Microsoft Security Endpoint Threat Report 2019
Soliton Systems Announces Free Trial For New Secure Remote Access Soliton SecureDesktop
Neural Technologies becomes the world’s first Fraud Management System to Automatically Connect to RAG's Industry-Leading Wangiri Fraud Intelligen
SonicWall Boundless Cybersecurity Platform Swiftly Providing Remote Workforces with Secure Mobile Access, Defense in ‘New Business Norm’
HID Global Unveils Signature Line of Readers, HID Signo; Unlocks A New World of Open, Connected and Adaptable Access Control
HID Global Extends Passwordless FIDO2 Authentication Throughout the Workplace
HID Global Recognized as a Microsoft Security 20/20 Partner Awards Finalist in Identity Trailblazer Category
Frost & Sullivan: Amid an evolving global risk landscape, Taiwan vendors redefine cybersecurity innovation
Irdeto and VOXX Automotive Bring Simple and Secure Key Management to Fleet Owners
The Quantum Internet Is Within Reach: Secure Communication Between Quantum Computers Implemented
Radiflow and Asset Guardian introduce joint solution to enrich industrial asset monitoring and risk assessment
Mahwah, NJ and Livingston, UK (October 2x, 2019) – Radiflow, a leading provider of cybersecurity solutions for industrial automation networks, and Asset Guardian, a dedicated provider of leading edge protection for process control and industrial software, today jointly announced that the two companies have launched a joint solution to expand industrial asset monitoring, change management and risk assessment capabilities for industrial enterprises. Asset Guardian’s change management solution manages software and hardware configurations of industrial automation and controls systems. The Asset Guardian technology manages PLC, DCS and HMI/SCADA software assets and provides a single point of reference for current asset information, including operational status, location and controller logic versions. Radiflow’s iSID industrial threat detection system provides real-time visibility of networked industrial assets, ports and protocols on an OT network. By passively analyzing all data traffic, iSID can detect in real-time and counteract abnormal network activity, such as abnormal network access or asset changes and changes in the sequence of SCADA processes. In this new integrated solution, iSID’s asset inventory now incorporates the asset information stored in the Asset Guardian database, including the detailed asset information that is not available from traffic monitoring. With this new detailed asset information from Asset Guardian, such as logic version, ownership, geo-location and more, the result is a far more granular risk score calculated by iSID for each asset. Changes to assets, such as new firmware or PLC logic, are detected on the network in real-time by iSID and sent to Asset Guardian for verification, authorization and validation against the ‘golden image’ of the binary stored in the Asset Guardian database. “Our Integrated and comprehensive joint platform solution capability will provide greater insight, clarity and security to our global customer base to help protect the integrity of their OT ICS assets against ever increasing cyber threats to safeguard operational resilience, govern compliance, standards, security and deliver effective management of change and disaster recovery,” explained Ewan McAllister, CEO of Asset Guardian Solutions. “Our integration and joint offering with Asset Guardian will provide a higher level of OT asset monitoring and risk assessment,” said Rani Kehat, Vice President of Business Development at Radiflow. “These are key enhancements that will enrich our industrial enterprise customers with greater operational management value.” Radiflow will be demonstrating its joint solution with Asset Guardian this week at the Industrial Control Systems Cyber Security Conference in Atlanta, United States. Radiflow is currently scheduling demonstration of its joint solution with Asset Guardian. In addition, to learn more, please visit Radiflow’s web site to watch a new video about the joint Radiflow-Asset Guardian solution.
Internet Society’s Online Trust Alliance Reports Cyber Incidents Cost $45B in 2018
The Internet Society's Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, today released its Cyber Incident & Breach Trends Report. The report found the financial impact of ransomware rose by 60%, losses from business email compromise (BEC) doubled, and cryptojacking incidents more than tripled, all despite the fact that overall breaches and exposed records were down in 2018. The data shows that cybercriminals are getting better at monetizing their activities, with OTA estimating the more than 2 million cyber incidents in 2018 resulted in over $45 billion in losses, with the actual numbers expected to be much higher as many cyber incidents are never reported. "While it's tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim," said Jeff Wilbur, technical director of the Internet Society's Online Trust Alliance. "The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we've seen in the past." In the report, OTA noted a steep rise in cyber incidents like supply chain attacks, Business Email Compromise (BEC) and cryptojacking. Some attack types, such as ransomware, are not new but continue to be lucrative for criminals. Others, such as cryptojacking, show that criminals are shifting their focus to new targets. Some of the top trends from the Cyber Incident & Breach Trends Report are listed below. - Rise of Cryptocurrency Breeds New Cyber Criminals In conjunction with the increasing prevalence of cryptocurrency comes the rise of cryptojacking, which tripled in 2018. This is a specific type of attack aimed at hijacking devices to harness computer power at scale to efficiently mine cryptocurrency. OTA believes these incidents are increasingly attractive to criminals as they represent a direct path from infiltration to income, and are difficult to detect. - Deceptive Email Though well-known as an attack vector, Business Email Compromise (BEC) doubled in 2018, resulting in $1.3 billion in losses as employees were deceived into sending funds or gift cards to attackers who use email to impersonate vendors or executives. Many companies are reacting by clearly labeling all emails that originate outside the organization's network. - Attacks via Third Parties Supply chain attacks -- wherein attackers infiltrate via third-party website content, vendors' software or third-parties' credentials -- were not new in 2018 (similar past exploits include Target in 2013, CCleaner and Not Petya in 2017), but they continue to proliferate and morph. The most notable 2018 attack was Magecart, which infected the payment forms on more than 6,400 e-commerce sites worldwide. The OTA report compiled external sources that estimated a 78% increase in these types of attacks in 2018, with two-thirds of organizations having experienced an attack at an average cost of $1.1 million, and estimates that half of all cyber attacks involve the supply chain. - Governments Under Attack While the total number of ransomware attacks was down in 2018, the OTA report noted a troubling rise in reported ransomware attacks against state and local governments in 2018 and early 2019. Breaches targeting the cities of Baltimore and Atlanta led to the disruption of many government services and the rebuilding of entire network structures. Local governments are particularly vulnerable given that they often rely on outdated technology and are running old software and operating systems. - Issues in the Cloud While also not new, 2018 brought a rash of sensitive data being left open to the Internet due to misconfigured cloud services. Given the number of businesses that rely on companies like Amazon, Google, and Microsoft for some or all of their cloud needs, it is increasingly important to ensure cloud storage is secure. The report noted that one common problem with cloud computing isn't even a true "attack", but user error. Configuring data storage correctly is the responsibility of the data's owner, not of the cloud service and it's often improperly done. - Credential Stuffing Rises OTA found an increase in credential stuffing in 2018, an attack type that recently gained prominence. Given that there are now more than 2.2 billion breached credentials in play and users often rely on identical logins across services, attackers are harnessing ultra-fast computers and known username/password pairs or commonly used passwords to gain access directly to accounts across a wide range of industries. Several high-profile attacks occurred in 2018, and though many were initially believed to be breaches, they turned out to be brute-force credential attacks.
