Revolutionize Endpoint Security with Application Isolation & Containment

  • US Defense Information Systems Agency (DISA) security experts are evaluating how organizations can better protect their endpoints from existing and Zero-Day threats with two endpoint security capabilities: Endpoint Detection and Response (EDR) and Application Isolation and Containment.
  • Multiple US federal government agencies have validated Application Isolation and Containment as a foundational security strategy.
  • Bromium has a revolutionary approach to securing endpoints that avoids reliance on detection (with its patient-zero dependencies) in favor of protection through safe, contained and self-remediating virtual environments.

Earlier this year the US Defense Information Systems Agency (DISA) acknowledged what many companies have been grappling with for some time: endpoint security solutions need to be “modernized” to protect against increasingly sophisticated and evolving threats. (See “The evolution of endpoint security” at https://www.disa.mil/NewsandEvents/2018/evolution-endpoint-security.)

Future Cyberwar

Future Cyberwar

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report’s cyberwar scenarios is particularly compelling. It doesn’t just map cyber onto today’s tactics, but completely re-imagines future tactics that include a cyber component (quote starts on page 110).

The Transition Toward Enterprise-class cybersecurity Vendors

Recently, ESG completed its second annual enterprise-class cybersecurity vendor research.  The story behind this project goes something like this: Enterprise organizations (i.e. those with 1,000 employees or more) have too many point tools and are now engaged in projects to integrate security technologies while eliminating some tools and vendors along the way.

Experts Urge Rapid Patching of ‘Struts’ Bug

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside.

What are next generation firewalls? How the cloud and complexity affect them

Traditional firewalls track the domains that traffic is coming from and the ports it’s going to. Nextgen firewalls go beyond that — they also monitor the content of the messages for malware and data exfiltration and can react in real time to stop threats. The newest iterations do even more, adding behavioral analytics, application security, zero-day malware detection, support for cloud and hybrid environments, and even endpoint protection.

Who’s Behind the Screencam Extortion Scam?

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it’s likely that additional spammers and scammers piled on with their own versions of the phishing email after noticing that some recipients were actually paying up. The truth is we may never find out who’s responsible, but it’s still fun to follow some promising leads and see where they take us.

What About the Testing You Can’t Automate?

The shift to DevSecOps is altering the security role in some fundamental ways. We’ve seen this new environment changing not only the security team’s tasks and responsibilities, but also their mindset. Specifically, the security team has had to shift from thinking like a “breaker” to thinking like a “builder.” Rather than focusing on auditing the code at the end of the development cycle, they now need to focus on building security into the SDLC. And that builder mentality requires working closely with those “building” the code. In DevSecOps, the security team enables developers to test for security while they’re writing the code, rather than actually doing the testing themselves after the fact. And the key to this transition? Automate, automate, automate. DevOps is all about automating, and nowhere is that more true than in security testing. If security testing is “shifting left,” it can’t slow developers down, but needs to be integrated into their processes and tools and automated so that it requires little human intervention. But then a question emerges: what about the security testing I can’t automate? Some testing requires security experts, and simply can’t be automated, like threat modeling and manual penetration testing. How do they fit into this new DevOps-driven, automated world?

Weekly Update 101

Home! I got up early today to a balmy 16-degree winter’s day as we approach the last week before spring and felt genuinely thankful to be in this location. I’ve gotta stay home more…

T-Mobile halts cyber attack

T-Mobile USA announced a security breach late last night. The company says its cyber-security team discovered and shut down unauthorized access to its customers’ data on Monday, August 20. The telco says an attacker was exfiltrating personal data such as customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types (prepaid or postpaid). T-Mobile said the hacker (or hackers) did not gain access to passwords, social security numbers, or any financial information.

More than half of organisations hit by an unrecoverable cyber attack in the last 3 years

Over 90% of respondents do not consider their organization to be IT resilient and nearly half have suffered an unrecoverable data event in the last three years, according to IDC. While the majority of businesses surveyed have a cloud, digital transformation or modernization project already planned for the next two years, these same businesses rate themselves as immature on resilience objectives. This gap highlights the current demands on IT teams who are being tasked with cloud and modernization projects even as they struggle to keep pace with basic protection and recovery.

Over 6 billion fake emails are being sent daily…and they are getting harder to detect

The Valimail Q2 2018 Email Fraud Landscape shows that fake email continues to be a serious problem, with an estimated 6.4 billion fake emails sent every day. That total includes only exact-domain sender spoofing, in which senders put a fake email address in the From: field of their messages. This is one of the most difficult to detect and damaging types of fake emails. For example, the FBI recently reported that business email compromise (BEC) costs have reached $12 billion over the past several years.

This Week in Security News: Facebook and Faxploits

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Facebook removed 652 fake accounts originating from Russia and Iran. Also, Microsoft identified and removed fake internet domains that mimicked U.S political institutions thought to be created by Russian operatives.

Corporate Cybersecurity Is Becoming Geopolitical. Are U.S. Tech Companies Ready?

Executive Summary

This week’s news that Microsoft, Facebook, FireEye, and Google disrupted ongoing Russian and Iranian influence campaigns should garner significant attention in corporate boardrooms. The revelation of this fresh round of foreign hacking highlights important points about the intersection of business, geopolitics, and hacking that too often go overlooked — points that are especially important for platform businesses. Private companies are now on the front lines of defending U.S. interests from foreign governments, and this will require a much more proactive stance than traditional IT security measures.