Category Archives: business

Walmart Is Putting 17,000 Oculus Go Headsets In Its Stores To Help Train Employees In VR

Walmart is reportedly planning to send Oculus Go headsets to each of its nearly 5,000 stores so that more of its employees can get instruction more often. TechCrunch reports: The big box giant will begin sending four headsets to each Walmart supercenter and two headsets to each Neighborhood Market in the country. That may not necessarily seem like a ton to train a store full of employees, but at Walmart's scale that amounts to about 17,000 headsets being shipped by year's end. The move is the evolution of an announcement that the company made last year that it was working with STRIVR Labs to bring virtual reality training to its 200 "Walmart Academy" training centers. Those training sessions were done on PC-tethered Oculus Rifts, the move to Oculus Go headsets really showcases how much more simple standalone headset hardware is to set up and operate.

Read more of this story at Slashdot.

Evernote Slashes 15 Percent of Its Workforce

Evernote, one of the most popular productivity apps on the market, is struggling to stay on top of the charts. TechCrunch, after reporting two weeks that the company "lost several of its most senior executives," is reporting that Evernote's CEO Chris O'Neill on Tuesday laid off 54 people -- roughly 15 percent of the company's workforce. O'Neill said it is now focusing its efforts around specific functions, including product development and engineering. From the report: We've just been in touch with Evernote. It pointed us to a newly posted piece by O'Neill in which he outlines the company's strategy going forward, which includes to "operate with a more focused leadership team," to "operate more efficiently," and to "double down on product development -- both quality and velocity." As for its funding situation, an Evernote representative insists that things are far from dire. The company is not fundraising, says this person; further, we're told Evernote has $30 million on its balance sheet and will exit the year without burning cash. This comes after "a person who tipped TechCrunch off to the executive departments two weeks ago characterized Evernote as 'in a death spiral,' saying that user growth and active users have been flat for the last six years and that the company's enterprise product offering hasn't caught on."

Read more of this story at Slashdot.

Amazon is Reportedly Planning Up To 3,000 Cashierless Stores By 2021

Amazon is planning to open 3,000 of its cashierless stores by 2021, Bloomberg reported Wednesday, planning a major push into retail as it continues to scale its online platform. CNBC: The e-commerce giant currently has three locations open in Seattle, where Amazon is headquartered, and just this past week opened a location in Chicago. Bloomberg adds: Chief Executive Officer Jeff Bezos sees eliminating meal-time logjams in busy cities as the best way for Amazon to reinvent the brick-and-mortar shopping experience, where most spending still occurs. But he's still experimenting with the best format: a convenience store that sells fresh prepared foods as well as a limited grocery selection similar to 7-Eleven franchises, or a place to simply pick up a quick bite to eat for people in a rush, similar to the U.K.-based chain Pret a Manger, one of the people said. [...] Adding 3,000 convenience stores would make AmazonGo among the biggest chains in U.S. The internet giant is considering plans to have about 10 locations open by the end of this year, about 50 locations in major metro areas in 2019, and then as many as 3,000 by 2021, said the people, who requested anonymity discussing internal plans. Opening multiple locations in proximity, like it's doing in Seattle, could also help Amazon reduce costs by centralizing food production in one kitchen serving many stores. The U.S. currently has 155,000 convenience stores, with 122,500 of them combined with gas stations, according to industry group NACS. Non-fuel purchases at convenience stores totaled $233 billion in 2016, with cigarettes and other tobacco products the best-selling items.

Read more of this story at Slashdot.

Start-up Day: Meet the Speakers

blogs.bl.uk - With Start-up Day fast approaching, here's an introduction to a few of the speakers who will be giving their expert advice on the day. How to understand the UK market right now Jack Duckett @mintelne…


Tweeted by @BIPC https://twitter.com/BIPC/status/1042488495485345793

BAE Systems plc (LON:BA) had its Buy rating reiterated by Citigroup with a GBX 750 price target – Market Exclusive

marketexclusive.com - Today, Citigroup reiterated its Buy rating on BAE Systems plc (LON:BA) with a price target of GBX 750. There are 7 Buy Ratings, 2 Hold Ratings, 1 Strong Buy Ratings, 1 Sell Ratings on the stock. The …


Tweeted by @marketexclusive https://twitter.com/marketexclusive/status/1042431453462577153

Healthcare Cyber Security Market To Be Driven By Rising Precautionary Measures Against Cyberattacks And Cyber Warfare Till 2022

newhampshirenewsonline.com - Million Insights – World’s Fastest Growing Market Research Database According to new report available with Million Insights, the healthcare cyber security industry report on is foretold to provide a …


Tweeted by @newhampshirene1 https://twitter.com/newhampshirene1/status/1042429761581006849

Report: Financial industry in crosshairs of credential-stuffing botnets

Botnets mounting credential-stuffing attacks against the financial industry are on the rise, with a more than 20-percent uptick in a two-month period, a new report from Akamai has found. Bad actors from the United States, Russia and Vietnam are using credential stuffing attacks to try to compromise financial services firms, Akamai says in its...

Read the whole entry... »

Related Stories

Wharton Professor Says America Should Shorten the Work Day By 2 Hours

Adam Grant, an organizational psychologist, New York Times best-selling author, and The Wharton School's top professor, says Americans should work two hours less. Instead of the typical 9-to-5, people "should finish at 3pm," says Grant in a recent LinkedIn post. "We can be as productive and creative in 6 focused hours as in 8 unfocused hours." CNBC reports: In the LinkedIn post, Grant was weighing in on an Atlantic article about the time gap between when school and work days end, a bane for many parents. But it's not the first time Grant has given his stamp of approval to less work with more productivity. "Productivity is less about time management and more about attention management," Grant tweeted in July, highlighting an article about a successful four-day work week study. For the study, a New Zealand company adopted a four-day work week (at five-day pay) with positive results; the company saw benefits ranging from lower stress levels in employees to increased performance. In a recent blog post, billionaire Richard Branson also touted the success of a three-day or four-day work week. "It's easier to attract top talent when you are open and flexible," Branson said in the post. "It's not effective or productive to force them to behave in a conventional way." "Many people out there would love three-day or even four-day weekends," said Branson. "Everyone would welcome more time to spend with their loved ones, more time to get fit and healthy, more time to explore the world."

Read more of this story at Slashdot.

CipherTrace – Teel Technologies

teeltech.com - Virtual currencies such as Bitcoin are processing billions of dollars per year of criminal transactions. Despite the many legitmate uses for virtual currencies, criminals are increasingly capitalizin…


Tweeted by @teeltech https://twitter.com/teeltech/status/1042082109018595329

What CISOs Want

thecipherbrief.com - CEOs, CISOs’ CTO’s and other c-suites are meeting at SINET’s Global Cybersecurity Innovation Summit in London this week. Cipher Brief CEO & Publisher Suzanne Kelly, who is moderating a session on the…


Tweeted by @thecipherbrief https://twitter.com/thecipherbrief/status/1042066404508426240

Many Job Ads on Facebook Illegally Exclude Women, ACLU Says

Facebook's advertising platform is being used by prospective employers to discriminate against women, according to a lawsuit filed Tuesday. From a report: The American Civil Liberties Union, joined by a labor union and a law firm that specializes in representing employees, has filed a written charge against Facebook with the Equal Employment Opportunity Commission, the federal agency that enforces anti-discrimination laws in the workplace. The charge asks for an investigation of the social media company and an injunction against what it calls discriminatory practices at a company with a sizable influence over the U.S. labor market. It also claims Facebook's system violates anti-discrimination provisions of the 1964 Civil Rights Act. The social network has faced sustained criticism for years that it fails to stop discriminatory ads of various kinds, from housing ads that exclude certain races to job ads targeted only at younger workers. In August, Facebook said it would remove 5,000 targeted advertising options from its platform in an effort to prevent discrimination.

Read more of this story at Slashdot.

US government payment site leaks 14 million customer records

Government Payment Service Inc -- the company thousands of local governments in the US use to accept online payments for everything from court-ordered fines and licensing fees -- has compromised more than 14 million customer records dating back to 2012, KrebsOnSecurity reports. According to the security investigation site, the leaked information includes names, addresses, phone numbers and the last four digits of credit cards.

Source: KrebsOnSecurity

BPEF2019

brainlinx.com - Brand Protection Excellence Forum (BPEF) 2019, is an executive platform to discuss the industry challenges for Anti-counterfeiting, Online Brand Protection, Cross Border Product Security, Cyber Crime…


Tweeted by @BrainLinx https://twitter.com/BrainLinx/status/1041953894212022272

Chinese Phone Maker Xiaomi Is Pushing Ads In Its Settings App, Users Say

Several Xiaomi smartphone users are reporting that they are seeing ads in the Settings app of MIUI, a fork of the Android operating system that the Chinese phone maker ships on most of its smartphones. According to some users, ads started to appear at various locations -- including the lock screen -- on MIUI earlier this year. In a thread on Reddit over the weekend, a user noted that an ad has started to appear in the Settings app as well. The post, which has gleaned over 5,000 upvotes, sees plenty of users corroborate the claim. Xiaomi, known for selling inexpensive but high-quality smartphones, is the fourth largest smartphone vendor in the world. Its handsets are immensely popular in emerging markets such as India, where it has been the largest smartphone maker for the last four quarters. In June this year, a senior executive at the company, the name of which means little rice, stated plans to enter the US market next year.

Read more of this story at Slashdot.

Internet Of Things (IoT) In Healthcare Market New innovations and Technology Advancements 2018 to 2023 – Daily Industry Reports

dailyindustryreports.com - “Global Internet Of Things (IoT) In Healthcare Market 2018 By Manufacturers, Regions, Type And Application, Forecast To 2023” provides a unique tool for evaluating the market, highlighting opportunit…


Tweeted by @iotdomains https://twitter.com/iotdomains/status/1041684627126026242

Australia, Solomon Islands, PNG sign undersea cable deal amid criticism from China – China power – ABC News (Australian Broadcasting Corporation)

abc.net.au - The leaders of Australia, the Solomon Islands and Papua New Guinea have marked the start of a project to lay an undersea internet cable between the three countries amid criticism from China that Aust…


Tweeted by @SCS_Disputes https://twitter.com/SCS_Disputes/status/1041663798619267072

ThreatConnect Research Reports Successful Threat Intelligence Programmes Saved UK Businesses an Average of £6 million in the Last Year

businesswire.com - LONDON--(BUSINESS WIRE)--ThreatConnect, Inc.®, provider of the industry's only extensible, intelligence-driven security platform, today released findings of a survey, “Building a Threat Intelligence …


Tweeted by @blackopscyber1 https://twitter.com/blackopscyber1/status/1041616772409876480

Global Cyber Warfare Market Opportunities, Top Trends, Drivers, Challenge, Analysis by Regions, Research Methodology and Forecast to 2018- 2025 – Market Research Day

marketresearchday.com - The Global Cyber Warfare Market report provides deep analysis of market.It define,describe and forecast the market by product type and key regions. it covers profile of the key players and compreh…


Tweeted by @CSFI_DCOE https://twitter.com/CSFI_DCOE/status/1041456011553513474

American Eating Habits Are Changing Faster than Fast Food Can Keep Up

Home cooking would be making a comeback if it ever really went away. From a report: Restaurants are getting dinged by the convenience of Netflix, the advent of pre-made meals, the spread of online grocery delivery, plus crushing student debt and a focus on healthy eating. Eighty-two percent of American meals are prepared at home -- more than were cooked 10 years ago, according to researcher NPD Group. The latest peak in restaurant-going was in 2000, when the average American dined out 216 times a year. That figure fell to 185 for the year ended in February, NPD said. Don't be fooled by reports of rising U.S. restaurant sales at big chains like McDonald's. Increases have been driven by price hikes, not more customers. Traffic for the industry was down 1.1 percent in July, the 29th straight month of declines, according to MillerPulse data. "It's counterintuitive because you see a lot of things in the press about restaurant sales increasing," said David Portalatin, a food-industry adviser at NPD. "America does still cook at home." The shift is weighing on the fast-food industry. Eateries already are struggling with higher labor and rent costs that they're passing along to customers, which in turn makes home cooking more economical. McDonald's, Jack in the Box, Shake Shack and Wendy's have all raised prices in the past year.

Read more of this story at Slashdot.

Beating the odds in market entry

mckinsey.com - How to avoid the cognitive biases that undermine market entry decisions. The annals of business history report that for every successful market entry, about four fail. Inexperienced start-ups suffer …


Tweeted by @RobertLaubscher https://twitter.com/RobertLaubscher/status/1041419726629609474

Amazon Says It is Investigating Claims That Its Employees Are Taking Bribes To Sell Internal Data To Merchants To Help Them Increase Their Sales on the Website

Amazon.com is investigating internal leaks as it fights to root out fake reviews and other seller scams from its website, the company told WSJ. From the report: Employees of Amazon, primarily with the aid of intermediaries, are offering internal data and other confidential information that can give an edge to independent merchants selling their products on the site, according to sellers who have been offered and purchased the data, brokers who provide it and people familiar with internal investigations. The practice, which violates company policy, is particularly pronounced in China, according to some of these people, because the number of sellers there is skyrocketing. As well, Amazon employees in China have relatively small salaries, which may embolden them to take risks. In exchange for payments ranging from roughly $80 to more than $2,000, brokers for Amazon employees in Shenzhen are offering internal sales metrics and reviewers' email addresses, as well as a service to delete negative reviews and restore banned Amazon accounts, the people said. Amazon is investigating a number of cases involving employees, including some in the U.S., suspected of accepting these bribes, according to people familiar with the matter. An internal probe began in May after Eric Broussard, Amazon's vice president who oversees international marketplaces, was tipped off to the practice in China, according to people familiar with the matter. Amazon has since shuffled the roles of key executives in China to try to root out the bribery, one of these people said.

Read more of this story at Slashdot.

Does LinkedIn Suck?

"LinkedIn Sucks" writes TechCrunch's John Biggs: I hate LinkedIn . I open it out of habit and accept everyone who adds me because I don't know why I wouldn't. There is no clear benefit to the social network. I've never met a recruiter on there. I've never gotten a job. The only messages I get are spam from offshore dev teams and crypto announcements. It's like Facebook without the benefit of maybe seeing a picture of someone's award-winning chili or dog. I understand that I'm using LinkedIn wrong. I understand I should cultivate a salon-like list of contacts that I can use to source stories and meet interesting people. But I have my own story-sourcing tools and my own contacts. It's not even good as a broadcast medium.... LinkedIn is a spam garden full of misspelled, grunty requests from international software houses that are looking, primarily, to sell you services. Because it's LinkedIn it's super easy to slip past any and all defenses against this spam.... I know people have used LinkedIn to find jobs. I never have. I know people use LinkedIn to sell products. It's never worked for me. The article ends with advice for people trying to contact him on LinkedIn for promotional purposes. "LinkedIn isn't a game. It isn't an alternative to MailChimp. It's a conversational tool. Use it that way." But what do Slashdot's readers think? Is LinkedIn a valuable resource for finding recruiters and job offers, interesting perspectives, and updates on your friends' careers? Or does LinkedIn suck?

Read more of this story at Slashdot.

Uber Glitch Stops Payments To Drivers, Prices Surge

Uber is still trying to fix a glitch that's been stopping its drivers from collecting the money they've earned for several days. An anonymous reader writes: One Uber driver says the problem's lasted over a week, and he's owed more than $1,300. "They've been continually telling us that it would be corrected within 24 hours," he told a Bay Area news station. "We still can't access the money.... We're in a situation where for a lot of us we have bills every day, we pay tolls every day, we pay gas every single day." Now the San Diego Reader reports the issue "is forcing San Diego drivers off the road," with the shortage of drivers triggering surge pricing throughout the entire region as much as triple the usual rate. Surge pricing is also hitting riders in Dallas, according to another Uber driver's tweet, who complains "It's a shame that a $48 billion 'tech' company can't get it together. In a statement promising they'd still pay all their drivers, Uber acknowledged their payment system was still broken, "and we sincerely regret any inconvenience." "The glitch in the payment system also means that trip and safety issues are unable to be reported, either by the passenger, or the driver," notes the San Diego Reader, adding that the city's Uber's drivers "continue to decline to work, either staying off the road of switching to another ride-sharing service."

Read more of this story at Slashdot.

Rail News – Amtrak to seek PTC extension, will operate current routes after Jan. 1. For Railroad Career Professionals

progressiverailroading.com - Amtrak will seek a deadline extension from the Federal Railroad Administration (FRA) to complete positive train control (PTC) implementation on all its railroad operations, an Amtrak executive told a…


Tweeted by @JerusalemKid https://twitter.com/JerusalemKid/status/1040988457940729856

Drone Startup Airware Is Shutting Down After Raising $118 Million

Drone operating system startup Airware, which has appeared in a number of stories over the years, announced today that it will be shutting down immediately despite having raised $118 million from investors. " The startup ran out of money after trying to manufacture its own hardware that couldn't compete with drone giants like China's DJI," reports TechCrunch. "The company at one point had as many as 140 employees, all of which are now out of a job." From the report: Founded in 2011 by Jonathan Downey, the son of two pilots, Airware first built an autopilot system for programming drones to follow certain routes to collect data. It could help businesses check rooftops for damage, see how much of a raw material was coming out of a mine, or build constantly-updated maps of construction sites. Later it tried to build its own drones before pivoting to consult clients on how to most efficiently apply unmanned aerial vehicles. While flying high, Airware launched its own Commercial Drone Fund for investing in the market in 2015, and acquired 38-person drone analytics startup Redbird in 2016. In this pre-crypto, pre-AI boom, Airware scored a ton of hype from us and others as they tried to prove drones could be more than war machines. But over time, the software that shipped with commercial drone hardware from other manufacturers was good enough to make Airware irrelevant, and a downward spiral of layoffs began over the past two years, culminating in today's shutdown. Demonstrating how sudden the shut down is, Airware opened a Tokyo headquarters alongside an investment and partnership from Mitsubishi just four days ago. As for the employees, they "will get one week's severance, COBRA insurance until November, and payouts for unused paid time off," reports TechCrunch.

Read more of this story at Slashdot.

San Francisco Gets Its First Cashierless Store

Last Week, San Francisco got its first completely automated cashierless store, called Standard Market. The store requires users to download their app before they can enter the 1,900-square-foot building. Once they do that, they can enter the store, grab the items they need, and walk out -- all without ever interacting with a cashier. The 27 cameras positioned on the ceiling are supposedly able to identify which items shoppers walk out with. CNBC reports: The start-up behind this operation is Standard Cognition, which has raised $11.2 million in venture capital and formed partnerships with four retail chains around the world. This first market is a prototype to showcase the technology and work on the bugs. The ambitious goal is to add the tech in 100 stores a day (each day!) by 2020. Five of the seven founders came from the Securities and Exchange Commission, where they built artificial intelligence software to detect fraud and trade violations, before starting Standard Cognition in 2017. Now these fraud experts are working to discern something equally complicated: whether I am stealing a snack. The store is very similar to Amazon's cashierless Go market, but differs in that it relies exclusively on the ceiling cameras and AI software to figure out what you're buying. "The goal is to predict, and prevent, shoplifting, because unlike Amazon's Go stores, which have a subway turnstile-like gate for entry and exit, Standard Market has an open door, and the path is clear," reports CNBC. "Once the system decides it has detected potential theft behavior, a store attendant will get a text and walk over for 'a polite conversation,' Standard Cognition's co-founder and chief operating officer, Michael Suswal, said."

Read more of this story at Slashdot.