Versa Networks Achieves NSS Labs Recommended Rating in the 2019SD-WAN Group Test with its Security-Enabled SD-WAN
Versa Networks innovator of the Secure Cloud IP platform announced that NSS Labs, Inc., a global leader and trusted source for independent, fact-based Cybersecurity and SD-WAN guidance, has received the Recommended rating from NSS Labs in its 2019 Software-Defined Wide Area Network (SD-WAN) Group test. Versa is one of only two vendors who have received the Recommended rating to undergo testing of its built-in protection against network-delivered exploitation capabilities. The NSS Labs group test findings accentuated what customers discover and report about Versa Networks’ exceptional user experience and lower total cost of ownership (TCO) with security enabled. NSS Labs clients are exploring the security readiness of SD-WAN products, motivated primarily by a desire to offload traffic via public Internet access at the branch. The NSS Labs test was designed to add clarity to the definition of WAN security, which varies by SD-WAN vendors who are referencing encrypted links, antithreat capabilities or full stack solutions (next-generation firewall). NSS Labs structured the SD-WAN test according to three dimensions: Highest quality of experience for VoIP and Video, lowest total cost of ownership, and protection against network-delivered exploitation: • Low TCO: The Versa SD-WAN solution delivered the lowest TCO per Mbps of secured SD-WAN throughput. • High quality of experience for VoIP and Video: NSS Labs tested Versa’s solution under very difficult network conditions of packet loss, jitter and latency. The Versa SD-WAN solution delivered very high MOS scores and application quality of experience standards for voice and video applications. • Protection against network-delivered exploitation capabilities: SD-WAN is commonly used by enterprises for better SaaS and multi-cloud application experience using direct internet connectivity, which increases vulnerability to attack. The Versa SD-WAN solution has been designed from the ground up with security in mind, such as embedded NGFW that blocks threats at the branch more effectively, along with robust web security services. In NSS Labs’ test of protection against network-delivered exploitation capabilities, Versa achieved a 99.2% exploit block rate and a 100% score in stability and reliability. Versa has now scored a Recommended rating in both the SD-WAN and NGFW tests by NSS Labs. Key to the NSS Labs test criteria were leveraging unbiased data to establish verifiable vendor differentiation, which in a crowded vendor landscape like SD-WAN puts a premium on empirical evidence to affirm selection or inform customers. TCO is a major factor to consider, given the prospect of operational savings from introducing transport diversity, such as broadband Internet, and a simplified deployment model eliminating onsite technical support ( ZTP or Zero Touch Provisioning). In addition, efficiency metrics were important considerations since the number of WAN links within enterprises can reach into the hundreds and even thousands. Without SD-WAN, managing traffic behaviors and priorities across a large, distributed infrastructure is an immense task, and thus SD-WAN offers a simpler operational model to more easily adapt, tune and control traffic patterns centrally. Another key imperative the NSS Labs test incorporated was application awareness and application user experience quality, which allows for core applications to be traffic-engineered and customized on-demand based on dynamic network characteristics and security policy objectives. Versa’s Secure Cloud IP solution enables enterprises to deploy a secure SD-WAN fabric for their branch network and better manage WAN costs while simplifying operations, enhancing network resiliency and improving application performance. Versa’s solution integrates routing, networking services, SD-WAN and critical security functions like NGFW and unified threat management (UTM) that also serve to consolidate multiple appliances into a single platform. Versa’s unique solution provides full multi-tenancy, multiple deployment options, ZTP and multi-cloud extensibility to enable enterprises to seamlessly drop in next-generation technology for fast WAN transformation. “Versa’s proven technology is the best technical solution with the best value. We focused on integrating security into our product when we started the company and today are known for having the best SD-WAN solution with built-in security. In this NSS Labs test, while other vendors either chose to test without security or lacked the necessary capabilities to be tested per the NSS Labs SD-WAN 2.0 methodology, Versa’s architecture performed exceedingly well, demonstrating our built from the ground up, embedded security services at a lower cost per bit,” said Kumar Mehta, co-founder and CDO, Versa Networks. “We believe the NSS Labs results strengthen the market leadership position Versa has garnered already with our unique solution and enterprises should feel confident that with Versa they get the best scale, quality, performance and feature/functionality, including enterprise-grade security, with all critical branch services running in a unified, flexible software platform.”
QNAP Announces Limited-Time Special Offer of McAfee Antivirus for QNAP NAS at Computex 2019
QNAP® Systems, Inc. today announced a limited-time special offer of McAfee® Antivirus for QNAP NAS systems. With a subscription to McAfee Antivirus, QNAP users can ensure their data stays protected from viruses, heal currently-infected files, prevent viruses spreading through file sharing, and receive the latest definitions to combat present & future virus threats. A one-year subscription to McAfee Antivirus is now available for $8.99 (normally $25.00), two years for $13.99 (normally $50.00), and three years for $18.99 (all prices in United States Dollars). A free 30-day trial is also available for QNAP NAS users. This special offer is valid till June 28, 2019. “McAfee Antivirus provides dependable protection for users to defend against current and emerging virus threats in digital and networked environments,” said Meiji Chang, General Manager of QNAP, continuing “By taking advantage of this limited-time special offer, QNAP NAS users can ensure their files and data are well protected.” “McAfee delivers modern cybersecurity solutions to provide trusted endpoint protection,” said Tom Moore, Vice President of Global OEM of McAfee, adding “We encourage QNAP users to take this chance to plan their cybersecurity solution for antivirus protection both online and offline.” - Availability McAfee Antivirus is available from the QTS App Center on QNAP NAS. For more information and to subscribe to the McAfee Antivirus service, users can visit the QNAP License Store website.
InfiNet Wireless partners with Maicrotel SAS to complete major security overhaul at South American port
InfiNet Wireless, the global leader in fixed broadband wireless connectivity, has successfully completed a radical overhaul of a local port security system in South America. Puerto de Mamonal, Cartagena, Columbia, has become the first sea terminal to adopt InfiNet Wireless technology as part of a project to showcase the diverse range of environments it can operate in. In partnering with Colombian communications solutions provider, Maicrotel SAS (Maicrotel), InfiNet Wireless technology successfully delivered a comprehensive modern wireless solution to enhance the security measures of the port. The solution entailed an InfiNet Wireless point-to-multipoint network, with security cameras, cabinets, transmission radios, data security and Wi-Fi network transmission. The monitoring of and provision of security of the port’s 310,000 m2 territory, was extensively enhanced by the solution, which covered more than 240,000 m2 of storage area used for many types of merchandise. Due to the sensitive nature of the port’s operations and the commercial value of the diverse range of goods handled on-site, it was of the utmost importance that an effective CCTV system was implemented to control the operations inside the port and to monitor the handling of merchandise. “The port security staff have been highly impressed by the system – the wireless solution delivers all of the closed-circuit audio and video data from the port to the control center 24 hours a day,” said José Arsenio Galvis, head of Puerto de Mamonal. “We have had a timely response and the result of the implementation has been impeccable. It has allowed us to have a reliable control system, in addition to complying with the safety regulations that underpin the effective operation of the port terminal.” “InfiNet Wireless’ security system has also given the port the confidence to expand its area of operations and further investment in this state-of-the-art solution to safeguard the port is expected,” added Galvis. By enabling the monitoring of the handling and logistics of the merchandise, control staff had the tools to prevent theft and drug trafficking in the terminal. This system is made up of technological solutions such as radios, cameras and data, making it easy to monitor movements and the handling of merchandise from the control center. A system of physical protection and data protection was installed, with optimal connectivity, to safeguard port activity. This includes a video surveillance system, the design of which was tailored to cater the critical conditions of the management and the processing of goods. “This successful implementation at Puerto de Mamonal demonstrates the immense versatility of InfiNet Wireless’ solutions to operate in a variety of markets and conditions,” said Carlos de Lamadrid, head of LATAM region at InfiNet Wireless. “Given that this was the first time deploying our solutions at a seaport, the transition was seamless, and the operational efficiency has been flawless since. We look forward to seeing more projects like this rolled out in the future and for new regions around the world to benefit from what we have to offer.”
HID Global Teams with The World’s Top Turnstile Manufacturers to Bring Mobile Access to Lobby Security
HID Global, today announced that it has teamed up with six of the world’s top turnstile manufacturers who have tested and certified HID’s Mobile Access® as part of their commitment to a mobile future. Major turnstile manufactures exhibiting at this year’s ISC West exhibition, namely Alvarado, Automatic Systems, Boon Edam, Gunnebo, Orion Entrance Control and Smarter Security, have integrated the new Essex Electronics iROX-T with embedded iCLASS SE® technology from HID. Each company will showcase mobile access in their booths to illustrate how mobile is upping the convenience factor at the turnstile. “Leveraging mobile and cloud technologies at every access point, from turnstiles and elevators to doors, is a crucial part of creating a truly connected security experience in today’s smart building,” said Michael Chaudoin, Vice President of Product Management and Marketing, Extended Access Technologies business unit with HID Global. “HID Global and Essex Electronics are making this vision real by solving the challenge of increasing turnstile security with a solution that enables secure access using credentials provisioned to a user’s mobile phone. This will help people move more efficiently through the hustle and bustle of busy building lobbies.” Already certified with the six turnstile manufacturers, the Essex Electronics iROX-T reader with HID’s embedded iCLASS SE® technology supports Bluetooth Low Energy (BLE) and Near Field Communications (NFC) for mobile access and optional OSDP for secure communications. It is also interoperable with smart cards, HID’s 13.56MHz Seos® credentials, iCLASS SE, iCLASS®, and other high frequency formats. Garrett Kaufman, President of Essex Electronics, added, “Building on our successful launch of the iRox-T, the latest integration of BLE, NFC and OSDP illustrates the reader’s ability to streamline upgrades in order to meet the demands of today’s mixed credential environment that is increasingly incorporating mobile IDs on smartphones.” See HID Mobile Access in action at ISC West 2019 Visit HID Global in Booth #11063 and the following turnstile manufacturers to see live demonstrations of HID Mobile Access at ISC West from April 10-12, 2019 at the Sands Expo in Las Vegas. Alvarado Booth #12101 Automatic Systems Booth #2065 Boon Edam Booth #8037 Gunnebo Booth #4077 Orion Entrance Control Booth #5065 Smarter Security Booth #21117
‘Ransomware’ and ‘Cryptojacking’ Mining Cryptocurrency Declined, While ‘Formjacking’ Stealing Credit Card Information Increased
telent and Innaxys launch first UK-centric digital evidence management solution to cut police costs and increase conviction rates
