Author: bacohido

Cisco’s $28 billion acquisition of Splunk comes at an inflection point of security teams beginning to adopt to working with modern, cloud-native data lakes.

Related: Dasera launches new Snowflake platform

For years, Splunk has been the workhorse SIEM for many enterprise Security Operation Centers (SOCs). However, security teams have challenges with Splunk’s steeply rising costs. And now, early adopters of security data lakes like Snowflake are saving more than two-thirds of what they were paying for their Splunk license.

Splunk’s inability to migrate to a modern cloud-native architecture makes it difficult to take advantage of these cost-saving benefits or implement advanced data science use cases critical for threat detection. The Cisco acquisition shall exacerbate these challenges and speed up the adoption of security data lakes.

While it’s great to see data lakes gaining so much momentum, many security teams struggle to take advantage of them. Ripping and replacing Splunk overnight is unrealistic. Enterprise security teams need a path to incrementally migrate to a modern data lake with minimal impact on their SOC workflows.

SOCs require the ability to manage detections and analyze real-time security threats in a unified manner, regardless of where their data is stored, which is best achieved by separating their analytics layer from their data logging layer.

Here’s how to leverage the power of decoupling to create a distributed data lake architecture where security teams can choose to use multiple data platforms like Splunk and Snowflake, while maintaining a consistent security analytics layer.

Data lake connectors 

From detections written in SQL, KQL, or SIEM-specific languages like Splunk’s SPL, to the utilization of Python notebooks and various data science models for threat hunting, the variety and volume of data in data platforms can pose processing and detection development challenges for detection engineers who are not subject matter experts in multiple query languages. Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories.

Gonzalez

Relying on data collection and organization tools like the traditional SIEM to analyze the various log data for threat detection requires constant updating of the analysis methods and, more importantly, puts the onus of observability onto the security engineer. Every new data source becomes a headache for the multiple teams required to collaborate together to get each data source in a usable state.

For detection engineers to efficiently identify and thwart potential threat actors, the data logging and analytics layers need to be decoupled. This provides the flexibility to easily grow and change security to support the organizational/business changes (ex: moving from Splunk to Snowflake over time), reduce costs, and finally start to keep up or even stay ahead of alerts.

Impactful analysis

A decoupled, purpose-built threat detection platform can work across distributed data lake architectures. SOC teams will no longer need to modify detection logic, hunting notebooks, data science models, or wait for IT to prepare data sources.

Each data lake can be connected to the threat detection platform which can analyze and detect threats using a unified set of detection logic and advanced AI, with real-time normalization.

This streamlines security operations, and improves response agility, while also reducing vendor lock-in, giving CISOs flexibility for more cost-effective options. It also alleviates the cost and political implications associated with data migration and enables unified querying and analysis across multiple data lake architectures.

To achieve decoupling, organizations need to implement a unified detection layer and adopt the right AI tooling.

Implementing a unified detection layer simplifies the process of building detection content, even with diverse skill sets among security analysts. It also provides a standardized schema, enhancing the adaptability of security operations to different data storage scenarios. The unified detection layer should act as a hub for all detection content that connects to and processes detections within each data lake, regardless of the query language.

When you decouple the activity of threat detection from tools for which it is not inherently designed, you free up those resources to do what they need to do: address and remediate threats. Detection engineers can now spend more time protecting the business than figuring out how to protect the business.

Agnostic security

Decoupling enables rapid data access and flexibility in a distributed data lake architecture, meeting the demands of modern data management. By minimizing reliance on vendor-specific data logging platforms, data access can be expanded.

SOCs will gain control over their data storage strategy, allowing them to keep the data where it is. At the same time, SOC teams can keep pace with user expectations of more SaaS-ified, agile data management and future-proof security operations.

By leveraging a unified detection layer and AI, organizations can optimize data storage and analysis processes, leading to smarter and faster detection of security threats. Additionally, it promotes interoperability among different data sources and tools, ensuring a more seamless and flexible security infrastructure.

Data duplication and the associated operational costs are reduced, unnecessary logs and the associated costs are reduced, and the dependency on having fully normalized data in your data repository is eliminated in favor of data feeds. Additionally, analysts can be more effective by leveraging low/no-code detection builders, so they neither need to worry about parsing/normalizing the data nor be experts in a specific query language or technology.

With this shift, you can take advantage of modern innovations in storage architectures while simultaneously gaining access to specialized detection and response innovations.

About the essayist: Kevin Gonzalez, is senior director of security and operations at , Anvilogic, a Palo Alto based cybersecurity company founded by veterans from across the security industry building the future of AI in cybersecurity.

