STE WILLIAMS

FaceTime bug, eavesdropping and digital snooping – what to do? [VIDEO]

In this week’s Naked Security Live video, we look at a recently reported “snooping” bug in Apple’s FaceTime app.

While your phone was ringing, but before you picked up, a caller could trick the app into making your microphone live.

In other words, a malicious caller might have been able to hear you before you realised you were part of the call. (And who hasn’t greeted an incoming call with a comment or three about the person on the other end first, eh?)

We explain how we think the bug ended up in Apple’s code, and advise you what to do if you’re concerned about any other microphone-equipped devices in your home.

(Watch directly on YouTube if the video won’t play here.)

PS. Like the shirt in the video? They’re available at: https://shop.sophos.com/

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/U9hi13fAzEc/

  • 01/02/2019
  • adm

Bringing the Houzz down: Home design website tells users to reset passwords after copping to breach

Home improvement website Houzz has urged users to reset their passwords after an “unauthorised third party” made off with a file containing customer data.

The Californian biz, founded in 2009 and valued at almost $4bn in 2017, is a bartering marketplace and, er, ideas platform for interior designers, architects, traders and home owners.

It said it discovered the incident in “late December” and had been working with “a leading forensics firm” since then.

An email to customers, sent in the early hours of 1 February UK time, stated: “Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party.”

It offered no further details of how the incident occurred, and a separate FAQ on its website added little more, saying only: “Our security team has a number of ways to learn about potential security vulnerabilities, including our own active methods and third-party reporting. The investigation is ongoing.”

Neither did the firm disclose how many users had been affected. It said not all had been exposed, but “out of an abundance of caution” it had notified all those who might have been. We’ve asked Houzz for more details. It claims to have “40 million homeowners, home design enthusiasts and home improvement professionals” signed up.

The email seen by The Register said that it did not “believe” that the recipient’s password was compromised, but recommended resetting it as a precaution.

However, Houzz did say that one-way encrypted passwords, salted uniquely per user, could have been leaked along with user ID, prior Houzz usernames, IP address, and city and postcodes inferred from IP addresses.

Houzz data breach email screenshot

Houzz email, received at 1:25am (GMT) Friday 1 February. Click to enlarge

Other deets that the miscreant(s) may have access to included some publicly available account information, such as current Houzz username and – if the user logs in through Facebook – that person’s public Facebook ID.

This is in addition to further “internal identifiers and fields” that Houzz said confidently would “have no discernible meaning to anyone outside of Houzz”. As examples in this category it gave “country of site used, whether a user has a profile image”.

Info a person made public on the Houzz site, such as their name and city or state location, is also listed as at risk.

But the company emphasised that social security numbers, payment cards, bank account and other financial details were not affected. It said it was “highly unlikely that your identity could be stolen as a result”.

Houzz was this week reported to have laid off 110 people in the UK and Germany, and 70 in the US – from a total staff of just 1,800 – possibly ahead of a much speculated IPO.

The firm said it had contacted law enforcement authorities. We have contacted the UK’s data protection watchdog, the Information Commissioner’s Office, to confirm that. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/02/01/houzz_data_breach/

  • 01/02/2019
  • adm

UK spy overseer: Snooper’s Charter cockups are still getting innocents arrested

Police employees who make typos in warrants to use Snooper’s Charter spy powers are still getting innocent people arrested, the Investigatory Powers Commissioner’s delayed annual report has revealed.

Of the 18 “error investigations” carried out by the Investigatory Powers Commissioner’s Office (IPCO) into the misuse of legal snooping powers by State agencies, the vast majority of wrongful police raids and arrests came about because police workers transposed vital data (such as dates, times or IP addresses) or even made careless typos when writing out applications for search warrants.

These blunders led to innocent people being arrested and accused by police of the most vile crimes – people such as Nigel Lang, whose life was blighted for two years after a typo led a police raid, wholly wrongly, to his home on suspicion that he was a paedophile.

