Daily Archives: July 22, 2019

FaceApp: The App That Ages Your Employees and Your CIO

Bring Your Own Device (BYOD) is one of the defining characteristics of the modern mobile workforce but it’s also a weakness many businesses aren’t paying enough attention to. It’s likely many corporate BYOD users  have downloaded a hot new app named FaceApp. An AI face editor, this app is rising in popularity all thanks to the FaceApp Challenge — where people leverage the app’s old age filter to appear elderly in photos and post the results on social media. However, the application has also drummed up some discussions around its current privacy permissions,

Sharing More Than Just a Laugh

Though the company has stated no malicious intent, it’s still questionable if access to other data has been given without permission from these users. In any event, the scenario is one that keeps security practitioners up at night. Unsecured mobile devices are an easy entry point to spread malware, obtain credentials and gain access to corporate systems that contain even more sensitive data.

From FaceApp to Fending Off Threats

With apps creating gateways to corporate data, employees need to ensure all their devices have an extra layer of security added. To safeguard an organization’s network, lock down any corporate data, and ensure your CIO can get a decent night’s rest, teams should adopt an agile and intelligent security solution which treats mobile devices like any other endpoint. McAfee MVISION Mobile provides an always-on defense for iOS and Android devices and analyzes deviations surrounding device behavior to make determinations about indicators of compromise to accurately identify advanced threats. For those who are transitioning to a more tactical threat hunting role and exploring Endpoint Detection and Response tools (EDR) ignoring mobile security or using an approach that doesn’t integrate with endpoint platforms and EDR tools will pose another problem – a window of opportunity for threat actors. Mobile security is more than just a checkbox for an elevated approach to security. Like a good soldier on the frontlines that notifies his commander of the enemy’s approach, mobile security needs to elevate alerts to the SecurityOperations team. EDR that relies on manual correlation of mobile defense alerts or observations will extend the opportunity for an attacker to move from the mobile device to more critical systems.

Before the next FaceApp challenge emerges, I encourage you to evaluate your mobile device coverage. Is it automating actions and moving quickly when malicious apps or connections attempt to reach your corporate network through a mobile device? Does your current approach to mobile security elevate critical events to your security team? If not, it might be time to consider a more integrated approach that elevates your security posture with the insights to identify the next potential threat before it becomes a headline.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business.

The post FaceApp: The App That Ages Your Employees and Your CIO appeared first on McAfee Blogs.

New Customer Ideas Portal: Add Your Voice to Our Roadmap

Customer-inspired product enhancement is not something new at Veracode. In fact, since 2016, we have implemented more than 1,100 product enhancement requests from individual customers. To create greater transparency into the product management process, we created a self-service feedback portal – Ideas – in the Veracode Community in 2017. This portal is where every Veracode customer can submit product feedback and weigh in on other customers’ submissions by voting and adding comments.

We’re excited to announce an upgrade to the portal this summer – Ideas 2.0. The enhancements include:

  • Clearer fields to describe customers’ ideas
  • Configurable email notifications
  • A centralized Ideas dashboard
  • An opportunity to follow the dialogue around specific ideas of interest

Notifications

One thing we learned from customers using the existing Ideas portal is the pain of needing to log into the Community or reach out to Veracode staff to track the status of Ideas. The new Ideas portal keeps you informed on updates to the Ideas you have submitted, or those you’ve chosen to follow, whether it’s a new comment or a status change.

Dashboard

You also have access to a dashboard in the Community where you can review the status of all your Ideas in one place, the My Ideas dashboard. If you manage your organization’s AppSec program, you can have a dashboard that gives visibility into all submitted Ideas across your entire organization through the Superuser status. Just request that status from your Security Program Manager.

Subscribing

Finally, you have the option to subscribe to an Idea that resonates with your needs. By subscribing to an Idea, you have the same visibility into the Idea status and discussion with product management as the original submitter does. We added this functionality in the spirit of harnessing the power of sharing. In driving an Idea from inception to implementation, the knowledge, insights, and experience you share empower not just a new feature, but a community of developers, security practitioners, and Veracode product experts.

Get started

If you have not been on the Ideas portal previously, now is the best time to try. How can you get started? The Ideas portal sits in the Veracode Community. While the content on the Veracode Community is available to customers and non-customers, the Ideas portal is only available to Veracode customers. If you are a Veracode customer, log in (or register, if this is your first visit) to the Community and start adding your voice to our roadmap. You can check out this knowledge article for more details. Questions about the Ideas portal or comments on your Community experience? Ask or share in the Community Exchange!

 

As MENA moves to cloud, CIOs look to keep data in-country, study shows

With cloud adoption fast on the rise throughout the Middle East and North Africa, GDPR compliance is starting to loom top of mind for IT leaders.

Eighty-four percent of organizations in the Middle East are currently using the cloud or planning to adopt cloud computing in the next 12 to 24 months , according to the Ponemon Institute’s 2019 Middle East Encryption Trends report.

The move to the cloud is picking up speed particularly in the UAE, where locally based cloud options for the private and public sector alike are expanding as tech giants like Microsoft, Oracle and Amazon launch in-country options.

To read this article in full, please click here