month, several vendors were on hand touting security operations center (SOC)-as-a-service.

But Anton Chuvakin, distinguished vice president and analyst at Gartner, summarily dismisses the term as vendor hype. He says he was first intrigued when pointed to the websites of several companies that market SOC-as-a-service. So Chuvakin took an informal poll of Gartner security analysts and found each thought SOC-as-a-service was either vendor hype or another way of positioning a managed security service provider (MSSP) or managed detection and response (MDR) services.

“My mini-research here on SOC-as-a-service confirmed what I told you: There is no such well-defined technology or market,” Chuvakin says.

Interestingly, vendors offering SOC-as-a-service echoed the same sentiment: Traditional security information and event management (SIEM) systems create too much noise, and companies are left figuring out what all of the alerts mean. In addition, the industry had to do more to help enterprises figure out what the alerts mean, prioritize what they need to focus on, and help them create a plan to improve over time.

Christina Richmond, a principal analyst at the Enterprise Strategy Group, says she has seen two types of companies that offer this. The first uses a SaaS-based – usually multitenant – approach that focuses on monitoring/alerting in a cloud environment. The second type is a consulting-based company that builds a SOC on behalf of the client and then runs it. But Richmond sees the SaaS-based model as the one that has caught on in the market.

“I do think this is a niche and a ‘feature’ of the [MSSP] market, but I wouldn’t call it a buzzword,” Richmond says. “The feature is that it’s more hands-off, providing automated detect/alert capabilities.”

Most of these vendors have people monitoring security alerts and information, she says. “Will it become a full part of the [managed security services] market? Likely,” Richmond says. “Some of the reason that this feature is useful is that it provides a platform for machine learning and algorithmic detection in the cloud environment.”

SOC-as-a-service offerings may well become just another element of the managed security services sector in the end, but the concept resonates for many organizations that don’t have or can’t afford to build their own SOCs. According to recent ESG research, 53% of enterprises report a problematic shortage of cybersecurity skills at their organizations.

Check out these eight companies touting SOC-as-a-service, and let us know what you think in the Comments section.

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: https://www.darkreading.com/cloud/8-soc-as-a-service-offerings-/d/d-id/1334398?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple