Tag Archive | "Security"

Merkel Resists Calls to Ban Huawei, But Advocates For Higher 5G Security

Huawei dodged another bullet in its efforts to become the dominant 5G equipment provider, with German Chancellor Angela Merkel refusing to call for an outright ban on the company.

Reuters reports that Merkel did call for a higher threshold of security for 5G, as opposed to previous wireless technologies, but believes it can be achieved without singling out any one company.

“I tend to trust ourselves to define high security standards, higher than with 4G, 3G and 2G, but not to shut out vendors from the beginning….We have always stood for fair and free competition, and also fact-based competition, and not simply qualified it based on differing political systems,” Merkel said.

The news follows a similar stand by the French government. According to Reuters, Junior Economy Minister Agnes Pannier-Runacher told BFM Business television: “We do not target one equipment maker. There is no exclusion.”

The French government will, however, reserve the right to vet all 5G equipment providers and make sure they pass national security checks.

The two countries are taking a much different stand than the U.S., where the Trump administration has already implemented a ban on Huawei. U.S. officials have been trying to pressure European allies to follow suit although, obviously, they are not meeting with much success.

The post Merkel Resists Calls to Ban Huawei, But Advocates For Higher 5G Security appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

VMware COO: We Have a Bigger Plan For Security

“Fundamentally, we have a bigger plan for security,” says VMware COO Sanjay Poonen. “We felt it was the perfect time for us to come up with a disruptive play that was based on big data, was AI, and was cloud-based. There were only two companies doing it, CrowdStrike and Carbon Black. We felt Carbon Black was better integrated to us, had as good a product or better. We have a plan to integrate Carbon Black and make it intrinsic in a way that nobody else will do. We think this will transform the security industry that’s been broken today.”

Sanjay Poonen, COO of VMware, elaborates on how they plan to transform security and lead the containers movement currently going on in digital transformation. Poonen was interviewed by Jim Cramer on CNBC:

Containers Are A Movement Going On In Digital Transformation 

When you look at these types of transformational moments going on in digital transformation, these happen once every 10 to 20 years. VMware is the company that invented the virtual machine and for the last 20 years, we’ve created a million jobs in that part of infrastructure. There is a movement going on in digital transformation right now called containers. We believe it’s our birthright to own that movement. There will be potentially tens of millions of jobs among developers created on top of this virtual machine. 

Think of the virtual machine sort of like the ship and containers like the things on top of it. In the 1950s containers completely transformed ships and VMware created the ship. These containers are going to allow apps to be fundamentally transformed. We found as we thought about this that this was the right time to do it and it was our birthright to do it better than anybody else. Why not take those three thousand people in Pivotal and $ 750 million in revenue and turbocharge the next ten years of VMware, not just in virtual machines and virtualization in the path to the cloud, which is the first C, but the other C is containers. We think that’s a big part.

We’re A Go-To-Market Machine

Pivotal (is more valuable than the market initially believed) for two reasons. They’ve refactored their product which now sits completely on Kubernetes. If you don’t know what it is, it’s a sort of the big open-source container movement. And their go-to-market engine probably stuttered a little bit. But that’s what VMware does well. We’re a go-to-market machine. We’ll bring them in and accelerate this to our 500,000 customers. We feel good when we get a good product in the hands of our good go-to-market machine. I think we can accelerate it. 

At VMware, no one person does it, it takes a village but also our partners like Dell and the ecosystem also. VMware has 75,000 partners who love us. We’re going to take this to those ecosystem partners. We have a big tent of system integrators and they’re excited about this. We branded the entire thing, that’s the other thing we’ve done pretty well. Tenzo, which is the Japanese word for containers, we’re doing big ads in New York, San Francisco, and London Airports. This is a play on the word VMware that says ContainerWare. We’re not changing the name of the company but we’re going big in containers and that’s the key message.