CCDC and DVP Form Strategic Partnership to Provide World’s 1st Smart SOC to Alternative Asset Community – Harbinger Times

harbingertimes.com - Critical Cyber Defense Corp. (CCDC) announced today that it has entered into a strategic partnership with DVP Partners, LLC (DVP) to represent its CYREBRO® Smart SOC (Security Operations Center) in t…


Tweeted by @harbingertimes https://twitter.com/harbingertimes/status/1040706282905325569

CCDC and DVP Form Strategic Partnership to Provide World’s 1st Smart SOC to Alternative Asset Community – The Alpha Reporter

thealphareporter.com - Critical Cyber Defense Corp. (CCDC) announced today that it has entered into a strategic partnership with DVP Partners, LLC (DVP) to represent its CYREBRO® Smart SOC (Security Operations Center) in t…


Tweeted by @alpha_reporter https://twitter.com/alpha_reporter/status/1040705274707763200

Threat Intelligence Solution Market Research, Key Players, Growth Opportunities, Outlook and Forecasts by 2022 – Our Market Research

ourmarketresearch.com - The Threat Intelligence Solution Market Report provides thorough backdrop investigation of Threat Intelligence Solution business, with an evaluation of the previous years. The Threat Intelligence Sol…


Tweeted by @blackopscyber1 https://twitter.com/blackopscyber1/status/1040674303841230848

FireEye Named the Leader in External Threat Intelligence Services Evaluation by Leading Independent Research Firm

nbcrightnow.com - New report states that “FireEye leads the pack” MILPITAS, Calif. --(BUSINESS WIRE) FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that it was named the Leader in…


Tweeted by @BarryMattacott https://twitter.com/BarryMattacott/status/1040534486285529089

Internet of Things (IoT) Security Market Research Report: Business Revenue, Introduction, Sales Volume and Share 2018-2022 | Cisco Systems, Intel Corporation, IBM Corporation, Symantec Corporation, Trend Micro , Digicert, Infineon Technologies, ARM Holdin – openPR

openpr.com - 09-14-2018 08:02 AM CET - IT, New Media & Software Print Internet of Things (IoT) Security Market Research Report: Business Revenue, Introduction, Sales Volume and Share 2018-2022 | Cisco Systems, In…


Tweeted by @AllAbout5G https://twitter.com/AllAbout5G/status/1040504972297875456

Where is Your Security Management Journey Going?

Navigating security management is an ongoing process and sometimes erratic given the chaotic threat environment.  Maneuvering these often-uncharted cyber seas proves complicated and difficult. Is your cybersecurity vessel capable of sailing through tumultuous tides?

Earlier this year we set out to obtain a snapshot of where organizations (McAfee & non-McAfee customers) were in their security management capabilities and their desired solutions moving forward through commissioned global research with MSI. It would be fair to say the profile of organizations’ security management capabilities were vast from minimal security management to somewhat integrated and robust. But no matter where you ended on the spectrum, the most consistent pain point was the need to reduce complexity.

What’s alarming is that many IT and security professionals are managing cybersecurity with no management tool, thereby burdening themselves with too many consoles, multiple logins and time-consuming manual efforts.

Top Likes & Asks

The top useful management features were: (1) a holistic, integrated view from a single console, (2) the ability to manage multiple products, and (3) the capabilities to automate deployment and updates.  Future desired improvements were focused on getting the security tools to work together.

  • The desire to integrate tools is key for many (74%) with the top integrations to be with endpoint, server and threat intelligence. And the noted perceived value of integration would be 20% savings in time.
  • Over 77% want automation of repeatable tasks noting a time savings of 25%.
  • 77% want tools to orchestrate between each other.
  • 84% want an advanced dashboard to provide their current security posture.

And if these features are not available it would give reason to replace their current security management with a single management console that includes these capabilities.

Is this your top requests list?

All these features make sense.  Cybersecurity threats have evolved requiring specialized prevention, detection and remediation techniques and tools.  This has created a tools sprawl and isolated technologies with separate management consoles working in silos to accomplish a security function.  At times this leaves a gap where pertinent context is left out or opens another doorway for the attacker.  You have separate sophisticated tools to find advance threats.  You have separate tools to enforce security policy across your enterprise whether it’s updating security software to address the latest threat, changing a data policy or tools to exclusively protect your cloud environment.  Managing many disparate security tools is daunting.  Good news, your tool chest is chuck full but are they working together as a unified security front with no gaps? These wish list items will get you closer to have your security tools working together.

Wishes Do Come True

We are pleased to note that McAfee ePO™ meets these top feature asks and desired improvements. McAfee ePo is a single console security management solution that manages multiple products and automates security policy enforcement across your entire enterprise.  To drive the working together there are over 150 3rd party integrations and ePO manages the data exchange layer (DXL), the communication layer that shares threat intelligence, alerts and triggers actions to resolve.  And to top it off, ePO is now available in a couple of deployment options: on-premise, ePO on AWS as IaaS or MVISION ePO as SaaS.

McAfee ePO is a proven security management solution with nearly 40,000 customers. It continues to evolve as the cybersecurity landscapes changes.   Don’t just hear it from us—let our customers do the talking. Check out below what an Insurance company says about McAfee and McAfee ePO.

The post Where is Your Security Management Journey Going? appeared first on McAfee Blogs.

The many faces of omnichannel fraud

The rise of new technologies, social networks, and other means of online communication have brought about compelling changes in industries across the board.

For example, in retail, organizations use digital tools such as websites, email, and apps to reach out to their current and potential clients, anticipate their needs, and fully tailor their business strategies around making the user shopping experience as positive, seamless, frictionless, and convenient as possible.

This is the heart of the omnichannel approach. And while the foreseen outcome may sound lovely in the ears of consumers and businesses, it’s actually easier said than done. A lot of planning, executing, aligning of goals and core values, and—most importantly to us—securing is involved.

As for the organizations who have adopted this approach, a majority of them believe that they don’t have adequate tools and measures in place to protect their businesses against fraud in the omnichannel environment.

What is omnichannel?

To understand how we can protect businesses in an omnichannel environment, we should go back to basics. It’s important to know what omnichannel is, how it works, and how it affects clients of organizations using this approach.

Omnichannel—also spelled omni-channel—is a compound word composed of the words “omnis” and “channel.” Omnis is the Latin word for “all,” while channel, in this case, pertains to a way of making something, such as information or a product, available. With these in mind, one could roughly define omnichannel as available in all channels, irrespective of the business or the industry it belongs to.

For example, although an omnichannel banking strategy looks different from an omnichannel retail strategy, both apply the same principles. Here’s a simple illustration:

In omnichannel banking, the customer can access their accounts anywhere, pay their bills anywhere, and get money anywhere.

In omnichannel retail, the customer can browse items anywhere, pay anywhere, and return them anywhere.

It’s safe to assume that a majority of businesses already have the “all channels” part covered, but the basic tenet that sets the omnichannel approach apart from the multi-channel approach is its focus: Omnichannel pays more attention to how the organization interacts with the client and less on the actual transaction. The interaction between customer and organization is seamless—meaning, the customer won’t meet bumps when switching from one device to another in the middle of a purchase—regardless of the channel the customer chooses.

Because communication among channels also happens at the backend, the organization is able to anticipate a customer’s future needs, wants, and likes, which they then use to (1) tailor their pitches and/or ads and (2) communicate messages to the customer consistently across channels.

A successful and effective omnichannel strategy fosters a deeper relationship between customer and organization, which in turn translates into invaluable, loyal, and happy customers.

When a new strategy introduces new security risks

Risks are unavoidable when an organization undergoes strategic change. It’s already challenging enough for organizations to let their channels start talking to each other as part of the drive to enhance customer experience. With customers now becoming more informed, connected, and knowledgeable about what they want and what they don’t want to encounter when interacting with a brand, they significantly influence and shape the way retailers respond to them.

And why not? Nowadays, it’s relatively easy for customers to be put off by a brand that doesn’t address their growing demand for a faster, more personalized, flexible, and seamless experience overall.

Addressing such demands inevitably leads to introducing new ways consumers can shop, an uptick in the availability of fulfillment options, and the increased availability of new payment options to users. Of course, where a hand-over of money, product, or data is involved, fraud is fast on its heels.

Types of fraud in omnichannel

Organizations looking into adopting an omnichannel approach should also look into ways they can protect user data, user accounts, and sensitive financial data (if they haven’t already), on top of protecting their physical and digital assets. Below, we have identified several fraud types that are found in an omnichannel retail environment. (Note that some of these can also be found in multi-channel retail environments as well):

  • Card-not-present (CNP) fraud. A well-known scam where a fraudster uses stolen card and owner details to make online or over-the-phone purchases. As the fraudster cannot show the card to the retailer for visual inspection, they get away with the fraudulent purchase.
  • Cross-border or cross-channel fraud. Fraudsters steal credentials and sensitive personal information used by their target in one channel so they can commit fraud to another or an associated channel.
  • Click-and-collect fraud. This is otherwise known as the “buy online, pick-up-in-store” fraud. This occurs when a fraudster, armed with stolen card details and details of the real owners (for backup), buys online then picks up the item from the store. The purchase is flagged as fraudulent.
  • Card-testing fraud. Also known as “stolen card number testing,” this tactic occurs when fraudsters use a merchant’s website to test if stolen card credentials are still valid by making small, incremental purchases. According to Radial, an omnichannel solutions company, there has been a 200 percent increase in card-testing fraud in 2017.
  • Return fraud. This comes in many shapes and sizes. One type, which is friendly fraud, happens when a seemingly legitimate buyer purchases an item online, receives it, and then contacts their card issuer to claim that they never received the item they bought. Return fraud also happens when a buyer purchases electronics, takes out their expensive parts, and then returns the item to the store.
  • Mobile payment fraud. In a world that is now described as “mobile-first,” it’s only logical to expect that fraud born from mobile device usage could outpace web fraud. And it has. Before, mobile browsers were typically the point-of-origin of such fraud; nowadays, fraud can be done via mobile apps.

Addressing omnichannel fraud

With the current amount of fraud omnichannel organizations are vulnerable to, a unified approach to solving all of them is a must. There are already third-party solution service providers that an organization can approach to assist them in this. However, there are practical ways organizations can do and lean on, especially if the budget is particularly tight, to nip fraud in the bud.

Track fraud across your channels. This allows organizations to identify the flaws in each of their channels so they can tailor their security strategy. Consider putting together an exclusive department to oversee this task and manage the data. With a team or one person focused on assessing, identifying, and coming up with ways to mitigate the business’s risk against fraud,  it would be easier to get executive backing, especially when it’s time to invest funds on more sophisticated protection tools as the business grows.

Come up with a fraud prevention strategy. And this can only be done after the data from tracking channels has been collected and analyzed. Remember that for a fraud prevention strategy (or any strategy for that matter) to be effective, it should be designed based on the current and future needs of the organization.

Implement multi-factor authentication (MFA). Authentication is the first line of defense against fraud, so having at least two forms implemented is better than not using any authentication protocol at all. But organizations must make sure that the auth methods they want to adopt are reliable and difficult to intercept. That said, SMS authentication should no longer be an option.

If consumers want a unified and consistent experience across all channels, they should expect the same when it comes to identity authentication. While a true omnichannel authentication is still in its infancy, many organizations already recognize its importance and potential. This is good news, and organizations must keep an eye on.

Encrypt data. It’s one of the fundamental ways an organization can protect the exchange of data between their clients and their systems. Yet, there are still organizations that transfer, share, and store sensitive data in human-readable format. They probably think it’s still okay to do this in the age of breaches, even when point-to-point encryption methods are already available for businesses to use. But here’s the truth: This. Shouldn’t. Be. Happening. Anymore.

Dear Organization, please don’t be that company.


Read: Encryption: types of secure communication and storage


Secure your e-commerce website. Principles we learned in Security 101 apply here: Keep your software updated, use HTTPS hosting, use strong passwords (especially for those with admin accounts), back up data regularly, and use security software. Also, we hastily add not storing sensitive data to your server. Instead, use a third-party payment solution to conduct secure payment transactions between the organization and your clients.

The store of the future and cybersecurity: final thoughts

Going omnichannel is a continuing trend that won’t be going away any time soon. In retail, today’s customer demands and expectations are high, and businesses are expected to meet or exceed them. Doing so gives organizations an edge over their competitors, not to mention that evolving to omnichannel is a sure way of future-proofing their businesses. However, organizations must keep this in mind: If the omnichannel approach increases the user convenience, it may be convenient for fraudsters, too.

While overall growth is a business’s main objective, cybersecurity considerations should not be deprioritized. In an omnichannel environment, exposure to fraud, malware, and other digital crimes are heightened. As such, a lot more assets need to be protected.

The post The many faces of omnichannel fraud appeared first on Malwarebytes Labs.

Sound, Fury, And Nothing One Year After Equifax

One year ago today, Equifax suffered what remains one of the largest and most impactful data breaches in U.S. history. Last September, it was revealed that the personal information of 145 million Americans, almost 700,000 UK citizens, and 19,000 Canadians was stolen by cybercriminals.

This information included names, addresses, birthdays, Social Security numbers, and—in some cases—driver’s licenses. All critical, personally identifiable information (PII) that can resold in the underground and used to commit identity fraud.

