Security Technology

Re-Thinking the Cyber Consolidation Paradigm

The Battle of Consolidation vs. Best-of-Breed, does more security mean better security?

You’re probably frequently scrutinizing whether or not your own organization’s cyber security is being properly managed. We’re constantly being bombarded with news of the latest cyber security attacks and hoping there are no gaps in our own organization’s security. With every new ransomware or phishing attack, the red flags start to wave. The immediate reaction is to ramp up our security and increase the number of vendors with the assumption that with these new products will keep us better protected. In reality, this unfortunately isn’t the case.

In a recent survey, executives were asked various questions about their cyber security requirements, including their day-to-day challenges and concerns. One of the questions asked was what do they consider the best approach. Overwhelmingly, C-level executives stated they were satisfied with a best-of-breed strategy and promoted it within their organization. However, once asked more probing questions regarding their security posture, it became obvious that their sense of what was best for their organization was a false sense of security, noting a significant difference in the attack recovery processes:

Organizations who chose a consolidation approach were capable of identifying and recovering from attacks 20 times faster on average, and at merely 1% of the cost than those choosing a best-of-breed strategy.

Reducing the number of vendors not only simplifies having to monitor multiple management consoles, between the various technologies but vendor consolidation allows for a higher level of security through superior integration versus decisions made across multiple vendor products. Additionally, it significantly reduces the time, cost and resources of the remediation process. Notably, Gartner has consistently cited in “ a single-vendor approach more effectively detects and stops advanced threats, increasing the efficiency of resources and reducing configuration and management problems while requiring less training and problem-solving costs.

Check Point CEO, Gil Shwed, highlighted on these issues during a recent event in Tel Aviv, Cyber Week 2017. Forbes published an article on Shwed’s lecture, “In cyberspace today our roof is very very leaky,” said Shwed. “With almost 1,600 cybersecurity companies worldwide, we hope that by building many point solutions we get protection from the rain. The reality is that the rain is coming through the inherent gaps in this architecture.” Shwed recommended replacing the widespread approach of using point solutions and mitigating the damage after the attack with a new approach of focusing on security prevention and using a unified architecture for managing security threats in the network, the cloud, and mobile devices.

An overgrowing concern within the cyber world is the scarcity of cyber professionals. Unfortunately, most companies suffer from this phenomenon and more will in upcoming years. This shortage directly translates into an inferior security posture and lack of knowledge needed to assess and adopt vendor products. There is an industry perception that by having multiple-vendors, you’re decreasing the risk of an attack, because “more will cover more”- therefore reducing costs and time. Our survey found this common misconception to be false.

A consolidated vendor approach through Check Point Infinity architecture drives simplicity and efficiency, and streamlines handling of events as they occur. Check Point Infinity architecture’s single management centrally correlates all types of events across all network environments, cloud services and mobile infrastructures. Check Point’s preemptive threat prevention strategy focuses on prevention rather than detection to block the most sophisticated attacks before they occur.

Our survey showed that the majority of organizations still prefer usage of various best-of-breed disparate security products. We can’t blame them for thinking this; we’re told as a society bigger is better. But the end results speak loud and clear: When it comes to security vendors, less is more.

The post Re-Thinking the Cyber Consolidation Paradigm appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2vb8hJ3

Game of Thrones Leak Puts Unreleased Script and Other HBO Shows Online

This hack could go way deeper than Game of Thrones

from Security Latest http://ift.tt/2vg612W

HBO Hacked — 'Game of Thrones' Scripts & Other Episodes Leaked Online

If you are a die heart fan of 'Game of Thrones' series, there's good news for you, but obviously bad for HBO. Hackers claim to have stolen 1.5 terabytes of data from HBO, including episodes of HBO shows yet to release online and information on the current season of Game of Thrones. What's more? The hackers have already leaked upcoming episodes of the shows "Ballers" and "Room 104" on the

from The Hacker News http://ift.tt/2vbvKKj

HBO says data hacked, media says 'Game of Thrones' targeted

NEW YORK (Reuters) - U.S. cable channel HBO said on Monday that hackers had stolen upcoming programming, and Entertainment Weekly reported that the theft included a script for an unaired episode of the hit fantasy show "Game of Thrones."

from Reuters: Technology News http://ift.tt/2weCAeY

Someone Hijacks A Popular Chrome Extension to Push Malware

Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents and video, and has more than 37,500 users. Unfortunately, the Chrome extension of Copyfish has

from The Hacker News http://ift.tt/2f1r4QH

Lyft appoints former Obama adviser to board

(Reuters) - Ride-hailing company Lyft Inc said on Monday it appointed Valerie Jarrett, an adviser to former President Barack Obama, to its board.

from Reuters: Technology News http://ift.tt/2vfFqmu

FireEye researcher hacked; firm says no evidence its systems hit

SINGAPORE/FRANKFURT (Reuters) - Cyber security firm FireEye said on Monday one of its researchers based in Israel had several of his online accounts hacked by unknown attackers, but added the breach did not appear to involve any company systems.

from Reuters: Technology News http://ift.tt/2hgZ8sI

Apple fails to end lawsuit claiming it 'broke' FaceTime

(Reuters) - Apple Inc has failed in its bid to dismiss a lawsuit claiming it disabled the popular FaceTime video conferencing feature on older iPhones to force users to upgrade.

from Reuters: Technology News http://ift.tt/2vYoE9A

Snap's shares slide 3 percent in premarket trading as lockup ends

NEW YORK (Reuters) - Shares of Snap Inc , owner of the Snapchat messaging app, fell 3 percent in premarket trading on Monday as a share lockup ended, allowing for sales by early investors and pushing it further below its March initial public offering price.

from Reuters: Technology News http://ift.tt/2wdIEnZ

Charter surges after company says not interested in Sprint

(Reuters) - U.S. cable operator Charter Communications Inc's shares shot up nearly 14 percent on Monday after the company said it was not interested in buying wireless carrier Sprint Corp.

from Reuters: Technology News http://ift.tt/2uN5ncJ

Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Reportedly, at least one senior cyber security analyst working with Mandiant, a Virginia-based cybersecurity firm owned by the FireEye, appears to have had its system compromised by hackers, exposing his sensitive information on the Internet. On Sunday, an anonymous group of hackers posted some sensitive details allegedly belonged to Adi Peretz, a ‎Senior Threat Intelligence Analyst at

from The Hacker News http://ift.tt/2tVWGhr

Promoting Online Safety in Canada: Trend Micro Launches Video Contest for Local Kids

At Trend Micro we always strive to be a responsible corporate citizen. Right from the beginning the company has devoted significant time and resources to a variety of projects: from house building in the Philippines, to our Give and Match programs around the world designed to support vital community projects. However, a special focus has always been on supporting, educating and engaging with young people just beginning to live their digital lives.

That’s why our Canada team is teaming up with local organization CyberLaunch Academy on a new video competition designed to raise awareness of online safety among school-age children. Winners will receive fantastic annual scholarships at the academy worth up to CA$500.

Working for a safer future

Security has, of course, been in our DNA right from day one. But the best products in the world can’t help us if tomorrow’s netizens don’t have a good understanding of the risks facing them online. So, it made sense early on to find innovative new ways to get the online safety message across to kids.

We host Summer Seminars for Japanese elementary school children, work with universities in Taiwan to develop local student talent, and run a popular international video competition – What’s Your Story? – to encourage more kids to take a lead on internet education. Our flagship Internet Safety for Kids and Families program has been delivering free tools to PTO/PTAs across the US for several years, and our Internet Safety Night in partnership with PTO Today has reached more than 5,000 schools since its inception.

We even developed Art Against Cybercrime; a German school project designed to encourage students to share their thoughts on the darker side of the internet.

But the truth is, we’re just getting started.

Time to Cyber Launch!

The latest project to come out of our Canadian office is a fantastic new video competition open to 7-17-year-olds from the province of New Brunswick. For the pilot launch this year, we’re asking entrants to submit videos of between 30 seconds and two minutes (and no more than 100MB) on the topics of cyberbullying, internet safety and online privacy.