We Have a Bigger Plan For Security

Fundamentally, we have a bigger plan for security.  Let me just walk you through a quick understanding of the strategy. There are a lot of parallels with security and healthcare. My mom’s a doctor. Imagine you went to a doctor and you asked her how do you get well and she said you have to eat 5,000 tablets. Eating one every 30 seconds would take you a couple of weeks to do. That’s what the security industry is today. It’s 5,000 vendors, broken, with lots of different agents bloated on people’s laptops, lots of alerts showing up, and manual labor.

We look at this and say there’s a fundamentally new way to do it, which is to make security intrinsic to your diet. You eat your vegetables, your fruit, you drink your water, brush your teeth, and that’s what we’re doing with security. We are making it part of our platform. 

A Disruptive Play Based On Big Data, AI, and Cloud-Based

We’ve been doing very well in network security around the NSX product but endpoint security and workload security we didn’t have much there. We had Workspace ONE, our AirWatch related product, and we found that many of these endpoint security players were kind of in a little internal turmoil. Symantec got bought by Broadcom. McAfee got bought by Intel and then was spun out again. We felt it was the perfect time for us to come up with a disruptive play that was based on big data, was AI, and was cloud-based.

There were only two companies doing it, CrowdStrike and Carbon Black. We felt Carbon Black was better integrated to us, had as good a product or better, and we intend to acquire them. The acquisition hasn’t yet closed. We have a plan to integrate this and make it intrinsic in a way that nobody else will do. We laid that out at VMworld. We think this will transform the security industry that’s been broken today.

VMware COO Sanjay Poonen: We Have a Bigger Plan For Security

The post VMware COO: We Have a Bigger Plan For Security appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

5G Poses New Security Risks, Says Avast CEO

5G brings a couple of things,” says Avast CEO Ondrej Vlcek. “One is the density of the network which is enabling things like IoT, the Internet of Things. That’s an exciting thing but also poses some new security risks. Second is speed of connectivity which we all want and which we all sort of are hoping to get better. But in terms of timing, it kind of differs geo by geo. East Asia is always ahead in that regard. In Europe, we can realistically expect something within two or three years.”

Ondrej Vlcek, CEO of Avast, discusses new security risks with 5G and how privacy is becoming a big part of their business in a conversation on Bloomberg:

5G Poses Some New Security Risks

There were really two drivers (to our earnings results this quarter). The first one was our consumer direct segment, desktop direct, which grew 12.5 percent. The second was consumer indirect, which is actually powered by both the Jumpshot business that we have as well as the Secure Browser. These were kind of the two main things.

5G brings a couple of things. One is the density of the network which is enabling things like IoT, the Internet of Things. That’s an exciting thing but also poses some new security risks. Second is speed of connectivity which we all want and which we all sort of are hoping to get better. But in terms of timing, it kind of differs geo by geo. East Asia is always ahead in that regard. In Europe, we can realistically expect something within two or three years.

Privacy Is The Other Side Of The Security Coin

I think privacy is a new category. We see it as the other side of the security coin. We are heavily investing in creating privacy-oriented solutions. So actually our portfolio today is not just security, antivirus protection is now actually less than half of our business. Now the second half is made of tools like privacy controls because we see a big opportunity. At the same time, the need is real. Consumers are more and more realizing there are privacy risks in what they are doing online and there is something that needs to be done about that.

I got sort of inspired by the captains from the Silicon Valley such as Google and Facebook. So I gave up my salary and my bonus and I’m only getting compensated by stock which I think is the right thing for the CEO to do. Clearly, my objective is to keep the company growing. We’ve got a great runway and I’m very optimistic, being new in the role and seeing the opportunities. This is a good position to be in.