This breach had very real impact on the millions affected. On Equifax? Or the industry as a whole? Not so much…

The result is that your personal information remains “entrusted” with various agencies without your knowledge. Agencies that may or may not have your best interests at heart. A year after the Equifax breach, your data has never been at greater risk. Why?

The Equifax breach made international headlines for weeks. It’s a story that has corporate intrigue, political uproar, and controversy…yet nothing really has changed.

What Happened?

Cybercriminals gained access to Equifax’s systems through a known vulnerability in Apache Struts (a web application framework). This easily exploited vulnerability has been left unpatched and unmitigated by Equifax for weeks.

When Equifax discovered the breach, they waited weeks to notify affected individuals and the general public. That notification came in the form of an insecure site on a new domain name. This contributed to the criticism the company faced as they bumbled the response.

The saga took a number of twists and unexpected turns as executives were accused of insider trading, having sold shared valued at $1.8 million dollars after the breach was discovered but before the public announcement. The CIO and CISO stepped down in the wake of the breach. As the company continued to see pushback, political and consumer frustration, the CEO eventually resigned allowing the company to try and turn the page.

After all, Equifax had the tools, people, and process in place to prevent the breach but simply dropped the ball…with catastrophic results.

Customers?

One of the biggest challenges in light of this breach was the relationship that Equifax had with the affected individuals. Equifax maintained a significant amount of personally identifiable information on hundreds of millions of individuals in the US and around the world yet very few of these individuals had a direct relationship with the company.

Equifax and a handful of other consumer credit reporting agencies make their money by selling customer profiles and credit ratings to other business, essentially acting as massive reputation clearing houses.

Given the role played by these agencies, individuals in the US have alarmingly few actions they can take in recourse to an error or breach of their information in care of such an agency. This was a key point raised in the uproar after the Equifax breach.

One year later, let’s check in on the progress made so far…

Lack of Personal Data Protections

Alarmingly, there has been no federal action and only one state has passed legislation regarding personal data protections since the Equifax breach.

In June, California passed the California Consumer Privacy Act of 2018 (AB 375). This landmark legislation takes a much needed step towards personal data protections in the state of California. While not the driving factor for the legislation, the breach contributed to awareness of the need for such protections.

This protects Californian’s in a similar manner to European’s under GDPR. If either piece of legislation was in effect during the Equifax breach, the company would have been looking at major fines.

What Now?

Despite the initial uproar, very little has happened in wake of the Equifax breach. The creation of strict regulation in the EU had been underway for years. The initiative in California had already been underway when this breach happened.

Despite the outrage, very little came of the breach outside of Equifax itself. They brought in new leadership and have tried to shift the security culture, both solid steps. The consent letter signed will help ensure that Equifax continues to build a strong security culture but it doesn’t impact any of the other agencies.

Is this the future? As more and more companies move to monetize data and customer behaviours, a lack of political will and a lack of consumer pressure means that YOUR data remains at risk.

Regulation is always challenging but it’s clear that the market isn’t providing a solution as few of the affected individuals have a relationship with the companies holding the data. Your personal information is just that…yours and very personal.

Individuals need the ability to hold organizations that put that information at risk accountable.

The post Sound, Fury, And Nothing One Year After Equifax appeared first on .

Before Senate Facebook, Twitter Defend Efforts to Stop Fake News

Facebook and Twitter executives defended recent efforts to stop the use of their platforms by Russia, Iran and other countries to influence U.S. elections. In testimony before the U.S. Senate, Facebook COO Sheryl Sandberg and Twitter Chief Executive Jack Dorsey on Wednesday defended their employers’ recent efforts to thwart influence...

Read the whole entry... »

Related Stories

Stop Impersonations of Your CEO by Checking the Writing Style

If one of your employees receives an email that looks like it’s from the CEO asking to send sensitive data or to make a wire transfer, could that employee spot it as a fake based on how it is written? He or she may be so concerned with pleasing the CEO that they may urgently respond without a second thought. What if artificial intelligence could recognize that the writing style of suspect email doesn’t match the style of your CEO to spot fraud? It can.

Writing Style DNA technology is now available to prevent Business Email Compromise Attacks (BEC) which according to the FBI has cost organizations $12.5 billion with some companies losing as much as $56 million dollars.

Want to skip the reading? Watch this short video

Unique Writing Style

Some of us write long sentences with a variety of words while others are more direct with short words and small paragraphs. If we look at the email of three Enron executives (based on a dataset of 500,000 emails released publicly during the Federal Energy Regulatory Commission’s investigation) we can see the differences in how they write. Looking at the emails from Jeffrey Skilling, Sally Beck, and David Delainey, we can compare writing style elements such as sentence length, word length, repeated words, paragraph length, pronoun usage, and adjective usage.

Graph of writing style elements of 3 Enron executives

We see that the three executives style vary across the 16 elements in the chart above. As humans, we can perhaps come up with 50 or maybe 100 different writing style elements to measure. A computer AI though can see many more differences between users writing. The AI powering Writing Style DNA can exam an email for 7000 writing style elements in less than a quarter of a second.

If we know what an executive’s writing style looks like, then the AI can compare the expected style to the writing in an email suspected of impersonating that executive. 

Training an AI model of a User’s Writing Style

Based on previous Business Email Compromise attacks, we see that the CEO and Director are most likely to be impersonated and can define these individuals as “high-profile users” within the admin console for Trend Micro Cloud App Security or ScanMail for Exchange.

 

Titles of impersonated senders in 1H 2018 Business Email Compromise attempts 

To create a well-defined model of a high-profile user’s writing style, the AI examines 300-500 previously sent emails. Executive’s email is highly sensitive and to protect privacy, the AI extracts metadata describing the writing style but not the actual text. 

Your executives style of writing isn’t static but rather evolves over time just like this infographic shows JK Rowling’s style changing over the course of writing the Harry Potter books. As such, the AI model for a high-profile user can be regularly updated at a select interval. 

Process Flow

When an external email from a name similar to a high-profile user, the writing style of the email content is examined after other anti-fraud checks. The volume of BEC attacks is small to start with (compared to other types of phishing) and other AI based technologies catch most attacks which leaves only a small number of the stealthiest attacks for writing style examination. For these attacks, if the style doesn’t match, the recipient is warned not to act on the email unless he/she verifies the sender’s identity using a phone number or email from the company directory. Optionally, the impersonated executive can also be warned of the fraud attempt on their behalf. 

Internal and Beta Results

Internally, Trend Micro has been testing this since January of 2018. Writing style models are in place for our executive team and some other high-profile users. During this time, Writing Style DNA detected 15 additional BEC attacks which were attempting to impersonate our CEO, Eva Chen. This works out to an average of 1 additional attack detected every other week. To date, there have been no false positives.