Lang’s case was mentioned in an anonymised form in IPCO’s delayed 2017 report which was laid before Parliament yesterday. Hertfordshire Police later confessed they added a digit to an IP address by mistake, leading them to wrongly identify Lang and send South Yorkshire Police, his local force, after him. Herts paid £60,000 in compensation once Lang identified who was responsible.

Generally, everything’s OK

As well as keeping an eye on police uses of the Snooper’s Charter (perhaps better known nowadays as the Investigatory Powers Act), IPCO also oversees MI5, MI6, local councils, fire and ambulance services, and a whole host of other State bodies who have the legal right to spy on your phonecalls and internet use.

Encouragingly, Lord Justice Adrian Fulford, the Investigatory Powers Commissioner, found that “many local authorities are using their directed surveillance powers less frequently than a decade ago” and that most fire brigades and ambulance services weren’t doing any snooping at all.

However, Hammersmith Council wins the inglorious title of “Britain’s Creepiest Council” from The Register after applying to get its greasy fingers on an average of 79 pieces of communications data about local residents it decided to target.

While IPCO criticised GCHQ for not always setting out “the scale of the planned surveillance sufficiently and therefore the likely level of intrusion” in its surveillance warrants, and also raised questions about the use of “parties acting on GCHQ’s behalf” (ie, contractors doing work for the agency), it praised the agency for later cleaning up its act and “providing a succinct summary of the relevant considerations”.

MI5, on the other hand, had a tendency to use “boilerplate text in applications”, according to IPCO, rather than making each application for surveillance on its merits.

Government hackers and bug-planters broke the law 83 times during 2017-18 while carrying out “property interference”, IPCO found.

In light of recent concern about police deploying uncontrolled facial recognition technology, IPCO offered little comfort, however, with Lord Justice Fulford writing: “There has been some recent controversy regarding the use of facial software by police forces. I oversee any conduct that requires surveillance authorisation, but neither Parliament nor the courts have yet established a framework against which to judge this particular activity.”

On the whole, most of the cases where surveillance had not complied with the law and IPSO itself had investigated were caused by human error – though some were most definitely not.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/02/01/ipco_annual_report_2017_18/

  • 01/02/2019
  • adm

Study the Cutting Edge of Cybersecurity at Black Hat Asia

Whether you want an in-depth look at one of the biggest data breaches in recent memory or some advanced data forensics training, Black Hat Asia is the place to be.

The modern Internet has given rise to massive data marketplaces, and the best way to keep you and your clients’ sensitive information off the market is to stay on top of today’s cybersecurity threat landscape.

There’s no better place to do that than Black Hat Asia, which returns to Singapore next month with a boatload of cutting-edge Trainings, Briefings, and Arsenal tools aimed at giving you practical lessons and takeaways you can apply in your own work. Whether it’s your job to respond to incidents or predict and stop them before they happen, there’s something for you at the show.

Notably, “An Independent Investigation on the Biggest Malaysian Data Breach of 2017” is a 50-minute Briefing from Division Zero that will give you an unprecedented analysis of the big data breach that happened in Malaysia in 2017 when the personal data of millions of Malaysians was posted online for sale.

Look forward to a guided tour of the investigation to find out what happened, how the attackers were traced to Netherlands and Hong Kong, and why the search for the threat actor will likely continue to be a challenge for Malaysian authorities.

For more practical takeaways, check out “Investigating Malware Using Memory Forensics – A Practical Approach.” Presented by Cisco Systems, this Briefing will prepare you to face the rising tide of advanced cyberattacks by teaching you the practical concept of memory forensics, and how to use them to detect, investigate and understand the capabilities of malicious software.

In addition, you’ll get practical demos of some of the advanced tricks that modern malware uses to hide from, evade, or thwart modern cybersecurity safeguards. Don’t skip it!

Don’t Eat Spaghetti with a Spoon – An Analysis of the Practical Value of Threat Intelligence” is a 50-minute Briefing that will give you a frank analysis of the ability of threat intelligence to predict malicious activity on the Internet.