Vilnius, Lithuania, Oct. 20, 2023 — The UN Office on Drugs and Crime estimates that 5% of global GDP (£1.6 trillion) is laundered yearly, with increasing volumes of online data and the digitization of the economy making fraudsters more creative and difficult to catch.

“Enterprises in the finance, banking, and telecommunications sectors are the most susceptible to online fraud, but it can happen to any company,” said Vaidotas Sedys, Head of Risk Management at Oxylabs. “Unauthorised transactions made with the help of lost or stolen credit cards, counterfeit cards, ID document forgery and identity theft, fake identification, email phishing, and imposter scams are among the most common types of payment fraud today.”

Artificial intelligence (AI) systems and machine learning (ML) models enable companies to get ahead against fraud perpetrators by opening the possibility to gather and analyze massive datasets in real time. ML algorithms scan thousands of transactions, identifying hidden correlations or patterns, an impossible task for human risk analysts.

Sedys continued, “Adaptive fraud detection techniques based on deep learning and behavioral pattern recognition allow cybersecurity experts to monitor and analyze an increased number of transactions per second, flagging anomalies instantly. Cloud technologies also play an important role in the latest anti-fraud developments. Such services as distributed cloud account protection can detect malicious actors very accurately by monitoring transactions at a large scale and in real time.

Sedys

“ML can monitor login attempts too, with companies using historical logs to train an algorithm on the most common user practices, such as the place, time, or devices used to log in. With cohesive training, the model can then monitor and flag login attempts that do not resemble common patterns as a sign of possible unauthorized access.”

As cyber-attacks continue to increase, the real-time monitoring of internal systems and threat intelligence is vital for a robust security strategy. Cybersecurity experts use web scraping to gather critical information from target websites and obtain unique insights, sometimes even infiltrating the dark web and later analyzing this information with the help of ML.

Sedys continued, “Developments in web scraping and AI and ML positively reinforce each other. ML developers must gather good quality and diverse data to make the algorithms more accurate, which would be impossible without web scraping. Subsequently, AI and ML automate different parts of web scraping, making it less complicated to perform.”

“AI-powered web scrapers and proxy solutions can identify inactive URLs, generate dynamic fingerprints using different parameter sets (IP address, browser, location, window resolution, etc.), and bypass flagging or bans. It is also possible to employ natural language processing (NLP) and scan scraped content to determine if it meets primary goals.”

Sedys concluded, “AI and ML technologies are vital in the fight against cybercrime, helping organizations identify anomalies. AI-powered scraping solutions allow cyber security researchers to be more proactive in their role, at the same time reducing their time-to-reaction when attacks occur. Web scraping and AI serve as the foundation for many of the current advancements in cybersecurity and will continue being fundamental to further developments in the field.”

About Oxylabs: Established in 2015, Oxylabs is a premium proxy and public web data acquisition solution provider, enabling companies of all sizes to utilise the power of big data. Constant innovation, a large patent portfolio, and a focus on ethics have allowed Oxylabs to become a global leader in the data acquisition industry and forge close ties with dozens of Fortune Global 500 companies. In 2022, Oxylabs was named the fastest-growing public data gathering solutions company in Europe in the Financial Times’ FT 1000 list.

Media contacts: Avinash Nandra / Benjamin Hart, Spreckley, oxylabs@spreckley.co.uk

Uncategorized

Bedford, Mass., Oct. 17, 2023 NetWitness, a globally trusted provider of cybersecurity software and services, has today announced the 12.3 release of its award-winning NetWitness Intelligent Threat Detection and Response Platform.

The latest update offers enterprises more visibility into cyber threats than ever before with passive discovery, categorization, and ranking of all network assets, which allows companies to best prioritize potential risks.

NetWitness’s 12.3 update also gives businesses more visibility into the way their distributed teams work, whether remote or on-premises. The full update includes:

•NetWitness Insight — An all-new cloud analytics service that discovers, categorizes, and ranks assets throughout the customer environment, using unsupervised machine learning.

•Additional log integrations — Drives further visibility with tools like FluentD, Jamf, Zscaler, Azure Kubernetes, Symantec Data Center Security, and VMware Unified Access Gateway.

•Endpoint enhancements — Provides a remote shell into agents to allow analysts to explore and extract further artifacts from agents.

•SASE integrations — Delivers unparalleled visibility into encrypted traffic, remote users, and cloud workload.

Ewasko

“As networks become more complex, security teams need a more complete understanding of all their assets, both on-premises and in the cloud, to ensure the best protection for their enterprise,” said Tod Ewasko, CPO of NetWitness. “With NetWitness 12.3, they are given the power to optimize time, resources, and prioritize tasks through expanded visibility across their entire organization.”

