Overcoming the Challenge of Reactivity in Incident Response (Part 1)

This is the first blog in a three-part series where we’ll examine how security teams manage incident response processes. Here, we’ll highlight the challenges that security teams face when trying to mitigate incidents and how constraints force many teams into taking a reactive approach. This leads to incident response teams feeling the stress of scrambling to protect their business operations and related digital assets. We’ll also explain how threat intelligence can give security teams what they need to take a more proactive approach, enabling them to better prepare for threats and prioritize their mitigation efforts.

KnowBe4 Acquires CLTRe; Shines Spotlight On Security Culture Measurement.

KnowBe4, the provider of the world’s largest security awareness training (SAT) and simulated phishing platform, today announced the acquisition of CLTRe —pronounced “Culture”— a Norwegian company focused on helping organisations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year.

ExtraHop Joins IBM Security App Exchange Community.

ExtraHop, provider of enterprise cyber analytics from the inside out, today launched the ExtraHop for IBM QRadar app, which integrates with IBM Security Intelligence technology to stream accurate, contextual network behavioural detections into the QRadar SIEM. With Reveal(x) detections in QRadar, organisations have a complete picture of suspicious or anomalous behaviour on their network, as well as the ability to perform rapid, guided investigations. This bi-directional integration lets analysts move back to ExtraHop to explore forensic detail captured from network data.

TrustArc Research Highlights Privacy Attitudes One-Year After The GDPR Enforcement Date.

TrustArc, a leading data privacy management company, today announced new findings from an online study conducted by Ipsos MORI, a global research and consulting firm, on behalf of TrustArc. The survey polled individuals aged 16-75 in the UK about a number of issues surrounding the EU General Data Protection Regulation (GDPR) one year since it went into effect on 25 May 2018.

The Cybersecurity Industry’s Third-Party Risk Management Problem Is Rooted in Visibility

Third-party risk management is an issue that keeps many chief information security officers (CISOs) and other security leaders awake at night. Third-party risk has a lot more in common with phishing than advanced persistent threats (APTs) or zero-day attacks; it’s a known issue, but there’s a huge gap between awareness and risk at the majority of organizations. There’s no shortage of reasons to get this one right, including mounting compliance pressures and the tenuous state of customer trust.

Trump Administration Considers Banning Another Major Chinese Firm

An anonymous reader quotes a report from CNBC: The U.S. administration is considering limits to Chinese video surveillance firm Hikvision’s ability to buy U.S. technology, the New York Times reported on Tuesday, in a move that deepens worries about trade frictions between the world’s two top economies. The move would effectively place Hikvision on a U.S. blacklist and U.S. companies may have to obtain government approval to supply components to Hikvision, the paper said. The U.S. Commerce Department blocked Huawei Technologies from buying U.S. goods last week, effectively banning U.S. companies from doing business with the Chinese firm, a major escalation in the trade war, saying Huawei was involved in activities contrary to national security.

Hikvision and Dahua Technology which produce audio-visual equipment that can be used for surveillance were specifically cited in a letter to Trump’s top advisers last month, signed by more than 40 lawmakers. The lawmakers said China’s actions in its western region of Xinjiang “may constitute crimes against humanity” and urged tighter U.S. export controls to ensure that U.S. companies are not assisting the Chinese government’s crackdown there.

Acting Secretary McAleenan Swears in Two New HSAC Members, Announces New Council Tasking Focused on the Security and Resiliency of Houses of Worship and Faith-Based Organizations

Acting Secretary of Homeland Security Kevin K. McAleenan met with the Homeland Security Advisory Council (HSAC) to discuss a range of homeland security issues and his priorities for the Department. The Acting Secretary then swore in two new members to the HSAC, Robert Bonner and Leon Fresco.

Here’s Why More Security Solutions Doesn’t Equal Better Security

Regulatory requirements such as the General Data Protection Regulation (GDPR) and high-profile breaches have moved cybersecurity out of IT and into the board room. For security practitioners, this level of visibility has helped ease the budgeting process and allowed them to add multiple products and services to their security solutions toolkits.