Sample BEC attempt detected with Writing Style DNA

We have also had more than 60 beta customers try the technology over the past few months. Many initially found their executives were using their personal email accounts occasionally to email others at the organization and these personal accounts can be whitelisted by the admin. Writing Style DNA detected 15 additional BEC attacks at 7 organizations. 

Available now and included with your license

Writing Style DNA is now available with Cloud App Security for Office 365 and ScanMail for Microsoft Exchange at no additional charge.

The Cloud App Security service has been updated already to include this functionality and ScanMail customers can upgrade to SMEX 12.5 SP1 to start using this technology. ScanMail customers can learn more about upgrading to v12.5 SP1 at this webinar September 6.

The post Stop Impersonations of Your CEO by Checking the Writing Style appeared first on .

Securing the Convergence of IT with OT

The Industrial Internet of Things (IIoT) is the leading edge of the convergence of Operational Technology (OT) with IT. This convergence begins with network connectivity but requires enhancements in operational procedures, technology, and training as well.

Beginning with the network, IT and OT use different protocols. Within the OT world, vendors have created many proprietary protocols over the past 50 years: MODBUS dates from 1969; ABB alone has over 20 protocols. IIoT vendors offer gateways to simplify and transform information before it moves to IT’s cloud for aggregation and processing. The volume of data can be huge, so IIoT gateways use compression, aggregation, and exception reporting to minimize network traffic. Gateways are Edge processors.

Operational procedures differ between IT and OT environments. The guiding principles of OT networks are two: safety, and service reliability. However, the IT information security principles are data availability, data integrity, and data confidentiality. These principles are orthogonal: they do not overlap. From an IT perspective, and industrial process is not “information” so falls out of scope for information security.

IT and OT processes could converge as they each evolve. DevOps breaks down the barriers between development and operations for more rapid deployment of new function without compromising controls governing software quality. Figure 1 shows a converged DevOps process:

 

Figure 1: Converged DevOps Process

In the OT realm, enhancements to Process Hazard Analysis are driving the evolution of Cyber Process Hazard Analysis, as shown in Figure 2.

Figure 2: Cyber Process Hazard Analysis (Cyber PHA)

The OT evolution shows two processes: on the left in blue, the ongoing asset security analysis, which influences the OT Program and Governance Model in step 5 on the right. As new threats come to light, engineers update the model which flows into a new, more secure, steady state for the environment.

OT technology is evolving as core technologies offer greater processing power, storage capacity, battery life, and network connectivity. Early OT protocols had no authentication or encryption, and could not accept over-the-air software and firmware updates securely. Newer processor chips can support these requirements, but the IIoT vendors must build these capabilities, requiring larger code bases for development and some mechanism to issue patches during operations. IIoT vendors do not have experience running bug bounty programs. They will need some way to get feedback from their customers and researchers to fix problems before they get out of hand.

Training means more than ad hoc learning as the opportunity presents itself. Information security skills are scares and growing more so. Organizations need to provide additional skills to their existing staff, and may need to rely on outsourced support to bridge the gap while those new skills come on-line. But simply handing off responsibility to a third party will not eliminate risk: the organization itself will have to enhance its operational procedures to handle patch/fix requirements in time.

At Trend Micro, we understand this complexity, so we address it from different angles. Securing the connected world is one of our highest priorities.  So far this year, we have launched a series of programs and partnerships to help IIoT manufacturers and their marketplaces. The Zero-Day Initiative (ZDI) includes Industrial Control Systems (ICT) defect reports. ZDI processed 202 SCADA HCI defects in the first half of 2018. Deep Security already has over 500 filters/virtual patches for OT protocols traveling over IP. Trend Micro offers guidance on deploying information security tools in the development cycle so the CD/CI process does not experience a disruption as security contexts change with production deployment. The IoT SDK helps IoT device manufacturers build core information security functions into devices during development, as with Panasonic’s In-Vehicle Infotainment (IVI) systems. By offering IoT vendors access to ZDI, Trend Micro extends its expertise in managing bug bounty programs to new entrants from outside the conventional IT realm. Partnerships with IIoT vendors such as Moxa extend 30 years of Trend’s information security expertise to a broad range of industrial control platforms. Trend Micro’s offering for telecommunications brings work-hardened network and server security to carriers for secure, reliable communications. Contact Trend Micro for more information about the threat landscape and available solutions.

For more information, please click here.

What do you think? Let me know by commenting below, or reach me @WilliamMalikTM .

The post Securing the Convergence of IT with OT appeared first on .

Explained: regular expression (regex)

Regular expression, or “regex” for short, is a mathematical term for the theory used to describe regular languages. But in computing, regexes are used to search for patterns in files and databases, and their functionality is incorporated into many modern programming languages. Regex search patterns make wildcards look like clumsy clowns because they offer a whole slew of additional options.

Regex overview

The simplest and most common method of searching is to look for a specific string or character in a text file, for example, by using F3 on a website. This is basically what you use when you apply the “Search” or “Search and Replace” functions in Notepad.

Like we said, regex can do a lot more. But to achieve this, a few special characters have to be defined. It is good to know these so-called meta characters because syntax errors are the most common cause for failed searches.

The most used special characters are:

Square brackets []

Square brackets are used to specify a character set—at least one of which must be a match, but no more than one unless otherwise specified.

Example: Malwareb[yi]es will be a match for Malwarebytes and Malwarebites, not for Malwarebyites.

The minus sign –

The minus sign or hyphen is used to specify a range of characters.

Example: [0-9] will be a match for any single digit between 0 and 9.

Curly brackets {}

Curly brackets are used to quantify the number of characters.

Example: [0-9]{3} matches for any number sequence between 000 and 999

Parentheses ()

Parentheses are used to group characters. Matches contain the characters in their exact order.

Example: (are) gives a match for malware, but not for aerial because the following order of the characters is different from the specification.

Slash |

The slash, as in many languages, stands for the logical “or” operator.

Example: Most|more will be a match for both of the specified words.

Period .

The dot or period acts as a wildcard. It matches any single character, except line break characters.

Example: Malwareb.tes will be a match for Malwarebytes, Malwarebites, Malwarebotes, and many others, but still not for Malwarebyites.

Backslash \

The backslash is used to escape special characters and to give special meaning to some characters that follow it.

Examples: \d matches for one whole number (0 – 9).

\w matches for one alphanumeric character.

Asterisk *

The asterisk is a repeater. It matches when the character preceding it matches 0 or more times.

Example: cho*se will match for chose and choose, but also for chse (zero match).