The launch of 12.3 expands on NetWitness’s mission to deliver comprehensive visibility and insight into the vast array of network assets spread across on-premises and cloud environments. With billions of network sessions and millions of IP addresses to sift through, identifying potential threats and anomalies demands a Herculean effort. However, NetWitness continues to change how organizations prioritize and safeguard their assets.

For more information, visit https://www2.netwitness.com/12-3release.

About NetWitness: NetWitness provides comprehensive and highly scalable threat detection and response capabilities for organizations around the world. The NetWitness Platform delivers complete visibility combined with applied threat intelligence and user behavior analytics to detect, prioritize, investigate threats, and automate response. This empowers security analysts to be more efficient and stay ahead of business-impacting threats. For more information, visit netwitness.com.

Media contact: Wahid Lodin, Loopr PR & Marketing, wahid@looprmarketing.co.

The ubiquity of smart surveillance systems has contributed greatly to public safety.

Related: Monetizing data lakes

Image capture devices embedded far and wide in public spaces help deter crime as well as aid first responders — but they also stir rising concerns about an individual’s right to privacy.

Enter attribute-based encryption (ABE) an advanced type of cryptography that’s now ready for prime time. I’ve had several discussions with scientists who’ve led the development of ABE over the past two decades.

Most recently, I had the chance to visit with Takashi Goto, Vice President, Strategy, and Fang Wu, Consultant, at NTT Research. We discussed how ABE is ready to help resolve some rather sticky privacy issues stemming from widespread digital surveillance – and also do much more.

For a full drill down on this leading-edge form of agile cryptography, please view the accompanying videocast. Here are my takeaways.

Customized decryption

ABE builds upon digital certificates and the Public Key Infrastructure (PKI) that underpins secure communications across the Internet. Traditionally, PKI issues a single key to decrypt a given digital asset, which is fine, if the correct person possesses the decryption key.

However, cybercriminals have perfected numerous ways to steal or subvert decryption keys. ABE makes it much more difficult to fraudulently decrypt an asset in its entirety; it does this by pulling user and data attributes into the encryption picture — in a way that allows decryption to be flexible.

For instance, ABE can correlate specific company attributes to certain user attributes. It can differentiate departments, such as HR, accounting or the executive suite, as well as keep track of user roles, such as manager, clerk or subcontractor. It can then apply policies so that only users with the proper attributes can decrypt certain assets and only in very specific ways.

Alternatively, the digital asset itself — such as an image or even a video stream — can be assigned detailed attributes, with each attribute assigned a separate decryption key. A user can decrypt specific parts of an image or video stream, but only if he or she has the correct key enabling that particular access.

“ABE enables fine-grained access control and policy setting at the data layer, so you can actually blur faces or any text shown in the image,” Goto says. “You can still get useful information from the image, but if you don’t have the correct key, you won’t be able to decrypt certain attributes, such as a face or a license plate number.”

Versatile benefits

It’s taken a while to get here. ABE has undergone significant theoretical advancements since 2005. But it has only been in the past couple of years that proof-of-concept projects have gotten underway. Today, Goto says, ABE is fully ready to validate in real world deployments.

NTT is partnering with the University of Technology Sydney to introduce an ABE service that fits with existing IT infrastructure, including cloud computing, healthcare, IoT and secure data sharing. This comes after the partners have spent the past couple of years fine tuning an architectural design that’s compatible with existing IT systems, he says.

Wu observes that ABE’s fine-grained access control capability could enhance any of the major areas of digital services that exists today, while also being future-proofed. We should soon begin to see examples of ABE being implemented in virtual computing and cloud storage scenarios — to help ensure that decryption happens only when the correct combination of attributes presents itself.

And when it comes to cloud collaboration, ABE holds promise to help improve both security and operational efficiencies — in everything from rapid software development to global supply chains to remote work scenarios.

“Attribute-based encryption can be utilized to do a number of things,” Wu noted. “It’s an advanced way to partition sensitive data into different groups and then allow the user to access only what he or she needs to access; this can play a vital role in helping to avoid large-scale data breaches.”

With ABE, encryption happens once, while decryption attributes can be amended, as needed. This adds complexity and computational overhead. But those are solvable challenges. There’s a clear path forward for ABE to improve security and help preserve privacy. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

Cisco’s recent move to acquire SIEM stalwart Splunk for a cool $28 billion aligns with the rising urgency among companies in all sectors to better protect data — even as cyber threats intensify and disruptive advancements in AI add a wild card to this challenge.

Related: Will Cisco flub Splunk?

Cisco CEO Chuck Robbins hopes to boost the resiliency the network switching giant’s growing portfolio of security services. Of course, it certainly doesn’t hurt that Cisco now gets to revenue from Splunk customers like Coca-Cola, Intel, and Porsche.