Presented by SensePost SecureData, this analysis is based on the investigation of over a million Internet threat indicators over a period of six months. Expect to walk away with a better understanding of the value of modern threat intelligence offerings and, in doing so, improve your understanding of their place in your security systems and processes.

Speaking of spaghetti, don’t overlook “PASTA: Portable Automotive Security Testbed with Adaptability”, a newly-announced Black Hat Asia Briefing from Yokohama National University and Toyota. This is less about threat intelligence than threat deterrence; and it offers an exciting look at the future of vehicular cybersecurity. In this Briefing you’ll learn about the portable automotive security testbed with adaptability (PASTA), which is a part of a comprehensive development platform for defending against vehicle cyberattacks.

Black Hat Asia returns to the Marina Bay Sands in Singapore March 26-29. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Article source: https://www.darkreading.com/black-hat/study-the-cutting-edge-of-cybersecurity-at-black-hat-asia/d/d-id/1333775?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 01/02/2019
  • adm

KISS, Cyber & the Humble but Nourishing Chickpea

The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.

In recent years, hummus has become a trendy food. Once considered a mere dip-like side dish in many western countries, hummus has recently found a seat at the table as a serious and tasty main course option. It raises the question: What is it about hummus that has made it a star?

In my opinion, what sets hummus apart from other foods is its uncanny ability to be both simple and fulfilling at the same time. Hummus is humble, yet nourishing. It is plain, yet flavorful. It is inexpensive, yet filling.

To fully understand the magic of hummus, we need to break it down to its essence. While there are many different hummus recipes and varieties, the core ingredient of hummus is chickpeas — plain old garbanzo beans. Chickpeas have no need to get fancy or showy; they simply get the job done, time after time, with minimal cost and waste.

So, what does my obsession with hummus have to do with information security? More than you might initially be inclined to believe. Allow me to explain:

1. KISS: The KISS principle (Keep it simple, stupid!) states that most systems work best if they are kept simple rather than complicated. More often than not, there is a simple, straightforward way to solve a problem. If you design a solution that is cumbersome and overcomplicated, chances are you don’t understand the problem well enough to solve it elegantly. There is almost never a need to get fancy. That merely creates an opportunity to introduce error unnecessarily.

2. Slow and steady wins the race: It may be tempting to chase after the item “du jour,” or the latest fad in security, but during the course of my career, I’ve watched the quick rise and hurried fall of one trendy topic after another. At the end of the day, security teams need to remain focused on improving security posture and reducing risk. That involves applying people, process, and technology strategically over the long term and solving in a repeatable manner over time. Getting distracted by bright, shiny objects doesn’t help in the least.

3. Minimize cost: It’s always fascinated me how the default response to solving a problem almost always seems to be to throw more money at it. Obviously, proper funding is required to ensure that a security organization can accomplish its goals and that security challenges get addressed at scale. But what about when funding isn’t the problem? Or, to ask the question differently, what about situations where problems can be solved by leveraging or optimizing existing investments? Looking to be frugal and resourceful, when appropriate, can be surprisingly effective. It’s not always necessary to make large investments to get the job done. In fact, doing so can sometimes have exactly the opposite effect. How so? In the near term, it can divert resources and attention away from important work. In the longer term, it can introduce additional levels of complexity that will draw scarce resources away from other tasks.

4. Minimize waste: I’ve lost count of the number of times in my career that I’ve seen complex, expensive systems procured, deployed, operated, maintained, replaced, and then decommissioned. The cost of running through this process can grow quite large. Granted, risk changes, technology matures, and priorities adapt over time. But even taking all this into account, some technologies are discarded simply because they were procured three or four years ago. Does the age of a solution affect whether or not it can address a modern challenge? In some cases, perhaps. But instead of considering a technology’s age, what if we considered its relevance to the goals and priorities we are looking to address? From this perspective, you might want to hold on to some of what you have before giving it the boot.

