now browsing by tag
The cloud-mobile environment that we operate in today is a brave new world for many organizations. Mobile devices, both managed and unmanaged, connecting to cloud apps and infrastructure, that is off premises, render existing security equipment and infrastructure virtually useless. Furthermore, most organizations are adopting a cloud-first mobile-first strategy as a part of their digital transformation. Shifting future investments to enabling and therefore securing the new cloud-mobile environment. This is exactly what CipherCloud and Cloudflare are solving for.
Before we move forward, let’s assess what exactly has changed.
For many of us in the security world, not much. We are playing the same game on an updated board. Sure, there are some new pieces and slightly different rules, however the fundamentals are the same. We need to secure the users identity, the devices they are using, the network they are connecting with, the applications, and the data they are creating and sharing. This has always been true and will always be true.
What is different today? Location, location, location.
We shifted our data centers to cloud infrastructure and adopted cloud apps. With that shift, our data (intellectual property, personal identifiable information) now is created, stored, and shared in the cloud. Users can connect to cloud apps simply with a username and password with any web enabled device – managed or unmanaged. Furthermore, users can connect from any location using public networks. It’s a brave new world.
This new world bypasses the on-premises security stack leaving many organizations wondering why they have to support two security models – one that support the legacy way of doing business, and one that supports their digital transformation strategy – cloud-first, mobile-first.
The legacy security tools such as VPNs requiring agents, network gateway firewalls, and UTMs for example, can serve the needs of a siloed network, but their limitations come out to the open when cloud is brought into the mix. Organizations need to ask and solve the following questions.
- How do you ensure a smooth transition of your data from on-premise to cloud?
- How do you protect your cloud data and services that can be accessed by any user, any time? How do you protect your sensitive data in the cloud and SaaS apps, and when it’s downloaded at endpoints and forwarded to 3rd-party?
- How do you ensure authenticity of the user accessing the cloud data and services?
- How do you maintain security for all network connectivity?
This is exactly what CipherCloud and Cloudflare have set out to accomplish. Cloudflare provides network security, performance and reliability for on-premises, hybrid, cloud, and SaaS apps. CipherCloud provides a full stack of CASB functionality aimed at maintaining visibility, protection, and control of sensitive data in the cloud-mobile environment.
The joint solution now allows users to not only access their cloud services faster, but enable secure wrapper around their data right from the source, allowing safer collaboration and sharing. For more details on the partnership, read this press announcement.
The post CipherCloud and Cloudflare solve for the cloud-mobile environment appeared first on CipherCloud.
*** This is a Security Bloggers Network syndicated blog from CipherCloud authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/ciphercloud-and-cloudflare-solve-for-the-cloud-mobile-environment/
View full post on National Cyber Security
EU looks to #blockchain to solve #cybersecurity problems while #easing #communication of #sensitive #data
Source: National Cyber Security News
The European Commission is to explore broader EU-level uses of blockchain beyond its original role in the oversight of cryptocurrencies, and is looking at the potential of the secure records management software to handle sensitive data passing between member states more efficiently and securely.
“In the next [EU budget], we would like to possibly make investments in areas like VAT reporting, chemicals registration, climate data and others,” said Pēteris Zilgalvis, head of unit for start-ups and innovation in the digital single market directorate. “You could have cross-border shared information in a digital ledger for those that need to know.”
Zilgalvis’ comments at a seminar in Brussels on Tuesday follow an announcement by the EU last week that it was establishing a forum to study the technology.
“It’s a breakthrough technology of great interest. But we don’t believe the hype, we’re taking a critical view of where it can be used,” Zilgalvis told an audience gathered by the Brussels-based think tank Bruegel.
Announcing plans for the forum last week, digital commissioner Mariya Gabriel said the EU wants to be at the forefront of the wider application of blockchain. “We have been funding blockchain projects since 2013.
View full post on National Cyber Security Ventures
‘Cyber is the New #Black’: #Cyber Expert Points to #Diplomacy to #Solve Global #Cybersecurity Issues
With growing threats not only in the physical world but also in today’s nebular cyber world, Christopher Painter ’80 argued that “cyber is the new black,” meaning that “everyone cares about cyber” now.
Painter, who has been at the forefront of cyber issues for the last 25 years, addressed growing security concerns and the role of modern cyber-diplomacy at the 2017 Bartels World Affairs Fellowship Lecture this Wednesday.