Last Watchdog engaged Gurucul CEO Saryu K. Nayyar in a discussion about the wider implications of this deal. Gurucul is known for its innovations in User and Entity Behavior Analytics (UEBA) as well as its advanced SIEM solutions. Here’s the exchange, edited for clarity and length:

LW: What are tech giants like Microsoft, Google and now Cisco doing in the SIEM space?

Nayyar: Microsoft, Google, and Cisco are not security-first companies, but they recognize that SIEM is at the heart of security operations, so it’s not surprising they want to get in. It seems their strategy is to leverage their existing customer base and products to get traction in this space. 

LW: Why are suppliers of  legacy firewall, vulnerability management and EDR  solutions also now integrating SIEM capabilities?

Nayyar: Many security vendors want a piece of the SIEM market, even if their technology isn’t necessarily purpose-built. These vendors aren’t so much ‘doing SIEM’; rather, they’re positioning a set of point products to solve pieces of the puzzle, not the whole puzzle. The importance of SIEM continues to rise along with the constant velocity and veracity of threats, so this trend of jumping on the SIEM band wagon will likely continue.

LW: For some historical context, could you summarize how we went from SIM to SIEM and how Gurucul came to pioneer UEBA?

Nayyar:: The transition from SIM to SIEM was born out of necessity. Security teams needed greater visibility across their operating environment. Combining a security Information tool with a security event tool made it easier to correlate alerts generated by security products, like firewalls and IDS, normalize it, and then analyze it to identify potential risks.

SIEMs of today, like Gurucul’s, have evolved leaps and bounds over legacy SIEMs with the addition of purpose-built machine learning and analytics models,  along with the ability to scale.

Gurucul pioneered UEBA technology a decade ago – in fact our company was built around this capability. UEBA focuses on behavioral patterns for users and entities to identify anomalies and activity outside of the norm. We use machine learning models on open choice big data lakes to detect unknown threats early in the attack chain.

Instead of being stuck in reactive mode, security analysts could proactively determine if an attack was underway. This significantly improved their ability to accurately identify a potential threat early in the kill chain before damage happens.

LW: Then along came SOAR and next-gen SIEM, correct? What was behind the emergence of these advances?

Nayyar: SOAR gave analysts a playbook for responding to an attack campaign so they didn’t have to reinvent the wheel each time. Many attacks, while varied in how they are used, have a known set of characteristics. The MITRE Attack framework is an example of how various attack techniques, even if unique, can still be mapped to known techniques and procedures. SOAR uses the output of detection engines and investigations and recommends workflows or playbooks to build a response plan, saving time and effort.

Next-gen SIEM came about to address the shortcomings of legacy SIEMs when it comes to things like ineffective data ingestion, a flood of unprioritized alerts from security control products, and weak threat detections. Early SIEMs were log management and compliance tools, they were never built to address real-time threat detection and response.

Essentially, next-gen SIEM combines the capabilities of UEBA, SOAR and XDR so security teams can proactively – and accurately – assess threats and respond quickly. Another characteristic of a next-gen SIEM is its ability to ingest and interpret any data from any source and easily scale.

LW: To what extent is Cisco’s acquisition of Splunk just a microcosm of a wider shift of network security that’s taking place? Can you frame how legacy security tools (NGFW, WAF, web gateways, SIEM, SOAR, UEBA, XDR, VM, IAM, etc.) appear to be converging, in some sense, with brand-new cloud-centric solutions (API Security, RBVM, EASM CAASM, CNAPP, CSPM, DevSecOps, ISAT, BAS, etc.)

Nayyar: While there will always be point products to solve specific problems, the best solution for customers is a platform that combines the best-of-breed technologies into a single framework.

Related: Reviving obervability.

As the SIEM has long been central to gathering data and information across the entire infrastructure, it’s naturally evolving into an observability platform where the data can be used for various use cases beyond just security, such as application and cloud performance monitoring and management. There is greater awareness that IT functions can work together to improve the gathering of data, analytics, and prioritization of security-related events to improve the organization’s resiliency.

 LW: How should a company leader at a mid-market enterprise think about all this? What’s the most important thing to keep in mind?

Nayyar

Nayyar: Mid-market enterprises need the ability to reduce manual tasks and detect and respond faster. They are resource-restrained and don’t typically have specialized analyst roles. They need a SIEM that can automate their workflow and provide prioritized, risk-driven context that enables them to respond to threats in real time.

LW: What do you expect network security to look like five years from now?

Nayyar: Traditional network security is becoming less relevant as edge computing and zero trust networks evolve. The incorporation of edge networking, cloud migration, and identity and access data is changing how we look at security and its interaction with IT.