5. Cover the essential nutrients: A security program has many different limbs to feed, nurture, and sustain. It’s important to take care of and provide for all of these essential elements in accordance with their needs. Focusing too much on one particular aspect of security comes at the expense of the others. A simple, straightforward, and methodical way to nourish all parts of the security program produces a far more balanced and well-rounded approach. There is nothing to be gained by focusing on a small number of elements, and in fact, there is quite a bit to be lost. When important security functions are neglected, the organization’s security posture suffers.

Related Content:

Josh (Twitter: @ananalytical) is an experienced information security leader with broad experience building and running Security Operations Centers (SOCs). Josh is currently co-founder and chief product officer at IDRRA and also serves as security advisor to ExtraHop. Prior to … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/kiss-cyber-and-the-humble-but-nourishing-chickpea-/a/d-id/1333751?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 01/02/2019
  • adm

You got a smart speaker but you’re worried about privacy. First off, why’d you buy one? Secondly, check out Project Alias

Project Alias is a homebrew gizmo that aims to deafen Alexa and Google Home until a user is good and ready for the creepy little cylinders to pay attention.

By following an Instructable from Amsterdam-based Bjørn Karmann and Tore Knudsen, those confident with a soldering iron can build their own kit using a Raspberry Pi A+ and some inexpensive bits and pieces.

If you have access to a 3D printer you can also add the cover, which looks like someone has been a bit poorly on top of your home automation assistant, or held it over a fire.

Youtube Video

The Register spoke to one of its creators, Knudsen, who explained how it works. Speakers are placed over the mic array of the smart speaker and connected to the Raspberry Pi. The Pi then plays a mix of human speech and noises at a volume too low for us to hear, but loud enough to keep the likes of Alexa deafened.

The Pi has ears of its own in the form of a couple of microphones on an inexpensive daughterboard, and is trained by the user via a simple smartphone app to accept whatever activation phrase is needed. When the Pi “hears” the user’s preferred phrase, it triggers Alexa or Google Home itself and then allows the user’s instructions to make it to the spy cylinder’s ears.

The thing is wrapped up in a 3D-printed shell that resembles something that might attach itself to Spock in one of the older and more prosthetically creative episodes of Star Trek.

There is unbound potential for nerdery in that two-second wake-up phrase.

Though the Pi still requires power (necessitating a potentially messy extra cable), it does not need to be connected to the internet in order for the giant snot globule to do its thing.

Alas, you cannot actually buy one of these things (not yet, anyway).

Knudsen told us: “We have from the start decided that it should be open source and a project for the people, and not a consumer product in that sense.” He also warned that the project, which he and Karmann had put together between June and December 2018 “is still a proof of concept and might not work ‘out of the box’.”

While the small team behind the project has been training the thing themselves, Knudsen admitted that “it requires much more data to make a system work in any home with any voice”, adding: “Right now you need to train it from scratch, which is just a temporary solution.”

Much of the fun can also be found on GitHub, where the team hopes “that the open source community will help project Alias to become better”. Judging by the comments thus far, training the thing is indeed proving a challenge, but, as Knudsen observed, it is early days.

Your correspondant had a crack at making one and it went about as well as you would expect, although I am going to blame my abject failure on using the wrong mic board rather than my terrible, terrible soldering skills.

For those blessed with a compatible 3D printer and the ability to wield a soldering iron without making a dreadful hash of things, the Project Alias parasite is, we are assured, a neat project that handily blocks some of the eavesdropping tendencies that worry some smart speaker owners.

As for why the project is required, Knudsen said: “We are bringing so many digital products into our homes and while doing that we are relying on the companies to not misuse this.

“With project Alias we want to show and stress how the control and agency should be distributed more towards the user than the company/product.”

Alternatively, you could simply not put the creepy things in your home and point your phone at a good old-fashioned Bluetooth speaker to make music play, which is what many smart speakers seem to end up doing these days. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/02/01/project_alias/

  • 01/02/2019
  • adm

Apple yoinks enterprise certs from Facebook, Google, killing internal apps, to show its power

Analysis After briefly punishing Facebook and Google for violating the rules of its enterprise developer program, Apple has relented. Cupertino is in the process of restoring the digital certificates used by Facebook and Google to sign and distribute in-house iOS apps internally to employees, after revoking them within the past 24 hours.