telent today launched a pioneering digital evidence management solution which could potentially save police forces millions of pounds per year. Jointly developed with UK-based specialist policing software application provider Innaxys and in conjunction with emergency services across the country, telent’s digital evidence management solution is designed to specifically meet the needs of UK police forces. It provides 100% UK sovereignty of the storage of digital evidence with all data encrypted and held securely on telent’s Public Services Network (PSN) accredited and UK-based cloud platform. Addressing the increase in digital evidence, such as CCTV footage, photos and videos recorded by the public, and body camera and dashcam clips, the solution will significantly reduce the time officers spend physically collecting CCTV images and enable faster analysis and processing of evidence. Police forces will also be able to securely share evidence with the criminal justice system to ensure evidence cannot be misplaced, lost or damaged, reducing court case adjournments and delays. A proof of concept has already been successfully delivered, with the first live deployment currently in the final stages of user acceptance testing ahead of its planned go live date later this year. While specific cost savings will be proportional to the size of individual police forces, a medium sized force has estimated that the solution will save 2,100 officer shifts per annum. The same force also believes a 50% reduction in court case adjournments can be achieved through the solution’s secure sharing of digital evidence. “Jointly with Innaxys we have developed this solution in consultation with UK police forces specifically to address the challenges faced by officers collecting data in the modern policing age where there has been a huge increase in public and business CCTV use,” said Barry Zielinski, General Manager Public Safety & Defence at telent. “This is combined with a proliferation of smartphones, dash cams, social media and body worn cameras, creating both opportunities and challenges for policing. This solution helps officers efficiently collect, manage, store and share these new digital evidence sources. It will save officer time collecting images, reduce court case adjournments and ensure the security of digital evidence by eliminating the risk of it being destroyed, tampered with, lost or even left in public places.” telent’s solution follows the CoPaCC/Police ICT User Perspectives 2018 report, which is based on a survey across UK police forces. This research highlights concerns regarding the management of digital evidence, stating that urgent action is required to manage the proliferation of digital evidence and replace current time consuming and insecure processes. The solution is available via a national police procurement framework and forces which choose to use the solution will be provided with management options for each digital asset or piece of evidence, including who has access, how long they have access, and what metadata about the evidence is shared. When collecting evidence from members of the public, the force can email a link which lets people securely upload their footage from anywhere with an Internet connection. The solution also integrates directly with the Digital Evidence Transfer System (DETS) which will link police forces to the criminal justice system. DETS was also developed by Innaxys and is currently being trialled by the Home Office in conjunction with five police forces across the UK. It is expected to be mandated by the Home Office for use by all police forces in 2020. Jean-Claude Lafontaine, CEO at Innaxys, said: “Through the digital evidence management solution, the time and cost of collecting evidence from the public is massively reduced. Such a system will become more and more necessary in the future, as digital evidence continues to grow and officer resources are put under increasing strain.” Additional key benefits of telent’s digital evidence management solution include faster processing and sharing of digital evidence with suspects which will reduce “no comment” interviews and ensure criminals are brought to justice faster. Providing more efficient analysis and management of digital assets is particularly important for larger and complex investigations. Simple crowd sourcing of phone and dash cam images for both minor incidents and major terrorism incidents will also be made possible, while police forces’ reputation will be protected due to the solution eliminating the risk of digital evidence being destroyed, tampered with, lost or left in public places. “In the context of legacy IT systems, budget cuts and increasing demand for frontline policing, this solution is exactly what’s required to ensure that the UK’s police forces have a cost-effective solution that will them see them well into the future and supplement the incredible work that they do,” added Barry Zielinski at telent.
Ziften Announces Rapid Adoption of its Cloud-Delivered Endpoint Protection Plus Visibility and Hardening Platform (EPP+)
Ziften, a leader in endpoint protection plus visibility and hardening, today announced the rapid adoption of its EPP+ platform. Ziften is the first cyber-security platform that provides one agent for all endpoints – laptops, desktops, servers and cloud – preventing a full-range of cyber-attacks by addressing all 3 phases of the endpoint security continuum – attack protection; threat analysis, response and remediation; and proactive endpoint posture hardening and hygiene. Enterprise security buyers have quickly recognized the value of this full continuum EPP+ approach which is fueling Ziften’s business successes in 2018 and now into 2019, including: 130% increase in monthly sales velocity – for the 2H of 2018, after its August EPP+ product release. 100% growth in 3-year purchase agreements – for the 2H of 2018 as enterprise customers lock into longer term EPP+ contracts. Rapid upturn in early 2019 channel led sales – through indirect resellers, managed security service providers, and OEM arrangements. “As a strategic IT planning and security solutions provider, we’re thrilled to include the Ziften Zenith endpoint protection suite of capabilities into our offering for our customers”, said Jon Craig, Chief Information Security Officer, Black Bottle Security. “Ziften’s endpoint protection plus full visibility is an absolute differentiator and allows us to deliver a full-set of endpoint security capabilities with a single agent for all our customers’ endpoints including Windows, Mac and Linux.” Additionally, Ziften is participating at the RSA Conference at the Moscone Center in San Francisco this week and will be: Providing demonstrations of its EPP+ platform at booth #1149 in the South Hall. Jointly presenting on “The Lost Boys: How Linux and Mac Intersect in a Windows-Centric Security World” with German IT services and solutions partner Sepago, on Wednesday, Mar 06 at 01:30 - 02:20 P.M. in Moscone West 3001. "We’re thrilled to see the quick uptick in customer acceptance of our new EPP+ endpoint security model”, said Mike Hamilton, Chief Executive Officer, Ziften. “I believe Ziften’s the only endpoint security vendor to provide full-featured endpoint protection plus continuous endpoint monitoring and posture hardening. And although our focus on process, technology and discipline is now paying off for Ziften, we have more exciting announcements to come and continue to be hyper-focused on accelerating our innovation for our customers, partners and service providers.”