However, companies making investments in their security stack will likely continue to use a layered approach versus a deprecative approach. For example, Anti-virus will continue to be supported on endpoints even though its efficacy has dramatically reduced. This also means that automating and simplifying management of these layers is important.

LW: Anything else?

Nayyar: When we look at the SIEM market, legacy log-based architectures that were built for centralized deployments have failed to provide the needed visibility and detection of threats in the cloud. And, cloud-vendor approaches, like GCP and Azure or cloud-only SIEMs, have failed to recognize that most organizations are hybrid and will continue to be hybrid for many years.

As data becomes more de-centralized and spread across multiple clouds and geographies, it becomes significantly harder to analyze and identify attack campaigns. All the while, attackers are becoming more sophisticated.

The only way to make sense of all the data is through sophisticated analysis leveraging data lakes, machine learning and AI. These capabilities exist today; security operations teams don’t have to be saddled with tools that have failed to keep up with the threat environment.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

 

Vodnjan, Croatia, October 16, 2023 – Global cloud communications platform Infobip has identified five common frauds impacting mobile users in the messaging ecosystem.

Infobip explains the security challenges enterprises and mobile network operators (MNOs) face in the application-to-person (A2P) messaging ecosystem. Company also explains its role as a co-guardian of the A2P ecosystem with MNOs, helping protect brands and mobile users with its firewall.

With more and more brand-to-consumer interactions moving to digital channels, ensuring the security and privacy of this communication is vital to deliver a great customer experience. But, while the A2P market will grow to $29 billion by 2024, fraud and the revenues lost to fraud are also increasing. So, now more than ever, all organizations in the A2P ecosystem must protect mobile users and consumers by providing secure communication.

Infobip, which operates a state-of-the-art omnichannel firewall, has identified five critical security challenges MNOs and enterprises need to tackle:

•Artificially inflated traffic: Artificial inflation of traffic fraud uses bots to generate one-time PIN requests to generate undue costs and financially benefit the fraudster

•Flubot: Spreading like flu, flubot starts with a fraudulent link leading users to a malicious site to download an app or security update, which infects a phone with malware

•Smishing: SMS phishing, or smishing, is where fraudsters deceive consumers into revealing sensitive data which is misused. It costs consumers $10.1bn, according to RoboKiller

•Grey routes: Routes that bypass MNO’s charging systems to deliver messages to end users, costing MNOs revenue and leaving mobile users unprotected from security and privacy risks

•Spam: Unsolicited messages have been plaguing mobile users and consumers for some time

Cédric Gonin, VP Global Business Support at Orange International Carriers, said: “As a leading connectivity wholesaler catering to the needs of operators and content providers globally, Orange International Carriers has been securing its customers’ and partners’ international voice and messaging traffic for decades.

“And we’ve witnessed a steady increase in the number of attacks over the years, with fraudsters getting smarter and new types of fraud emerging, causing financial and reputational losses to telcos and businesses but also emotional distress for the end-user. Orange and Infobip/Anam therefore took advantage of their joint expertise in telecommunications security to develop a robust A2P SMS protect solution, which identifies current and emerging risks, and proactively safeguards telcos, businesses, and end-users on most channels.”

To help protect consumers, Infobip recommends MNOs work with well established Messaging providers who have direct relationships with the large brands and also introduce technically superior firewall solutions to their networks to protect the A2P ecosystem.

Infobip also calls for regulatory change to remove the restrictions on MNOs using particular modules like content analysis to protect the end users from different fraud scenarios, particularly in Europe. Content analysis is crucial for improving security standards while maintaining high privacy norms. For Enterprises, Infobip recommends using Messaging providers who have direct connections with MNO’s, protecting consumers’ security and privacy  through established communications platforms with global infrastructure.

Ražem

Matija Ražem, Vice President of Business Development at Infobip, said: “As the largest player in the SMS firewall market, we take our responsibility to protect MNO, enterprises, and consumers seriously. But we are all co-guardians of the A2P messaging ecosystem. While fraudsters are becoming ever more sophisticated, we can reduce AP2 fraud with a combined effort from all involved. The system is only as strong as its weakest link, so MNOs and enterprises should invest in their security and adopt the latest technology to combat fraudsters and protect their customers and business. That is why we have developed features like data anonymization, where our firewall separates sensitive customer data from the content, so customer’s privacy can’t be compromised.”

Infobip has been voted the number one SMS Firewall for four years straight, as voted by MNOs. Its Anam Protect firewall helps protect some 120 MNO networks and safeguards 1.2 billion mobile users combined with MNOs as co-guardians of the messaging ecosystem. Infobip processes around 63 billion transactions over its firewall solutions and blocks more than one billion fraudulent messages every month. Infobip has more than 800 direct connections to mobile network operators, enabling higher security and quality connectivity for their customers. Apart from its SMS Firewall, Infobip has officially launched Signals as part of its telco security portfolio, which stands out by using advanced technologies like machine learning to detect and block fraudulent traffic precisely.