Painter, the “weary warrior” of cyber warfare for his entire career, started his career as a prosecutor dealing with cyber cases and served as the U.S. State Department’s first coordinator for cyber issues from 2011 until July this year.
While studying at Cornell in 1979, Painter used punched cards for computer programming and played hundreds of sessions of BakéGyamon, an anime computer game, for his work study. Back then, Painter reflected, “the internet … existed in very basic form. The world wide web certainly didn’t exist.”
But technology has come far since; today, “we are all dependant [on the internet] for financial transactions, social transactions and to communicate really for everything,” Painter said.
However, though this rapid technological innovation has largely “been a tremendous force for good,” it does not come without its dangers.
“[The internet] has been the target of criminals, malicious state actors, terrorists and others,” Painter said.
Therefore, it is essential to find the balance, so that we are “not trading security for openness … but having all these things together,” Painter said.
“Back then, people looked at computer hackers as Robin Hood’s,” Painter said, because the common citizen’s information was not stolen, nor were they personally threatened.
This is no longer the case for the common citizen today.
In 2000, Painter was involved in a case that seemed to be a sophisticated, dangerous attack because it was on a global scale, but in reality, it was a fourteen-year-old Canadian boy, called the “MafiaBoy,” hacking computers.
His acts, Painter said, “had really a disproportionate effect and demonstrates the asymmetric nature of the technical threat.”
On a more serious note, Painter discussed the time North Korea hacked into Sony to pull back the distribution of an image, in which the country was “not only hacking into a system but was meant to curtail freedom of expression rights,” he said.
Taking this a step further, Painter highlighted a major concern regarding cybersecurity: “the fear of a debilitating attack against our infrastructure,” he said, pointing to possible examples of taking down the water system and the power system.
Painter said plainly, “It would have long-term, terrible consequences” as “not just a cyber but as a physical event.”
Therefore, “we have to be cognisant of these threats going forward,” he said.
These threats transcend individual hackers to entire nations, with different states having different visions for the future of technology.
Whereas much of the Western world is open about sharing information, Russia and China are among the countries that “want absolute sovereignty in cyberspace,” Painter said.
“The internet is not run by states — not run by government,” Painter said.
Although governments have influence over the internet to some extent, the private sector is involved, too, as Painter explained, so it is an international issue that different groups of people have to confront together.
Painter believes international law should apply to cyberspace as it does to the physical world. There are a set of norms many countries agree to, such as the idea that a nation should not attack infrastructures meant for the public good.
“You have to get countries around the world to embrace this to really make these norms stick,” he said.
So, how do we deal with the issue of cybersecurity?
Painter said, “It all comes down to the role of diplomacy — in all of this, the role of building alliances and shaping the environment and showing international cooperation is really paramount.”
View full post on National Cyber Security Ventures
If you’re waiting for the next major cybersecurity breach, history has shown us time and again that you just have to give it a minute. Yahoo. Equifax. Target. Home Depot. Chase. Sony. OPM. These high profile breaches happen seemingly every few weeks, but the reality is that thousands of cyberattacks are happening every day. It’s no wonder that security is one of the fastest growing sectors in tech.
Even during my time at Symantec a decade ago, it was clear that security was only going to get more important over time. Now, years later, every single one of us has been personally affected by a breach, hack, or cyberattack of some kind. This isn’t going away and it’s not going to stop. Because of this, security software is by far one of the fastest growing parts of the enterprise IT market.
You can imagine that it’s therefore a great time to be a cybersecurity vendor.
At the same time, it’s not all smooth sailing in security land. Because customers are buying so many overlapping solutions, adoption of security technology is a huge challenge. And clients, faced with a growing amount of spend, are asking vendors about the outcomes they are achieving.
As such, security is one of the fastest growing sub-sectors in Customer Success. At Gainsight, we’ve been fortunate to partner with several established, leading, and emerging vendors on their Customer Success strategy—including Cisco, Okta and RiskIQ.
My former boss, Enrique Salem (former CEO of Symantec and now partner at Bain Capital Ventures) and I hosted a dinner with Customer Success leaders at top security companies to discuss what’s unique about the convergence between CS and Security:
The way the attendees saw it, there are three main reasons why cybersecurity is an ideal fit for Customer Success principles and practices—and those same reasons make implementing those principles and practices uniquely difficult, though rewarding.
1. Adoption is complex→Make health scores about “currency”
Security tools tend to be different from most softwares in two fundamental ways:
Users don’t “use” the software.
“Success” often involves being invisible
In other words, when your security solution is working optimally, you don’t notice it. These companies go to great lengths to make sure their tools are as lightweight and invisible as possible. When you log off at the end of the day and nothing bad happened, that’s a huge win. But from your perspective, it’s just another day.
From a Customer Success Management perspective, that makes tracking health a conundrum. How do you track usage when your product is constantly running in the background? How do you understand satisfaction when your password management app has 100% adoption at a client?
What I learned at this event is that adoption is largely about “currency,” and I don’t mean money. As cybersecurity is about constantly reacting to and preempting threats, how current your version is (in terms of updates and patches) is a huge indicator of how successful you’ll be with the product. In other words, if your customer isn’t up-to-date, they aren’t secure and therefore aren’t getting value.
Customer Success leaders at top security companies have created dynamic health scores that include version currency, breadth of deployment, and other custom factors.
2. Outcomes are difficult to measure→Design end-to-end success plans
As I mentioned before, the customer’s desired outcome with their security solution is (typically) that nothing bad happens and they aren’t disrupted in their day-to-day workflow. To phrase it differently, their objective is a negative, or an absence. For most software products, the goal is much more concrete—and much more positive. For instance, the goal with Gainsight might be a 5x increase in product adoption, or an 8% increase in gross renewals, etc.
With security, how feasible is it to define success as a 0% increase in data breaches? Or to become 10x “more secure.” How do you define that—and more importantly—how do you benchmark that?
Even more challenging is finding the differential impact. If a breach was blocked, which vendor and technology gets credit? If a threat is missed, who takes the blame?
The leaders I talked to see a huge opportunity to better define their customers’ end-to-end success around things like time to detect, time to respond, and the type of threat detected. Building milestones in the customer journey at each stage from pre-sale to Services to Support and Customer Success is critical.
3. Clients are technical→You need technical resources in CSM
At the end of the dinner, we discussed our teams. In every category of Customer Success, companies struggle with the “unicorn” problem. We’d all love CSMs that can do it all—be technical, understand best practices, have walked in the client’s shoes, be firefighters, be strategic, be excellent communicators—and drop some sick karaoke while they’re at it!
In Security, this problem is turbocharged since security buyers are extremely technical.
In the CSM industry broadly, we have witnessed the emergence of a parallel technical partner to the CSM—CS Architect, CS Engineer, Technical Account Manager, etc. And in Security, many companies are leveraging their existing advanced technical resources (e.g., Premium Support Engineers) in this capacity
There’s more at stake than ARR
At the risk of getting melodramatic, I want to end by underscoring the importance of Customer Success beyond the basic economic value proposition that we (understandably) tend to focus on in B2B software. We know that when customers are successful, vendors are successful—it’s the founding premise of my company. But when it comes to Security, we don’t need that conditional statement to understand just how critical an industry it is.
When Security customers are successful, their data is safe. My data is safe. My kids’ data. That’s a heavy burden for companies that so often tend to themselves “run in the background” in the public consciousness. If you’re reading this and you’re in Security, my deepest thanks for what you do. Here’s to keeping all of us successful—and safe.
The post How to #Solve the 3 Biggest #Challenges in #Cybersecurity Customer Success appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
In rooms around Hodson Hall on Saturday night, clusters of students tapped away at their laptops amid a scattering of snack bags, soda cans, book bags, and belongings. Some took time out from their teamwork to study for a test. A few napped using balled up sweatshirts as pillows. It…
The post Hack to the future: HopHacks challenges students to solve problems using technology appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
For at least the whole of the current century, militaries have understood the critical role cyberdefense plays in every aspect of operations. Yet most military organizations appear reluctant to train for network defense outside of specialist cyber units. Unlike with land, sea, air and space, cyberwarfare cannot be conducted only…
The post Militaries and Industry Seek to Solve Cybersecurity Conundrum appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Think Online Videos Will Solve Your PD Problem? Think Again. – Finding Common Ground – Education Week
Twitter, YouTube, Podcasts, Pinterest, Khan Academy, TeacherTube, Facebook, and Google are existing repositories where educators are already freely sharing ideas and best practice. Do we really need more?
View full post on Education Week: Bullying
#pso #htcs #b4inc
View full post on Parent Security Online
There’s no such thing as a perfect relationship—much less a perfect marriage. Here, we identify the most common marital problems and how to cope. No one can boast about having a perfect marriage. Although relationships are hard work, the commitment involved in marriage amplifies problems tenfold, and can make even the happiest of couples red with fury. Read More….
The post The 8 Most Common Marital Problems and Ways to Solve Them appeared first on Dating Scams 101.
View full post on Dating Scams 101
Viewers of TV crime shows are familiar with plots that involve police investigators solving gun crimes with high-tech ballistics tests.
But while these tests are a popular with Hollywood script writers, the real life technology has not always been a favorite of police departments in the Puget Sound region.
A 2013 KING 5 Investigation revealed that many Washington State police departments submitted only a small percentage of the guns seized in their work for ballistics tests.
Three years later, it’s a very different story, thanks to a renewed push from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), the Washington State Patrol Crime Lab and Seattle Police.
“My goal was to make it better than what it had been in the past. It had been underutilized before in the past by all law enforcement from federal, state and local levels,” said Special Agent Douglas Dawson, who heads the ATF office in Seattle.
For the two and half years that he’s been in charge, Dawson has ramped up use of the Integrated Ballistics Identification System (IBIS). He said his office has charted a six fold increase in the past few years in the number of ballistics “hits” that IBIS has detected in Seattle-area gun cases.
IBIS stores and analyzes images of shell casings – the brass casing that is left behind when a bullet is fired from a gun. Each gun makes unique tool marks on the casing. IBIS can find matches among millions of shell casings from crime guns across the country – and link together cases where there was no known connection.
When cases are linked, investigators gain a wealth of new information that can lead to a break.
Dawson says there used to be 25 or 30 IBIS hits a year in Seattle.
“Last year we were up to about 180 – I think 179 was the official record,” said Dawson.
Dawson said one reason police departments don’t use IBIS is because it can often be time consuming for them to test fire all the guns they seize, and then hand deliver the shell casings to the crime lab.
Dawson urges departments to test all guns and casings they come across, because investigators never know when one was used in another crime. The ATF now offers its personnel to help with firearms testing.
The State Patrol crime lab in Seattle addressed another complaint that detectives have had about IBIS. Lab techs are trying to give detectives speedier results so that they get useful information from ballistics tests in days – not weeks or months.
“Ideally, within 72 hours or less is when we have that prime window,” said IBIS technician Jennifer Tardiff of WSP’s Seattle crime lab.
By streamlining the process and producing results, Dawson hopes that police agencies submit more shell casings – and solve more cases big and small.
Last year, Byron Vierling spied a handgun stashed in the seat in the back of the Metro bus he was riding.
“The gun was pointed towards me with the stock up in the air,” Vierling told KING 5. “I was very nervous,” he said.
Vierling called Seattle police to report the firearm.
IBIS determined that shell cases retrieved when the gun was test-fired matched shell casings from a “shots fired” call in Seattle’s Lake City neighborhood.
Police had questioned a woman who boarded the bus two days before Vierling rode it. The woman was seen walking away from a man who had fired shots in the air.
However, when police questioned her on the bus they could not find and gun – or any evidence that she was connected to the shots fired call.
When IBIS linked the two cases, police reviewed Metro bus video that appeared to show the woman reaching down behind a seat to hide something.
“It looks like she’s putting the gun right where I found it,” Vierling said when KING 5 showed him the video.
When confronted with the video a month after Vierling found the gun, the woman confessed to police that she’s stashed it on the bus to help out the friend who fired it.
After the woman’s confession, that friend — Sean Summers, a felon who was not allowed to have a gun — pleaded guilty to unlawful possession of a firearm.
Dawson credited Seattle police officers who submitted the shell casings from the shots fired call and the casings from the gun on the bus.
“Had that gun been taken into custody two years ago it may have sat in an evidence vault on a shelf and never been tested,” said Dawson.
Of course, IBIS can solve the most serious crimes as well.
When one-year-old Malajha Grant was killed in a drive by shooting in Kent last year, police and the ATF submitted shell casings they found at the scene to the WSP crime lab in Seattle.
In 24 hours, IBIS spit out a lead that led to the arrest of a suspect.
The shell casings matched those found at a shooting 24 hours earlier in Seattle that was recorded on video.
“We were able to obtain a video that had two people in it that had weapons and at least one of those weapons was used in our murder less than 24 hours later,” said Kent Police Chief Ken Thomas.
The post Police step up use of technology to solve gun crimes appeared first on AmIHackerProof.com.
View full post on AmIHackerProof.com