5G Poses New Security Risks, Says Avast CEO Ondrej Vlcek

The post 5G Poses New Security Risks, Says Avast CEO appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

Darktrace CEO: People Are Going To Give a Hard Look At Cloud Security

“People are going to really give a hard look at cloud security,” says Darktrace CEO Nicole Eagan. “At the end of the day, it also says when you have something of this scale why not use some artificial intelligence or something that could have spotted this. Actually what was done was pretty blatant. It was 30 gigabytes of data moving to unusual storage locations. So there were a lot of ways that something like an AI system could have detected this and also prevented it from becoming an issue.”

Nicole Eagan, CEO of Darktrace, discusses how the Capital One cyber attack happened and how it could have been prevented, in an interview on Bloomberg Technology:

People Are Going To Really Give a Hard Look At Cloud Security

There is so much positive momentum around cloud and so many benefits that I don’t anticipate seeing a pendulum swing back to on-prem data centers (because of the Capital One cyber hack). What I do think it means is people are going to really give a hard look at cloud security. This attack was a result of a vulnerability known as a configuration error in a Web Application Firewall that was specific to Capital One. What it does show is these configuration errors are actually really very commonplace. They’re commonplace in on-prem data centers and in cloud.

This does highlight a few things. It does highlight insider threats, someone who had some insider knowledge. It also highlights supply chain level security. At the end of the day, it also says when you have something of this scale why not use some artificial intelligence or something that could have spotted this. Actually what was done was pretty blatant. It was 30 gigabytes of data moving to unusual storage locations. So there were a lot of ways that something like an AI system could have detected this and also prevented it from becoming an issue.

Capital One Attack Was Human Error

Configuration errors are basically a human error. Somebody somewhere made a human error, a mistake. We have to expect that humans are fallible and we’re going to see those type of errors. What’s so strange about this one is how public the disclosure was by the attacker on Twitter and GitHub and other places. That was what made it so unusual but also meant that the investigation moved very quickly. It seems like there’s been quite a bit of transparency as well.

It’s interesting timing because we’re actually going into Back Hat and DEF CON, which is often known as a summer camp for hackers. There will be literally tens of thousands of people in Las Vegas next week. All of this is going to change the conversation. We’re going to see a lot about cloud security, about 5G security, about encryption and decrypting data, and of course, the evolution towards AI-based attacks. 

What’s interesting is that people want to kind of say let’s make sure we prevent the kind of attacks we saw in 2016 (regarding the election).  The reality is the way the cybersecurity industry works the attackers keep moving on. They keep changing what’s called threat vectors. I do think we’ll see plenty of threats for 2020 but they may not look anything like the ones we saw in 2016.

People Are Going To Give a Hard Look At Cloud Security – Darktrace CEO Nicole Eagan

The post Darktrace CEO: People Are Going To Give a Hard Look At Cloud Security appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

What Are the Security Risks of the Internet of Things?

IBM Resilient CTO and security guru Bruce Schneier takes a look at the security risks of the Internet of Things in his latest video. He brings up an interesting and rather disconcerting point, IoT devices tend to do critical things like turn on and off power or drive your car, so preventing hacking is even more critical with IoT than typical computers.

During the writing of this article, I noticed that Bruce Schneier and other cybersecurity experts at IBM are offering a free webinar today on the overall subject of cyber security that you might also be interested in:

December 6, 2018, at 12:00 PM: The Resilient End of Year Review: The Top Cyber Security Trends in 2018 and Predictions for the Year Ahead

Bruce Schneier, CTO at IBM Resilient and Special Advisor at IBM Security, provided an overview of the IoT security threat in a recent IBM video:

What Are the Security Risks of the Internet of Things?

IoT devices are just computers so all the threats that we’re used to from the computer world get transferred into any IoT device. In addition, they tend to be low cost, not well designed, built offshore, so they have more vulnerabilities. They tend to be deeply embedded in networks and organizations so they have a lot of access. They often control physical processes.

They turn on and off the power, they drive your car, they’re medical devices, which means the effects of a hack can be much more dangerous. On the one hand, they’re exactly the same as computers. On the other hand, because of how they’re made and what they can do, they’re very different than computers.