About Infobip: Infobip is a global cloud communications platform that enables businesses to build connected experiences across all stages of the customer journey. Accessed through a single platform, Infobip’s omnichannel engagement, identity, user authentication and contact center solutions help businesses and partners overcome the complexity of consumer communications to grow business and increase loyalty. With over a decade of industry experience, Infobip has expanded to 75+ offices globally. It offers natively built technology with the capacity to reach over seven billion mobile devices and ‘things’ in 6 continents connected to over 9,700+ connections of which 800+ are direct operator connections. Infobip was established in 2006 and is led by its co-founders, CEO Silvio Kuti?, Roberto Kuti? and Izabel Jeleni?

Uncategorized

Supply chain security grows more crucial daily as cybercriminals attempt to disrupt distribution and transportation. In response, industry professionals must automate their cybersecurity tools to stay ahead.

Why so? The 2020 SolarWinds cybersecurity incident — which industry experts call the supply chain attack of the decade — was an incredibly high-profile breach affecting massive corporations. While it may seem like an outlier, it reveals an alarming trend.

Professionals on the incident response team believe cybersecurity hasn’t improved and no one has learned from the situation. They point out how supply chains rely on software yet lack the security tools to protect them.

Simply put, cyberattacks are on the rise. Data breaches exposed over 37 billion records in 2020 alone — a 141% jump from 2019. Businesses must automatically secure their supply chains to protect themselves and comply with consumer-protection laws.

Automation best practices

The best practices for automating supply chain cybersecurity cover each stage of the process, ranging from installation to use.

•Comprehensive Integration. Organizations will only get the full benefits of supply chain cybersecurity automation with thorough integration. What use is automatic threat detection without an immediate response? A single-function tool creates security gaps since it needs to rely on others.

•Scalability. Tools should be scalable to grow with the business and maintain security. For example, automatic threat response software must be able to handle security even during a surge in malicious activity. Supply chain professionals have to ensure their technology can scale to meet demand increases.

•Ongoing monitoring. While automated tools can be beneficial, businesses must track them to ensure success. Ongoing monitoring is one of the best practices for cybersecurity automation because it results in optimal functioning. Supply chain professionals will need to measure performance metrics patiently to see how the technology improves upon previous tools.

•Vendor inclusion. While most supply chains rely on third-party vendors, they increase the chance of cyber attacks. Still, businesses trust them to handle cybersecurity since they’re supposed to be convenient. Even if they’re careful and use quality security measures, they broaden the attack surface.

For example, experts believe the June 2023 MOVEit supply chain cyber attack originated from a third-party employee working with cybercriminals. A single individual’s actions resulted in a data breach reaching over 160 people.

Automatic third-party risk management identifies potential relationship vulnerabilities, improving cybersecurity. Businesses should include this approach in their automation process to minimize security gaps and better protect themselves.

Tools tips

Although automation itself is convenient, its integration can be time consuming and complex. Supply chain professionals should consider implementing these tips to improve their processes. Here’s what to use for supply chain cybersecurity automation:

Quality tools: Better tools have higher performance potential. For example, quality artificial intelligence only needs milliseconds to process millions of data points.

Employee support: Many automated tools need human oversight or maintenance to reach their full potential. Their performance would benefit from employee support.

Modern tools: Companies should overhaul legacy systems to reduce security gaps between them and the new automation technology.

Quality data: Data-driven automation technology is only as good as the information it collects. Professionals must ensure they only use relevant, accurate details.

While many tools can complete tasks independently, only some can do so securely. Cybersecurity automation is most effective when organizations leverage quality technology and manual assistance.

Automation benefits

Amos

Timeliness, efficiency, reduced downtime and improved protection against cyber attacks are the top benefits of supply chain cybersecurity automation. Processes like threat identification and incident response move much more quickly and are often more accurate.

Efficiency is one of the most significant benefits of supply chain cybersecurity automation. Industry leaders need help finding skilled workers, with around 57% of organizations stating labor shortages are their largest obstacle as of 2023.

Businesses should consider adopting cybersecurity automation technology since it’s a cost-effective approach to labor shortages. Additionally, it may produce higher-quality work since many tools leverage massive data sets.