The iPhone maker invalidated Facebook’s enterprise app certificate earlier this week after the ad biz admitted using using Apple’s enterprise program to bypass the consumer app approval process of its public App Store, and distribute its data-harvesting Facebook Research app directly to teens and adults. The enterprise program allows companies to digitally sign their own custom iOS and macOS apps, and hand them to employees for internal use and development.

Had Facebook chosen to submit its “research” app for distribution to netizens through the iOS App Store, it’s likely Apple’s reviewers would have rejected it for violating privacy guidelines. Apple previously asked Facebook to remove its data collecting Onavo VPN app from the iOS App Store. Facebook Research is said to be essentially the same code under a different name. It logs pretty much everything you do online, passing it back to the antisocial media giant to analyze and mine, and rewards its surveillance guinea pigs $20 in vouchers a month for giving up their privacy. Facebook signed it using its enterprise cert to allow it to be installed on users’ handhelds.

Shortly after excommunicating Facebook’s internal iOS apps, by canceling the certificate, Apple did the same to Google, which confessed and apologized for using its iOS enterprise certificate to distribute its own data-snarfing app called Screenwise Meter.

The brief ban is said to have been disruptive for both Facebook and Google, disabling internal apps used by employees and preventing builds of internal apps that all relied on the now-revoked signing certificates.

Facebook now says all’s well. “We have had our Enterprise Certification, which enables our internal employee applications, restored,” a company spokesperson said in an email to The Register. “We are in the process of getting our internal apps up and running. To be clear, this didn’t have an impact on our consumer-facing services.”

Apple is said to be in the process of doing the same for Google.

The Register asked Google for comment, and we’ve not heard back.

Flags of US and Iran

Wednesday: Facebook sparks another privacy brouhaha. Thursday: Facebook axes Iranian disinfo bods. Fancy that!

READ MORE

While Apple’s action can be appreciated from a privacy and safety perspective, it also underscores the exceptional power the company holds over its hardware and software ecosystem.

Developers of iOS apps have no way to distribute unvetted apps apart from releasing app code as open source so other iOS developers can build and install such projects on their own gear. And Apple has made clear, enterprise distribution has limits.

Outside of Apple’s TestFlight service for limited distribution of beta code, the one public distribution option available to iOS developers, the iOS App Store, requires Apple approval, which isn’t necessarily reasonable.

The Android ecosystem is different. Users of Android devices can side-load apps from outside the Google Play Store or other Android like the Amazon App Store or GetJar. That presents more danger from malicious code but it also treats mobile users like adults capable of making their own decisions.

What’s missing is a way to enforce clear communication about what apps actually do, like nutrition labels on food. Without that, it’s difficult to make an informed choice about which apps to install on either platform. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/02/01/apple_facebook_google_enterprise_cert_drama/

  • 01/02/2019
  • adm

Cisco Router Vulnerability Gives Window into Researchers’ World

The research around a recent vulnerability shows how researchers follow leads and find unexpected results.

In late January, researchers found a vulnerability in Cisco RV320 and RV325 routers — routers aimed at the needs of small businesses and remote offices. Cisco quickly released a software patch to close the vulnerability, but some of the research around the vulnerability offers a view into the world of researchers as they follow leads and look for issues in hardware and software.

The vulnerability itself was given designation CVE-2019-1653. According to the description of the vulnerability, it “…could allow an unauthenticated, remote attacker to retrieve sensitive information.” In Cisco’s announcement of the vulnerability and patch, it writes that a flaw in the browser-based management interface could allow an attacker to request a specific URL, which would return configuration details.

Jon Hart, senior security researcher at Rapid7, is more specific about those details. “There is a particular URL that you navigate to that happens to include the entire configuration for the device — you know, the username, password, configuration information, and just all sorts of critical information without requiring authentication,” he says. To make matters worse, the interface that harbored the vulnerability was enabled by default, with public Internet access possible.