Be as creative as you like. The most thought-provoking, persuasive and original entries could be in line to win one of these amazing prizes:

	A grand prize of annual scholarship (CAD$500 equivalent) to enrol in two courses or workshops offered by CyberLaunch Academy A one-time scholarship (CAD$250 equivalent) to enrol in one course or workshop offered by CyberLaunch Academy

The CyberLaunch Academy is a wonderful New Brunswick organization with a vision to improve elementary, middle, and high school students’ interest in science and tech, while decreasing gender imbalance in IT education. Its extra-curriculum courses teach everything from web design to personal online security, computer animation to coding – and much more besides.

This competition is a fantastic opportunity to get your child enthused about ICT, whatever their age or background, as we all work towards building a safer internet for future generations.

The deadline for entries is 20 August 2017. Please read the official rules for lots more details.

Good luck!

from Trend Micro Simply Security http://ift.tt/2vl6Msp

British interior minister to push Silicon Valley on countering militants: source

LONDON (Reuters) - Britain's interior minister travels to Silicon Valley this week to ask social media companies such as YouTube to step up efforts to tackle content which encourages militants to carry out violent attacks.

from Reuters: Technology News http://ift.tt/2veFvXI

Five Mistakes I Bet You Are Making with your Managed Services business

As a managed service provider, your customers have entrusted you to manage their IT infrastructure and their security so it’s important that you are making the right choices to secure their environments and keep cyber criminals at bay. In my years of working with our Managed Service Provider partners, I’ve seen a number of mistakes made by MSPs that I wanted to share with you in the hopes that you can avoid them and keep your customers safe.

You believe that AV is just AV

Let me start by sharing a story you’re familiar with, and may have personally experienced like me, regarding the details of a now infamous credit card breach.

In 2013 Target was the victim of a carefully planned and executed cyber attack that resulted in 110 million credit card credentials and other customer information getting stolen. I won’t bore you with all the details, but the ensuing investigation revealed three interesting pieces of information I want to highlight:

	The crime was perpetrated through a third party HVAC contractor The HVAC contractor was the victim of a phishing attack The HVAC contracted was using a free AV product

Cybercriminals have become increasingly more sophisticated in recent years which demands more feature-rich and intelligent security solutions backed by global threat feeds and big-data analysis capabilities. It’s naïve to think that AV vendors just sell AV products. The fact is, if any vendor just focused on anti-virus today, they would be out of business. AV vendors today have a broad set of techniques to protect against old and new threats like ransomware, malware, bots, rootkits, viruses, spyware, etc. Don’t fall in to the trap of thinking legavy vendors aren’t constantly innovating and developing new protection techniques like machine learning to combat new types of threats beyond just AV.

You’re letting the customer dictate which security solution to use

Most, if not all of you, probably have a diverse set of customers you work with including doctors, lawyers, accountants, pet stores, dentists, coffee shops, and so on. These customers are likely very good at their respective professions, they aren’t experts in security though. That’s where you come in. Your customers trust and rely on your expertise to keep them secure so they can focus on doing what they do best, whatever that may be.

Often times the customer may already own a security solution or let you know which solution they would prefer. By letting your customers choose their own vendor, not only will you incur additional costs by having to support and train your technicians on many different products, but you also create a dangerously inconsistent security posture across your customer base. You wouldn’t tell your dentist which tools to use for a root canal, so why would you let your customers tell you which security solution you should be using to protect their environment?

Don’t pick a security solution based solely on price

I took a marketing class in college and while I don’t remember much about that class specifically, one case study stuck with me throughout my career. It was about a company that made smoke detectors. Smoke detectors aren’t terribly exciting, but we all have them, we are all familiar with what they do and we understand their importance in keeping us and our families safe and secure in the event of a fire. The short version of the case study was that the company decided that in order to increase sales, they would lower the price of their smoke detectors. If you have even a basic knowledge of supply and demand, you would expect a decrease in price to result in an increase in sales. Strangely, that wasn’t what happened – sales actually decreased. When all was said and done, it turns out that when it comes to personal safety and protecting your family, people perceived a lower priced smoke detector to be of lower quality which wasn’t a risk people were willing to take. In other words, people were willing to pay a premium to protect what they perceived as valuable. In this case it was themselves and their families, in your customers’ case it’s their data, intellectual property and business assets.