How Will IoT Security Evolve in the Coming Years?

These are low-cost consumer devices in many cases and there’s not a lot of money or even market demand for security. I think two things will happen. I think there will be more security in some of the more expensive devices.

Of the cheaper devices, there will be other things that you could purchase to go on your network that will monitor them. We don’t really have them yet but I think that’s where the future is going. We have to assume there’ll be lots of cheaply made insecure IoT devices in every network. How do we get security on top of that? 

Click Here to Kill Everybody

Schneier has a brand new book out that goes into the security risks of IoT in depth called, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World.

Here’s how Bruce Schneier describes the IoT threat: 

Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers—from home thermostats to chemical plants—are all online. The Internet, once a virtual abstraction, can now sense and touch the physical world.

As we open our lives to this future, often called the Internet of Things, we are beginning to see its enormous potential in ideas like driverless cars, smart cities, and personal agents equipped with their own behavioral algorithms. But every knife cuts two ways.

All computers can be hacked. And Internet-connected computers are the most vulnerable. Forget data theft: cutting-edge digital attackers can now crash your car, your pacemaker, and the nation’s power grid.

The post What Are the Security Risks of the Internet of Things? appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

Security Challenges to Consider Before Adopting a Hybrid Cloud Strategy for Your Business

Cloud computing has brought numerous benefits to companies. However, putting all data on the public cloud is something that a lot of IT admins are concerned about. This is why a number of businesses have opted to utilize a hybrid cloud environment. This allows them to store some data in the public cloud and others in an on-site cloud storage.

However, the hybrid cloud isn’t perfect. There are several security problems that companies should watch out for. Here are five security issues to keep in mind:

Inadequate Data Redundancy

Image result for hybrid cloud

Cloud storage service providers commit a substantial amount of resources to ensure the infrastructure is accessible and open whenever end users need it. Unfortunately, problems will inevitably arise. Some well-publicized outages like those involving Amazon Web Services and Microsoft Azure have underlined the risk of running applications using just one data center. Cloud architects need redundancy across data centers to lessen impact of such outages.

 

This lack of redundancy can end up being a major security risk to a company’s hybrid cloud, particularly if redundant data is not distributed across various data storage centers. Cloud architects can work around this by implementing redundancy via numerous data centers from one provider, using several public cloud providers or a hybrid cloud.

Data Compliance

Maintaining and showing data compliance can be more challenging with a hybrid cloud. Aside from having to ensure that the public cloud provider and the hybrid cloud you’re using are in compliance, you also have to prove that the means of coordination between the two is also compliant.

Poorly Assembled SLAs

 

Public cloud providers work hard to ensure that they meet all the conditions listed in their service level agreement (SLA). Businesses should also make sure that their private cloud can also live up to the same expectation. Otherwise, the company might need to develop SLAs based on the outlook of the lower of the two clouds, which could be your private cloud.

It’s best to gather data on your private cloud’s availability and performance under pragmatic conditions. Watch out for possible issues with integrating private and public clouds that could hinder service. For instance, if a vital business driver for the private cloud is storing confidential and sensitive data on-site, then your SLA should reflect the limitations to which the company can utilize the public cloud for certain services.

Risk Management

From a business point of view, information security revolves around risk management. Cloud computing, especially in hybrid clouds, entails the use of new application programming interfaces (APIs), demand advance network configurations, and pushes the boundaries of a conventional system administrator’s abilities and knowledge.

Unfortunately, these factors can lead to new types of threats. While cloud computing is just as secure as internal infrastructures, the hybrid cloud has a more complex system that IT admins have limited experience in handling, and this can create problems.

As with any technology, problems do arise. Luckily, several traditional IT and security vendors are already working on improving their products in order to support hybrid cloud issues. There are also third parties that can deliver niche tools to bolster particular security configurations.  