JASK Enhances Multi-Cloud Monitoring Capabilities in ASOC Platform
JASK today announced new dynamic multi-cloud visibility and workload monitoring features that extend its leadership position as the market’s first cloud-native SIEM. The enhanced capabilities include advanced analytics expressly designed to process the constantly changing, high-volume data unique to AWS and Microsoft Azure cloud environments. JASK will demonstrate these capabilities at RSA Conference in San Francisco, March 4-8, 2019. JASK is a SIEM in the cloud, for the cloud. The ASOC platform was built in AWS by some of the world’s foremost architects in cloud-native development, including Rob Fry, VP of Engineering at JASK and former lead architect for cloud security at Netflix – the largest public cloud-native company in the world. As a result, JASK ASOC uniquely understands what cloud data to monitor and how to monitor it. “Legacy SIEM products were designed for use cases and include analytics for traditional on-premises architectures,” said Fry. “The methodologies that power these SIEMs to analyze on-premises data streams from firewalls, proxies and hosts don’t apply to cloud data. With integrations and analytics built for both AWS and Azure, JASK ASOC provides organizations with unprecedented visibility into cloud environments because it understands how to monitor cloud data, where workloads may come and go within hours or minutes and clusters it with on-premises data to streamline analyst workflows.” As a cloud-native platform, JASK ASOC fully leverages the elastic capabilities of cloud computing, such as horizontal-scaling data-ingestion pipelines, to ensure it scales to handle any data volume that customers desire. The cloud also affords JASK the processing power necessary for the analytics that provide automated alert triage, ensuring seamless monitoring of both cloud and on-premises infrastructure in a single platform. JASK ASOC now includes integrations with AWS CloudTrail, AWS GuardDuty and VPC Flow Logs to ingest, aggregate and analyze dynamic workload information about user activity, malicious behavior and IP traffic as part of JASK Insights. For example, JASK ASOC can correlate an alert about an open S3 bucket with information about who opened it and who accessed it to tell security analysts a story about what happened with S3 and address the issue immediately. JASK ASOC also fully supports the Microsoft Graph Security API to ingest a robust set of Azure cloud data and information related to Microsoft users, applications and events into its advanced SIEM platform. Through this support, JASK uniquely integrates with Microsoft Azure Event Hubs to stream millions of events per second from OneDrive, Exchange, Azure Active Directory and Office 365 to the ASOC platform for processing, correlation and analysis.
QNAP Releases QVR Pro Unlimited Playback for Playing Recordings Older than 14 Days
QNAP® Systems, Inc. today released QVR Pro version 1.2.1 with selectable license plans that fit diverse needs. While the existing QVR Pro Gold provides the full range of QVR Pro’s advanced features for business users, the new QVR Pro Unlimited Playback is for users who need to play back recordings older than 14 days via the QVR Pro Client. A single Unlimited Playback plan can be used for all of the channels on one NAS unit. “QNAP provides flexible QVR Pro license plans for different surveillance scenarios, allowing users to build their surveillance solutions based around their individual requirements and budgets. In addition to the included eight camera channels, business users can purchase QVR Pro Gold to take full advantage of QVR Pro's advanced features. SMB and Home users can now consider purchasing Unlimited Playback or purchase extra camera channels to extend their monitoring channels,” said Alan Kuo, Product Manager of QNAP. Where to buy : QNAP License Store, QTS License Store > License Store Availability : QVR Pro 1.2.1 can be downloaded from the QTS App Center.
SK Infosec EQST Regular Media Day : IoT Hacking and Privacy Invasion
On the morning of January 30th, SK Infosec held EQST regular media day at Ferrum Tower in Jung-gu, Seoul. The media day was held by SK Infosec to show the hacking demonstration and presentation on the theme of IoT (Internet of Things) hacking and privacy invasion. The officials including Jae-woo Lee EQST group leader, Tae-hyung Kim EQST Lab chief and Hyung-wook Jang EQST group and Lab expert member attended the event. EQST is a security expert group of SK Infosec, which is involved in cyber threat analysis and research as well as responding to security incidents at the actual hacking incidents. In addition, the announcement of this day cited the results of domestic and overseas institutions' investigation and warned of the explosion of IoT devices and the risk of hacking on home IoT devices. ▲ SK Infosec’s EQST regular media day was held. ▲ Tae-hyung Kim EQST Lab chief got the presentation. According to the announcement, the number of devices connected to the Internet worldwide exceeds 17 billion in 2018. Among the 17 billion devices activated, the number of IoT-related devices reached 7 billion, and in 2025, it is expected to exceed 20 billion. As a result, the number of new vulnerability reports and rewards in Korea is on a year-on-year increase. Specifically, in 2018, 80% of IoT attacks were Satori and Mirai botnet. Mirai botnet operates in the way of scanning and accessing IoT devices with malicious administrator accounts, spreading malignant codes, and generating a DDoS (Distributed Denial of Service) attack with a massive botnet consisting of IoT devices. According to Mirai botnet’s analysis of the degree of infection by country, Korea was ranked as 8th place with 4%, but it is never safe since Japan, which has larger area than Korea, showed lower percentage. Mirai botnet is not a new method but an existing method, but IoT devices are vulnerable and can be easily attacked by Mirai botnet. Moreover, the survey on information protection in 2017 said that the most popular products for domestic IoT users are smart home devices and the key concerns were the increase in management vulnerabilities, threat of personal information infringement, and the strength and possibility of cyber-attack. The IoT devices with insufficient security can be used as a tool for hacker’s attack by being accessed through the system with account information that can be acquired from the Internet. In fact, it was introduced that it is easy to acquire IoT device administrator account information simply by searching 'default password' on a portal site. Next, the cases of privacy invasion through IoT hacking were introduced. First, the cases of stealing private video files through the unauthorized remote access to IP cameras with the acquired information from web server hacking were mentioned. For example, there was a case of hacking home IoT devices for companion animals, which had a lot of problems last year, or hacking baby monitors installed for babies in the United States. There was also a case of hacking a smart toy with a microphone or speaker to remotely control the device and steal personal information stored in the server. Furthermore, at the beginning of this year, there was another case that the door was opened by a hacker through hacking the signal occurred when the digital door lock is opened. ▲ Domestic new vulnerability reports/awards are on a year-on-year increase, and 80% of IoT attacks in 2018 were found to be Satori and Mirai botnets. ▲ The privacy invasions through IoT hacking were presented. The cases of webcam hacking were announced. As hacking cases of webcams such as laptop cameras and CCTVs increased, the Ministry of Science and ICT conducted a monitoring service, resulting in a sharp decrease in the number of cases from 3,568 in the first quarter of 2018 to 