When the security you’re offering your customers is chosen based on price not only are you putting your customers at risk due to reduced feature sets, but you may also be incurring costs that aren’t factored in to the price of the product such as having to purchase bulk licenses up-front, committing to terms that may not align with your business model, spending money on additional products to supplement missing features, and any costs associated with having to handle renewals, such as tracking expiration dates, co-terming licenses, chasing down missed renewals, etc.

You’re not leveraging the cloud.

Many of you have likely been in business for a long time with established customers and processes in place. One of which is probably renewing and managing legacy on-premise security products for your customers because they either “just work” or you’d rather not incur the costs of migrating your clients to a cloud-based equivalent, which is likely a non-billable activity. It’s easy to overlook the hidden costs of on-premise security solutions, such as patching and upgrading, as well as difficult to justify the cost of out-of-date remote or roaming employee machines increasing the risk of infection and burdening your bottom line.

Many MSPs I talk to view SaaS and cloud applications as a threat to their legacy, and out-of-date, business model that was heavily dependent on hardware margins and setting up and maintaining servers. The reality is, while SaaS eliminates hardware and server maintenance, there’s still value in providing your expertise, setup, configuration, and management skills to customers utilizing SaaS applications.

You’re missing out on these opportunities.

Customers and their employees have never had it easier to do their jobs. With a plethora of smartphones and mobile devices to choose from and an ever-increasing number of SaaS applications like Office365, workers can do their jobs anytime, anywhere and on any device. Of course, these devices and SaaS applications are often neglected from a security perspective either out of stubbornness, ignorance or oversight.

Some interesting data points to share about these often neglected platforms:

According to the Trend Micro TrendLabs 2016 Security Roundup, there was a 206% increase in Android threats in 2016
A 2016 Ponemon Institute study found that67 percent of surveyed IT security professionals said it was certain or likely that a breach had occurred as a result of mobile device use.
Macs are not immune from ransomware, as evidenced in the popular app, Transmission, being compromised and used to deliver ransomware to Mac users

As a managed service provider, you should be educating your customers about the need to protect these platforms and it’s an opportunity to build additional recurring revenue streams for your business.

The good news is whether you are making one or all of these mistakes, it’s not too late to turn things around. Here’s a short-list of things you should consider when choosing a security vendor to partner with for your managed services business:

Does the vendor offer a comprehensive, full-featured security solution using the latest protection techniques like machine learning to protect against Ransomware and other threats and not just a bare-bones AV product?
Does the company offer an MSP program and solution that allows you to standardize and centrally manage security across your entire customer base from a single web-based management console?
Does the company offer a cloud-managed security solution, freeing you from day-to-day maintenance of your customer’s security infrastructure?
Does the company offer a security solution that works on more than just Windows PCs such as Mac, Android, and iOS?
Does the company offer a security solution that integrates with popular SaaS applications like Office365, Sharepoint Online, OneDrive, Dropbox, Box, and Google Drive?

Are you making any of these mistakes? If so, it might be time to make the best switch for you and your customers.

from Trend Micro Simply Security http://ift.tt/2hfjkLB

Hackers Take Over US Voting Machines In Just 90 Minutes

Today, election hacking is not just about hacking voting machines, rather it now also includes hacking and leaking dirty secrets of the targeted political parties—and there won’t be a perfect example than the last year's US presidential election. But, in countries like America, even hacking electronic voting machines is possible—that too, in a matter of minutes. Several hackers reportedly

from The Hacker News http://ift.tt/2v9ESPG

Panasonic first quarter profit up 17 percent; expects profit from Tesla's Model 3 batteries by year-end

TOKYO (Reuters) - Japan's Panasonic Corp on Monday reported a 16.9 percent rise in first-quarter operating profit, mostly in line with analyst estimates, as a shift to advanced automotive parts starts to reward the electronics giant.

from Reuters: Technology News http://ift.tt/2tQo1x6

Snapdeal founders keen to run smaller online marketplace, oppose Flipkart bid: sources

MUMBAI/BENGALURU (Reuters) - Snapdeal's founders are opposed to the Indian e-commerce firm's acquisition by bigger rival Flipkart and would instead prefer to independently run a smaller version of the online marketplace, sources told Reuters on Monday.