[Featured image via Pixabay]

The post Security Challenges to Consider Before Adopting a Hybrid Cloud Strategy for Your Business appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

5 Steps to Website Security You Can Trust

Website security has never been more critical. Hackers, ransomware, and denial of service attacks are all concerns for modern business websites. Nothing will erode your audience’s trust in you faster than visiting your website and getting a security warning, or having Google flash a “You can’t trust this site” message in your search results. Even
Read More…

The post 5 Steps to Website Security You Can Trust appeared first on Copyblogger.


Copyblogger

Posted in IM NewsComments Off

Google Now Sharing National Security Records Requests With the Public

Google has begun sharing certain public records requests, many from the FBI related to national security, in order to illustrate to its users a high level of transparency. Google and all major search and social internet platforms are deluged with record request from law enforcement and court actions. One of the reasons Google may want to show samples of the requests to the public is to bring attention to the fact that they are overwhelmed with requests and also to defend themselves from accusations that they are not giving adequate privacy to those using their service.

The fact is, no one has privacy when using Google or any online platform.

“In our continued effort to increase transparency around government demands for user data, today we begin to make available to the public the National Security Letters (NSLs) we have received where, either through litigation or legislation, we have been freed of nondisclosure obligations,” said Richard Salgado, Director of Law Enforcement and Information Security for Google.”

“As we have described in the past, we have fought for the right to be transparent about our receipt of NSLs,” he said. “This includes working with the government to publish statistics about NSLs we’ve received, successfully fighting NSL gag provisions in court, and leading the effort to ensure that Internet companies can be more transparent with users about the volume and scope of national security demands that we receive.”

Google has provided links to 8 NSR’s here with the goal of creating a portal for all of them to be viewed in the future. Here is a sample from one of them:

screen-shot-2016-12-13-at-4-12-51-pm

The post Google Now Sharing National Security Records Requests With the Public appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

One of the Largest DDoS Attack Ever Seen Kills Krebs Security Site

One of the largest Denial of Service (DDoS) attacks ever seen on the internet has caused Akamai to dump a site it hosted, KrebsOnSecurity.com. The DDoS attack was apparently in retaliation for journalist Brian Krebs‘ recent article about vDOS, which is allegedly a cyberattack service. According to BI following Krebs reporting two Israeli men were arrested. and the site was taken down.

One Twitter post noted the irony in a security expert having his site taken down because of a DDoS attack. “Brian Krebs, the man who gives cybercriminals nightmares, has been hit with a Godzilla-sized DDoS attack,” noted cybercrime researcher, blogger and speaker, Graham Cluley, “Sad news, hope he’s back soon.”

The Attack Was Huge

Before his site was take down Krebs posted about the attack on his website saying that KrebsOnSecurity.com was the target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline. “The attack did not succeed thanks to the hard work of the engineers at Akamai, the company that protects my site from such digital sieges. But according to Akamai, it was nearly double the size of the largest attack they’d seen previously, and was among the biggest assaults the Internet has ever witnessed.”

Later Akamai did take down the site and Krebs was understanding:

“The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second,” writes Krebs. “Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.”

Krebs said that Martin McKeay, Akamai’s senior security advocate, told him that this was the largest attack that they had seen. Earlier this year they clocked an attack at 363 Gbps, but there was a major difference: This attack was launched by a “very large” botnet of hacked devices, where typical DDoS attacks use the common amplifying technique that bulks up a small attack into a large one.

Krebs last tweets about the attack:

The post One of the Largest DDoS Attack Ever Seen Kills Krebs Security Site appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

SearchCap: Google web reviews, security reports & Penguin update

Below is what happened in search today, as reported on Search Engine Land and from other places across the web.

The post SearchCap: Google web reviews, security reports & Penguin update appeared first on Search Engine Land.



Please visit Search Engine Land for the full article.


Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Posted in IM NewsComments Off

Advert