256 in the third quarter. The continuous monitoring by government has reduced the number of webcam hackings, but many images are still being exposed in real time. The first example is the Russian ‘Incecam’ site. Incecam collects pages that do not change the default setting values such as administrator ID and password through GHDB&Shodan in the site, so that it can view CCTVs of the country in real time through the weak webcam list in the main homepage. In addition, it discloses information about CCTVs using the fact that there is no authentication procedure in the CCTV management mode. Moreover, IP Scanner, which scans the neighboring IPs for accessing and manipulating vulnerable webcams after logging in through the unchanged default settings, such as administrator ID and password, was introduced. Likewise, there was a case of stealing webcam recording files by accessing with ID, password, and telnet service through port scan after accessing unchanged open AP (webcam for server storage) and determining the IP that is currently using webcam. EQST recommended setting a different secure password for each webcam product and performing regular firmware updates for webcams and AP devices as security measures for these IoT devices. In addition, EQST introduced ‘IoT product security certification service’ from KISA, and proposed to follow ‘mandatory setting and change of initial password for IP camera and CCTV’, which will be implemented from February. Tae-hyung Kim EQST Lab chief said, “As Web services evolve, hackers enjoyed making money by hijacking personal information, and the growing number of IoT devices has become an interesting content for these hackers. So, the spread of 5G is expected to lead to more intrusive privacy violations in our lives. Although there are many types of webcam hacking, it is important to remember that simply changing the password greatly reduces the risk of hacking, since most hackers target at the devices with default administrator and password setting.” What’s more, the case of Dark Web was introduced – it is accessible only with certain software such as Tor (The Onion Routing) and it cannot be accessed through a normal browser or domain. As a result, contract murders, drugs, illegal video distribution, and illegal transactions take place, and the invasion problems including personal information and video of famous foreign celebrities, IP camera hacking video, and webcam arise. Lastly, Jae-woo Lee EQST group leader announced that EQST will progress security for expanding IoT diagnosis area and systematizing. Through security consulting on IoT devices, EQST will analyze IoT environment, identify threats according to information protection areas, analyze and evaluate risks, and demonstrate security solutions through simulation hacking. Moreover, a guide to security consulting and mock hacking will also be provided. As for DSaaS service, industrial safety services and power/energy/building facility management services will be offered. ▲ According to the monitoring service by the Ministry of Science and ICT, the number of webcam hacking has dramatically decreased. ▲ Jae-woo Lee, EQST Group Leader ▲ EQST announced that it will carry out security for expansion of IoT diagnosis area and systematization.
HID Global and Phunware Collaborate to Improve Wayfinding for Patients and Visitors within Hospitals
HID Global®, a worldwide leader in trusted identity solutions, and Phunware, Inc. (NASDAQ: PHUN), a fully integrated enterprise cloud platform for mobile that provides products, solutions, data and services for brands worldwide, today announced their collaboration to improve the experience for hospital patients and visitors to find their way within medical facilities, using wayfinding on their mobile phones. Wayfinding is indoor navigation to guide a person step-by-step on the way to a desired destination. “The combination of Phunware’s market-leading wayfinding and mobile engagement capabilities with innovative HID Location Services will ultimately revolutionize wayfinding within healthcare institutions,” said Phunware co-founder and CEO Alan S. Knitowski. “It’s easy for visitors and patients to get lost in hospitals, and every time they do it puts appointment times and patient satisfaction at risk. With our location-aware app on a mobile device, we equip the visitor to get instant, turn-by-turn navigation that creates a better experience than that which is currently available on the market.” Phunware and HID are addressing the need of healthcare institutions to deploy standardized technology to provide a better wayfinding and visitor engagement experience inside the hospital, across campus and even in parking lots. “Wayfinding is one more application that we are integrating into HID’s unified healthcare IoT solution to make it easier for healthcare systems to manage a growing demand for automated and streamlined experiences,” said Rom Eizenberg, Vice President of Sales, Bluvision, part of HID Global. “With HID technologies, we have changed the location-aware landscape, delivering location as a service. Now, healthcare organizations can easily lay out the foundation for IoT applications, such as wayfinding.” HID’s healthcare IoT solution-enablement platform simplifies the delivery of real-time location of clinicians, patients and devices. The platform is enabled by Bluvision (part of HID Global). Phunware’s Multiscreen-as-a-Service (MaaS™) platform also provides enterprise-level mobile wayfinding, engagement, data and more for other vertical markets, including retail, residential, hospitality, media and entertainment and more.
The international reference guidelines for assessing information security controls have just been updated to help
For any organization, information is one of its most valuable assets and data breaches can cost heavily in terms of lost business and cleaning up the damage. Thus, controls in place need to be rigorous enough to protect it, and monitored regularly to keep up with changing risks. Developed by ISO and the International Electrotechnical Commission (IEC), ISO/IEC TS 27008, Information technology – Security techniques – Guidelines for the assessment of information security controls, provides guidance on assessing the controls in place to ensure they are fit for purpose, effective and efficient, and in line with company objectives. The technical specification (TS) has recently been updated to align with new editions of other complementary standards on information security management, namely ISO/IEC 27000 (overview and vocabulary), ISO/IEC 27001 (requirements) and ISO/IEC 27002 (code of practice for information security controls), all of which are referenced within. Prof. Edward Humphreys, leader of the working group that developed the standard, said ISO/IEC TS 27008 will help organizations to assess and review their current controls that are being managed through the implementation of ISO/IEC 27001. “In a world where cyber-attacks are not only more frequent but increasingly harder to detect and prevent, assessing and reviewing the security controls in place needs to be undertaken on a regular basis and be an essential aspect of the organization’s business processes,” he said. “ISO/IEC TS 27008 can help give organizations confidence that their controls are effective, adequate and appropriate to mitigate the information risks the organization faces.” ISO/IEC TS 27008 is of benefit to organizations of all types and sizes, be they public, private or not-for-profit, and complements the information security management system defined in ISO/IEC 27001. It was developed by ISO technical committee ISO/IEC JTC 1, Information security, subcommittee SC 27, IT security techniques, the secretariat of which is held by DIN, ISO’s member for Germany. It can be purchased from your national ISO member or through the ISO Store.