Automatic supply chain cybersecurity is essential for modern-day organizations, considering how cyber attacks continue to become more frequent. They must implement the best practices and consider optimizing their processes to protect themselves.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

Toronto, Ontario – October 12, 2023 – Nerds On Site Inc. (CSE: NERD), a cybersecurity and mobile IT solutions company servicing the small and medium enterprise (SME) marketplace in Canada and the U.S., has developed SME Edge, a complete cybersecurity package that provides small-to-medium businesses comprehensive protection from the threat of data breaches.

SME Edge verifies all connections in and out of offices, disallows internet traffic that has not been approved for enterprise use, and closes all network traffic loopholes, protecting against phishing, social engineering, and zero-day attacks. In light of October being Cybersecurity Awareness Month, Nerds On Site wanted to showcase its SME Edge package.

SME Edge protects the Client’s traffic in real-time. Any connection not previously approved will immediately fail. With no way in or out for non-approved connections, data is protected from exfiltration. SME Edge Clients have never had an incident of phishing or ransomware while under the service’s network protection and enjoy a 0% breach rate of nearly three million devices globally.

Regan

SME Edge also offers many verticals under its umbrella with specialized and tailored services, including LEGAL Edge and NFP Edge, and has even announced MUNICIPAL Edge, which provides a tailored version of the solution to town, city and meto regional government locations.

“Nerds On Site continues to focus on protecting our Clients from the ever-increasing number and types of cybercrime attacks,” said Charlie Regan, CEO of Nerds On Site. “We are especially proud of the comprehensive protection that we can offer all our small and medium enterprise Clients, including municipalities. With October being Cybersecurity Awareness Month, we think it is a great time for businesses of all types and sizes to assess and shore up their cyber protection.”

SME Edge utilizes advanced AI built on Zero Trust protocols, delivering proven ransomware and phishing protection, even in the event that a phishing link is clicked.  SME Edge protects against even the most sophisticated cyber attacks on systems and data and features Sovereign Data Custody, ensuring that the sensitive and critical data of the Client remains secure.

About Nerds On Site Inc. (NERD): A leading provider of cyber security and IT services to SME and corporate Clients in North America.  Established in 1995 and serving Clients across the USA and Canada for decades, Nerds On Site stands out as one of the most highly regarded and reputable IT service organizations of its kind. The NERDs team is a collegial network of cyber security and technology experts and strategic partners across North America. Their ability to liberate Clients with technology solutions that optimize organizations and exceed expectations is the stand-out results Nerds On Site regularly delivers, as Client testimonials reflect – (reviews.nerdsonsite.com)

Uncategorized

Emmen, Switzerland, Oct. 11, 2023 — Recent research by the National Cyber Security Centre (NCSC) has found UK law firms are increasingly appealing targets for cybercriminals interested in stealing and exploiting client data.

Hybrid working has been cited as a challenge for firms attempting to maintain secure working practices and protect client confidentiality, but as cyberattacks become more sophisticated, the data that law firms hold are targeted for ransomware and insider trading.

These cyberattacks are increasingly carried out through breaches attributed to human elements, with 74% of all data breaches involving errors like privilege misuse, phishing, stolen credentials or social engineering. But losing client data has harmful consequences to the customer’s trust and reputation, leaving firms with the hard task of regaining their professional status amidst shoring up their security from other follow-up attacks.

The report calls for more proactive steps and training to protect their legal services. Financially motivated extortion incidents and intellectual property thefts have a significant impact on the legal sector in comparison to other civil sectors, so it is only more integral that their security can match potential threats and strengthen their ability to protect client data.

Appleton

“The UK legal sector handles data that is ultimately a critical component for business continuity,” says Mark Appleton, Chief Customer Officer at ALSO Cloud UK. “Cyber security remains an issue for any process wholly or partially reliant on technology, including those facilitated online, via email or any device.

“Criminal organisations identify law firms for their funds but more importantly, the abundance of confidential client information that can be used in negotiations and litigations. With the increased cyber threats they face, investing in the right security tools to become more resilient to the various attack methods should be a necessity. Otherwise, they face dealing with losses that may prove crippling for their firm’s reputation and clientele.”

Appleton additionally agrees with the guidance offered to the legal sector, and that operational cyber security needs to be addressed at all points of defence where possible. “Businesses have limited visibility over every aspect of external threats, but updating your security where you have control is a priority. With the proliferation of data breaches and privacy concerns, effective cybersecurity begins internally.”

“Investing in cyber defences and training staff to improve policies and security procedures is key, but also ensuring that agreements with MSPs and other third-party vendors include appropriate cyber security and data protection to safeguard digital assets is a responsibility that cannot be neglected. With frequent engagement with external entities, ensuring that access points are limited in the era of cloud computing should be the new normal for business security.”

“The legal sector needs to find an approach that facilitates their business functions but most importantly protects their data to ensure both their long-term success and commitment to their clients and ensures business continuity.”