In a blog post on his research, Rapid7 chief data scientist Bob Rudis noted that he had seen news of the vulnerability’s discovery through responsible disclosure on the Full Disclosure mailing list at seclists.org. Virtually all researchers deploy their own active and passive scanning tools on the Internet, and Rapid7 is no exception.

The company calls its active tool Project Sonar and the passive tool Project Heisenberg. Hart, who manages Project Sonar, says, “Project Sonar, as you know, is our Internet scanning project, so it’s actively looking for interesting things and collecting data about endpoints and things on the public Internet. Heisenberg, on the other hand, is a passive tool that listens on the public Internet. And really, it’s a series a series of global, publicly deployed, honeypots.”

One of the things that Rudis found was a discrepancy between the number of affected devices he found and the number that had been reported by researcher Troy Mursch on the Bad Packets Report. Where Mursch found “over 9,000” devices vulnerabe, out of more than 15,000 hosts exposed to the Internet, Rudis found nearly 20,000 exposed devices. Hart says that the difference, while small in a global sense, is likely due to differences in the interfaces each researcher was scanning and searching for.

As Hart (who was working on the research with Rudis) looked at the data, he found another piece of interface-associated interest: There were duplicate MAC addresses in the vulnerable population of devices. Hart says that he was able to look at the MAC because of information returned by the routers’ SSL certificates. “These SSL certificates, in addition to identifying the model, also provide the MAC address,” he explains.

A MAC address is supposed to be unique to a particular physical interface — there really shouldn’t be two the same anywhere in the world. In the case of the vulnerable routers, though, Hart says that one MAC address appeared more than 1,200 times. The duplicate MAC appears to be related to a company, NetKlass Technology, that was a supplier to Cisco a number of years ago. The duplicate MACs could be the result of supply chain or development issues and don’t, by themselves, represent a security issue.

Duplicate MACs can, though, create performance and configuration issues if multiple devices with the same MAC are deployed on a single network. And the vulnerability that researchers were following can create a number of issues, especially, in Hart’s words, if the routers are deployed by their intended audience — small businesses unlikely to have a dedicated security staff.

Hart says he would rate this vulnerability somewhere around a 5 or 6 on a 10-point severity scale. “If an attacker gets access to this configuration, he has the username and password and basically keys to the kingdom on this router,” Hart says, “…and at that point he can do whatever he wants to that particular router.” And because the router is responsible for routing the traffic of everything on the other side of it, Hart says, an attacker could then reconfigure DNS and firewall rules, and quickly own the network.

[Author’s note: This article has been revised from the original. At original posting, Troy Mursch’s name was misspelled. The article has also been edited to clarify the differences between the findings of Mursch and Rudis.]

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/cisco-router-vulnerability-gives-window-into-researchers-world/d/d-id/1333774?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 01/02/2019
  • adm

Kwik-Fit hit by MOT fail, that’s Malware On Target

Car servicing chain Kwik-Fit has suffered a malware attack that has caused delays in customers’ car repairs.

The company initially would only confess to El Reg that it had been infected by an unspecified “virus” in its “IT network” over the weekend, and the BBC later reported “malware” was to blame.

Kwik-Fit told us: “We first experienced some issues with a virus in our IT network during the weekend. This affected a number of our systems but in the interest of ongoing security we can’t confirm the source of the problem.

“We can reassure customers that we do not store any of their financial information and currently have no reason to believe that any customer data was compromised.”

Earlier this week, it was fending off angry tweets about missed appointments from customers who were then unable to get through to a call centre that was clearly struggling under the deluge.

From the scant facts publicly available, it appears that whatever KO’d Kwik-Fit’s systems without compromising sensitive data may have been ransomware. We put this to Kwik-Fit but the company did not respond.

A customer who asked the firm via Twitter when its systems would be back online was told it didn’t know.