HID Global Launches Cloud Platform To Help Create a Worldwide Innovation Ecosystem for the Connected Workplace
HID Global, today announced the availability of its HID Origo™ cloud platform that opens a brand-new world of opportunities for partners to create more seamless and intuitive workplace experiences that are built on HID’s proven access control infrastructure. The platform combines HID’s technologies for mobile IDs (and location services in the future) with its expansive access control architecture to bring together physical security and a wide range of building applications, services and IoT use cases via a unified cloud experience. “HID Origo lays the foundation for a broad ecosystem of cloud-based access control technologies, products, services and business models that will accelerate workplace innovation; it dramatically increases our partners’ capabilities to create more connected and seamless building experiences for end users,” said Hilding Arrehed, Vice President of Cloud Services, Physical Access Control, with HID Global. “The platform will remove integration barriers between access control systems and smart building applications, and we will continue to expand its value with capabilities that further improve how people securely move through a facility and interact with its services.” The new platform provides an app-based innovation model that delivers a comprehensive suite of integration, enablement, developer tools and services geared towards simplifying how partners and a growing community of new developers and resellers bring access control solutions to market. Rather than requiring that entire solutions be developed and enabled one customer or site at a time, HID Origo will make it possible to develop new applications and integrated solutions for HID’s complete installed base of millions of access control devices and system—all at once. - How HID Origo Works The HID Origo platform embeds cloud connections and IoT functionality as app extensions into mobile devices, HID readers and controllers, and gives developers direct access to this hardware via HID Origo application programming interfaces (APIs) and software developer kits (SDK) already proven through HID’s mobile access solution. The platform also enables data analytics to be used for new capabilities, including remote reader configuration, predictive access control system maintenance and intent detection for more seamless and personalized workplace experiences. - Enabling New Business Models for Ordering and Managing Mobile IDs Today, the platform enables subscription-based services, with customers already taking advantage of the model’s simplicity. Examples include a deployment by a world-leading biotechnology company who has been an early adopter of HID Origo subscription services for ordering and managing mobile ID replenishment over the air when employees lose or must replace their smartphones. The company has replaced its traditional access control readers with 2,300 Bluetooth-enabled iCLASS SE® readers to support their mixed environment of 12,000 mobile IDs and 40,000 Seos ID cards. The subscription billing model offered through HID Origo makes it easier for the company to order and manage mobile IDs while improving forecasting, budgeting and reporting. It also streamlines transferring mobile ID subscription licenses across employees and registering multiple mobile IDs across multiple devices without any additional cost.
HP Labs Boris Balacheff Vice President had Media Group Interview in Korea
On January 14, 2019, at Millennium Seoul Hilton Hotel in Seoul, HP (HP Inc.) held a media group interview with Boris Balacheff, Chief Technologist for System Security Research and Innovation at HP Labs. At the interview, he introduced HP's view of security, countermeasures, and technologies. Currently, Boris Balacheff is coordinating security research on cyber physical system as well as personal device architectures in HP Labs. In addition to setting up technology strategies for the HP portfolio as a whole, he is also committed to academic collaboration and standard establishment in industry. On behalf of HP, Boris is participating in Trusted Computing Group (TCG) and Certification Program Committee, and is the founder of the first concepts. He has also been successful in smart card research and HP Trusted Computing research and has conducted cloud client security research to support the IT needs of cloud-based mobile customers. At the interview, he said that the starting point for the security of enterprise IT environments starts with 'devices', and the process by which companies select IT devices to use in addition to their network over the next few years is also a decision process in aspect of security. Furthermore, he emphasized that the ‘devices’ refers to all devices connected to the networks as well as the PC. And HP well understands the importance of this hardware-level security, continues to apply it to the product with ongoing research, and continues to work hard to keep the industry moving along with ongoing technology development. ▲ Boris Balacheff, Chief Technologist for System Security Research and Innovation at HP Labs Boris Balacheff stated that he has been committed to improving security at the interfaces of hardware and network, inventing key elements of early stage of trust computing technology, and designing the first version of the Trusted Computing Module (TPM). In addition to making these industry standards, Boris has taken a step further to study firmware security. Through this, he is striving to cope with the increasingly sophisticated attacks and to jointly design and respond to firmware and hardware security based on this. In hardware security, two primary vulnerable sources were mentioned. The first is that the number of devices is increasing, more and more users are using more devices, the interface between physical and mechanical world such as IoT is increasing, and new applications are emerging. Endpoint devices are used to create information, access information, and output information for users, and while there has been much effort in orchestration related to infrastructure security and cloud management security in an enterprise environment, the device environment has become more and more complex and more security-related solutions have been added. This also means that the attack surface and opportunities have increased for attackers. The second point is that devices are connected to more diverse networks in the IT environment. The workspace is changing to open space, and devices are connected to various types of wired and wireless connections anytime and anywhere, thereby weakening the security of the connection. In response to this situation, HP has been working on the overall situation of threat, and designing and developing products by analyzing where the attacks are taking place and where the attackers with what capabilities are active. Over the past several years, both the attackers and the security industry have been in a relationship of ‘cat and mouse’. Now, however, Boris explained that attackers are no longer willing to play hide-and-seek, and their attacks are showing attempts to attack at different levels, not software levels. There are two major types of attacks at ‘different levels’. The first is an attempt to penetrate deep into the system below the OS layer. In this case, if the intrusion works successfully up to the firmware level, there will be no software for