About ALSO: ALSO Holding AG (ALSN.SW) (Emmen/Switzerland) is one of the leading technology providers for the ICT industry, currently active in 30 countries in Europe and in a total of 144 countries worldwide via PaaS partners. The ALSO ecosystem comprises a total potential of around 120 000 resellers, to whom we offer hardware, software and IT services from more than 700 vendors in over 1 500 product categories. In the spirit of the circular economy, the company provides all services from supply to recycling from a single source. The business activities comprise the areas of Supply, Solutions and Service. Supply comprises the transactional range of hardware and software. Solutions supports customers in the development of customised IT solutions. Subscription-based cloud offerings as well as platforms for cybersecurity, virtualisation and AI are at the heart of the service area. Further information at: https://also.com.

 Media Contact: Nathan Patel / Sabihah Choudhury,  Spreckley, T: +44 (0)207 388 9988, E: ALSO@spreckley.co.uk.

As tragic as it is, we are in a space where video has become a crucial asset in wartime.

Related: Apple tool used as warfare weapon

Ukraine’s defense against Russian invaders has changed the role of video. Accessing video-based intelligence at the right time and place is a very effective method for gaining information about the constantly changing military landscape.

As we have seen since the early days of the Ukrainian invasion, video plays a crucial role in showing hostile troop movements and the general disposition of the arena. Beyond simply capturing video, strategic and tactical decision-makers also benefit from the ability to quickly and appropriately share video-based intelligence.

It has been critical in optimizing the efficacy of a smaller Ukrainian force by coordinating with coalition partners worldwide.

Value of protocols

Technological innovations have widely been credited for helping Ukraine even the odds against Russia’s military might. Internet protocol-based video solutions are increasingly important in getting the best insights to the right people at the right time, especially in the context of C4ISR.

C4ISR stands for Command, Control, Communications, Computers (C4) Intelligence, Surveillance and Reconnaissance (ISR). Advanced C4ISR capabilities offer players in active theatres of operation an opportunity to secure and maintain strategic and tactical advantage through enhanced situational awareness and knowledge of the adversary and environment by shortening the time between sensing and response.

Rushton

In the past, video applications have been governed by military specifications that were often unique to individual countries or coalitions, which made sharing sensitive intelligence difficult.

However, during the war in Ukraine, NATO has set a standard and has been able to communicate essential video intelligence with the Ukrainian military and first responders. It has enhanced the ability to attack a target while protecting — and recovering — from hostile actions.

Metadata’s role

As important as the video content itself is, there is an even more critical element: metadata. Metadata is the information embedded within video files that allow users to identify the file’s characteristics, making it easier to search, use and manage the video while confirming the accuracy, credibility and utility of the intelligence captured.

Video metadata includes the date the video was created, the creator’s name, location, date of upload, and even the camera ID. Based on these, and other critical data points, staff and leaders can validate data and ensure proper handling and dissemination of information based on policies designed to protect assets, sources and methods.

For this reason, it is important to ensure interoperability at this metadata level and enhanced commercial standards are boosting the effectiveness of Ukraine’s defence. Netflix and Amazon Prime, utilize video standards to compress data into formats that are streamed live or packaged up for efficient data downloads. Minimizing bandwidth while maintaining the best clarity and picture quality is a crucial business and economic factor.

Reliably reducing bandwidth usage  is also a critical issue in military theatres of operation. It is important for ISR video intelligence to be shared across a range of devices. Compression standards allow ISR infrastructures to be agnostic to the networking and endpoint environment.

As a result, while a wide variety of equipment is deployed in the field, the coalition partners supporting Ukraine can share data in a format that anybody can use. Utilizing the standardized codecs used for streaming video makes this manageable.

Stringent measures

In wartime situations, like the war in Ukraine, it is vital to implement the most stringent security measures to protect video intelligence by securing lines of communication through encryption and other strict security practices, including proper authentication and authorization. Thus metadata and standards play a vital role in sharing and controlling data?

IP video encryption is an essential layer of security that ensures data is safe — even if it is intercepted. There are many sources of video intelligence, including data that civilians provide. Citizens who are unable — or unwilling– to flee are making considerable contributions to intelligence efforts simply by utilizing their cell phones to post videos.

To ensure their safety and ongoing participation in the intelligence-gathering process, measures must be put in place to protect citizens — as well as intelligence operatives, drone operators and military positions. It is especially important now as Ukraine’s counter insurgence and offensive gathers steam.

About the essayist: Mark Rushton is the Global Defence and Security Lead at VITEC, a global technology leader in the IP video space. VITEC technologies take raw video and convert and compress feeds into data formats that can be encrypted and streamed across the data networks that support military defence efforts.

Uncategorized