If you can shed any light on the situation, you can get in touch with the author here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/01/31/kwik_fit_malware_it_systems_down/

  • 31/01/2019
  • adm

Dell, CrowdStrike, Secureworks Join Forces to Secure Endpoints

Dell SafeGuard and Response is geared toward businesses, governments, and schools that may lack resources they need to detect and remediate sophisticated threats.

Dell, CrowdStrike, and Secureworks have teamed up to create a new endpoint security portfolio made up of managed security, incident response, and behavioral analytics tools. Dell SafeGuard and Response is intended to help smaller teams address advanced security threats.

Target users for the new offering are midmarket companies, the public sector, educational institutions, and other organizations lacking capabilities and resources to detect and respond to threats like non-malware-based attacks. CrowdStrike reports these made up 39% of attacks overall in 2017 and which SentinelOne says rose by 94% between January and June 2018.

Further, Secureworks has found that half of organizations don’t have the endpoint or network visibility they need during incident response. Sophisticated threats went undetected for an average of 30 days — a big problem for small security teams, says Brett Hansen, Dell’s vice president and general manager of client software and security solutions.

“Those organizations are increasingly the ones being hit and compromised,” Hansen says of the target users. “When it does happen, they’re less capable of recovery.”

“Every security event for these folks is kind of a five-alarm event,” he continues. “Smaller, midmarket companies just don’t have good track records for how to remit and recover.” Many have an employee designated to handle cybersecurity — an all-encompassing position that requires one person to handle endpoint security, encryption, incidents, and other duties.

Dell SafeGuard and Response combines CrowdStrike’s endpoint security protection with threat intelligence and incident response management from Secureworks. Hansen says Dell and Secureworks spent months vetting and testing EDR systems before selecting Crowdstrike’s.

“Being selected by Dell is a testament to CrowdStrike’s market leadership and the proven value of our platform,” said Matthew Polly, vice president of worldwide business development and channels at CrowdStrike, in a release on today’s news.

What’s Inside

The full offering is made up of four distinct tools: CrowdStrike Falcon Prevent, CrowdStrike Falcon Prevent and Insight, Secureworks Managed Endpoint Protection, and Secureworks Incident Management Retainer. Buyers can purchase the full package or choose separate tools; they can also buy one tool to start and add more to their environment later on, if needed.

CrowdStrike Falcon Prevent, the first tier of four, is a next-gen antivirus product. Falcon Prevent and Insight, the second, adds endpoint detection and response. Tier three is Secureworks’ managed endpoint system, which monitors for threat activity with the Secureworks’ SOC and Counter Threat Unit on hand to determine the severity of discovered threats. Tier four is a Secureworks incident response retainer to provide customers with resources following a security incident.

Customers can buy the security package as a subscription on its own, or as they’re buying Dell devices, says Hansen. Licenses for Dell SafeGuard and Response are not tied to individual machines; they can be downloaded and used on any machine in the environment. Further, Hansen points out, the tool is device agnostic and not limited to Dell computers.

From a procurement perspective, this is helpful for companies with limited budgets as they can tie security in with new devices or buy it separately. They can also have one point of contact at Dell to receive support for CrowdStrike and Secureworks tools included in the security package.

For guidance in how to download and use the platform, customers have access to an online training curriculum via CrowdStrike, says Polly. However, he notes, deployment is fairly simple.

What Comes Next?
“We want to look at more than the endpoint — we want to look across the customer stack,” says Wendy Thomas, senior vice president of business and product strategy at SecureWorks. She sees an opportunity to broaden this service to networks, databases, other parts of the business.

The companies are also working on projects where they can come together and provide more visibility below the operating systems, says Hansen. Cyberattacks are increasingly targeting the BIOS and firmware levels, he explains, and he anticipates adversaries will continue the trend.

Dell SafeGuard and Response will be available globally in March 2019 through Dell and authorized channel partners. The CrowdStrike Falcon platform can also be purchased via Dell.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/endpoint/dell-crowdstrike-secureworks-join-forces-to-secure-endpoints/d/d-id/1333769?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 31/01/2019
  • adm