detection or defense. Of course, this is not easy, but the reward will be great. It is expected that these attacks will not be done only on PCs. Another way to avoid detection of anti-malware solutions is to move to other devices on the network. And Boris introduced that HP has been working on a study of this possibility, since some of HP's businesses, such as printers and IoT devices, are connected to the network and are likely to be used in such attacks. Especially in recent years, printers are connected to almost all devices, and malware could be hidden in the network by sneaking into the devices such as printers that are less manageable or protected than PCs. In this case, it will be difficult to cope with traditional security solutions. In addition, expertise to attack firmware embedded in PCs and printers can be applied to IoT, etc., and various security-related conferences have been actively announced about attacks on printers. Whereupon, HP stressed that manufacturers are the only vendors that can respond to hardware and firmware security, and that solutions for software and network are not enough. In addition, security enhancements in terms of devices and firmware are becoming more important, so ‘HP SureStart’ technology for it continuously check whether firmware is falsified and prevent firmware tampered by malware attacks from running. Boris introduced that HP is securing resilience against attacks by applying protection, detection and recovery technologies from the hardware level in the design of enterprise-class appliances. On top of that, not only at the individual device level but also over the situation connected by network, management tools to ensure the integrity of devices are provided. Also, he emphasized that the starting point for corporates’ cyber security starts with 'devices', and the process of selecting IT devices that companies will use in addition to the network over the next few years is a process of decision in aspect of security. ▲ Boris Balacheff stated that technology-leading companies are responsible for proving and disseminating the technology. Q) (Acrofan) Recently, the area to consider regarding security is becoming wider. It seems that the movement to utilize ‘standard technology’ is becoming more prominent in the industry as a whole, focusing on cooperation among companies rather than the movement by a single corporation. For example, TPM is now used by a variety of manufacturers like the standard technology of the PC platform. In this case, it is unlikely to be differentiated from an individual corporation’s position. In this situation, what do you think about how can companies solve differentiation and verification of this differentiated technology? A) (Boris Balacheff) In terms of the quality of the security features we provide, verifying and demonstrating that the security features are working well is also a challenge in security. As a matter of fact, in the cases of TPM and TCG Group, we have tried to make various related programs. And not all TPMs are certified. However, HP only ships certified products. The review committee is also reviewing whether our assertions about security are well supported. In addition to the standard, it is not easy to prove the security features that we have differentiated, but we know that security is important at the hardware level. For instance, in the case of the 'HP SureStart' function, it is being certified by an external certification authority for microcontrollers and endpoint security controllers that are used to the function. In fact, in the position of an innovative company or leader in the industry, there are difficulties such as the burden of representing cutting-edge technology on behalf of the industry. It is also important to showcase new features and help industry follow. Although the process of the authentication is slow, it is slow and costly. But I think there may be other options besides the certification. HP also has internal processes for security technology, testing, and evaluation. Testing through external agencies is also important. In addition, HP announced the industry's first 'Bug Bounty' program for printers a few months ago. Because we have put a lot of effort into internal security technology, investment and development, we now think it is important to include outside experts. HP is testing more robust platforms internally. Nonetheless, HP believes certification is also very significant.
Imperva Korea Network Connectivity Hub Opening Press Conference
Imperva held a press conference at Oakwood Premier Coex Center Seoul Hotel in Gangnam-gu, Seoul on March 21, 2018. The event was organized to show how to protect a company's core business from the DDoS attack and the benefits of using a domestic DDoS Protection PoP, with the attendance of officials including Yong-hun Shin, Country manager of Imperva Korea, and Andrew Draper, Asia-Pacific area vice president for Imperva. “The goal of expanding the infrastructure in the Asia-Pacific region was realized with the establishment of Korea DDoS scrubbing center. Imperva will continue to invest in the expansion of the worldwide DDoS scrubbing center to strengthen the protection of DDoS threats and will focus on meeting customer expectations and providing differentiated services.” – says Yong-hun Shin, Country manager of Imperva Korea ▲ Imperva’s press conference on opening a network connectivity hub was held. According to the announcement, Imperva is continuously expanding its network capacity in line with the exponential growth of the online traffic. It has established 40 DDoS scrubbing centers in North America, South America, Europe, Asia, Africa and Oceania including Korea, and it is rapidly analyzing and responding to the dramatically growing network traffic. INCAPSULA, a DDoS protection service of Imperva, can detect DDoS attacks and defend them within a few seconds, regardless of the attack mode. So, it can control web traffics by a large amount of DDoS and Bot, which are continuous threats targeting enterprises’ web services. In order to respond effectively to security threats to corporate web services, security services such as DDoS protection, web security, global load balancing, and 24-hour security services are handled as one-stop. Through global level of virtual DDoS scrubbing center, ‘Incapsula’ blocks attacks at the center near the users and provides various solutions such as website protection, bot blocking, enhancement of the speed that users feel, server and data center load distribution, DNS caching and protection, and infrastructure protection. ▲ There are many security challenges. ▲ Imperva has set Korea as one of the major markets. 'Incapsula' provides 99.999% availability and SLA of Time to Mitigation within 10 seconds to protect customer's mission critical application and personal information. The logs containing personal information is 100% masked and stored to safeguard against the leakage. On the other hand, Imperva is constantly expanding its network capacity to accommodate the exponential growth of online traffic. Imperva has recently established 40 DDoS scrubbing centers in six continents such as America, Europe, Asia, South America, Africa and Oceania, including Korea, for the long-term goal of Imperva's stable support for customer service in major countries around the world. Hence, Imperva has strengthened DDoS protection service, ‘Incapsula’, by analyzing and rapidly responding to dramatically growing network traffic.