Asterisk and period .*

The asterisk is used in combination with the period to match for any character 0 or more times.

Example: Malware.* will match for Malware, Malwarebytes, and any misspelled version that starts with Malware.

Plus sign +

The plus sign matches when the character preceding + matches 1 or more times.

Example: cho+se will match for chose and choose, but not for chse.

There are quite a few more meta characters, but it is outside the scope of this post to explain them all in detail. For those interested, there are many basic and advanced regex tutorials available. One of them will certainly fit your specific wishes.

Responsible use

Sophisticated regexes look intimidating and confusing at first sight, but once you have constructed a few yourself, you will start recognizing what others have tried to accomplish—especially if you take them apart one piece at a time. But we do advise caution when using your own regexes on public-facing servers or apps. An inexperienced publisher could be digging his own grave by doing so.

For most common tasks, there are many examples to be found on code repositories like GitHub. But you will have to choose carefully and ask yourself:

  • Security-wise, is it safe to use in production?
  • Is it well maintained? Does it get updated regularly, or will that become your future task?

The more contributors, the better is the rule of thumb here. More contributors mean not only more eyes that check for vulnerabilities, but also more people writing new code and improving existing code.

Abuse

As in many other programming languages, regex can be used in JavaScript as well. This capability is nice, but also poses a problem that has been known for several years. The first paper mentioning the possibilities of a regular expression denial of service (ReDoS) stems from 2012.

Basically, an attacker can prepare a specially-crafted and/or lengthy piece of text that he feeds into an input field of a JavaScript-based web server or app. Since JavaScript does not run multi-threaded, the targeted server or app is busy running its regex functions on the text. While it is doing that, it is unable to perform any other tasks, so the server or app will appear to be frozen. Other languages will take a long time to deal with such texts as well, but if they are multi-threaded, other requests can be dealt with at the same time and won’t have to wait until the regex functions are done processing the text.

Since it is not hard to figure out, or in some cases, it’s well-known what regexes will be performed, it is relatively easy to craft a text that will keep an unprotected server occupied for up to a few minutes.

For example, many servers use Node.js, a JavaScript runtime that has quite a few documented ReDoS vulnerabilities.

In other cases, attackers can search for so-called “evil regexes.” What makes a regex stand out as evil?

  • The regular expression applies repetition (“+”, “*”) to a complex subexpression.
  • For the repeated subexpression, there exists a match that is also a suffix of another valid match.

Prevention of ReDoS attacks

To prevent becoming a victim of a ReDoS attack, it is not enough to rely on the built-in security of the regex. Here are some tips:

  • Use atomic grouping in your regex. An atomic group is a group that, when the regex engine exits from it, automatically throws away all backtracking positions remembered by any tokens inside the group.
  • Keep tabs on your regexes. When a regex takes much longer then it should, kill it at once. You can inform the user that it was stopped for this reason and as a security measure.
  • Validate your input, and don’t allow users to use their own regexes. If there is no other way, then pre-format the regexes and only allow certain minimal deviations.
  • Only write your own regexes for production servers and apps if there are no other known reliable sources available.
  • Use one of the verification packages that are available for regexes to have your regex checked for vulnerabilities.

Popular does not equal safe

Even though Node.js is an immensely popular JavaScript runtime, it is not enough to rely on the security it provides. And even though regexes can be useful tools, using them should come with some precautions. Reportedly, there has been an uptick in web apps and servers that have been under ReDos attacks lately.

Sources

Understanding ReDoS Attack

JavaScript Web Apps and Servers Vulnerable to ReDoS Attacks

How a RegEx can bring your Node.js service down

Stay safe!

The post Explained: regular expression (regex) appeared first on Malwarebytes Labs.

Using Security-First Strategies to Keep Customer Data Safe

MGM Resorts International operates 27 resort properties worldwide, including more than 420 bars and restaurants and 282 retail establishments. SVP, Chief Information Security Officer Scott Howitt oversees security for the entire global enterprise, which encompasses 20,000 endpoints, various operating systems, and applications that span the gaming, hospitality, entertainment, food and beverage, retail and hotel industries. MGM Resort International’s reputation rests heavily on keeping its customers data safe and secure.

Howitt and his team work relentlessly to block threats and mitigate risk as quickly and efficiently as possible. He has overseen the transformation of MGM Resort International’s security ecosystem and continues to evolve it to stay ahead of ever-changing threats. Implementation of solutions such as McAfee Investigator and use of the Open Data Exchange Layer (OpenDXL) have reduced the time needed to block and remediate threats, keeping its businesses and customers safer. Howitt has also adopted some key strategies on top of these critical tools to help build a culture of security among his team.

Continually adapt and learn

Keeping ahead of zero-day attacks and new advanced threats requires a security infrastructure that continually gets smarter. By bringing in innovative technologies, such as machine learning and AI used by McAfee Investigator, MGM Resorts International’s defenses can adapt and learn to protect, detect, and correct faster.

Leverage technology that advances team learning

Using McAfee’s Investigator tool has also matured the team, helping them learn from each other. By providing greater continuity in the handoffs during an incident response process, everyone has a clearer view of the investigation, leading to increased efficiency. This also makes it easier to transfer knowledge from veteran staff to newer team members via the tool, advancing the team much faster.

Think longer term and build a layered defense architecture

The company has moved over the years from a security environment made up of a collection of point solutions to an adaptive ecosystem of interconnected security solutions and services that work together. McAfee Threat Intelligence Exchange and OpenDXL have supported Howitt in realizing this vision of a comprehensive, layered defense architecture. This approach not only helped build a more integrated security environment, but vendor consolidation saved money and simplified operational overhead.

Use the community

Once a quarter MGM Resorts International gathers representatives from McAfee and its three other major security partners to discuss possible use cases and how to leverage OpenDXL. Howitt admits their partners were hesitant at first to work closely with competitors, but they embraced it when they saw how working together could make their tools more efficient and powerful through collaboration. “… the more collaboration you have, the more likely you are to find better ways to use a tool or make it work better and be more secure,” says Howitt.

Learn more about how MGM Resorts International works with McAfee to make its businesses and customer safer using a security-first approach.

The post Using Security-First Strategies to Keep Customer Data Safe appeared first on McAfee Blogs.

How Human-Machine Teaming Helps Security Operations Deal With Greater Volume of Threats and Data

Cybersecurity threats are hitting organizations more frequently and from more directions than ever before. Unfortunately, enterprise security teams aren’t growing as quickly as the threats they face, which means infosec professionals have to work more efficiently to keep up.

One way to build a more efficient IT security operation is to adopt human-machine teaming solutions that pair automation and advanced analytics with trained security analysts. Recently McAfee held a series of Security Operations Roadshows in Toronto, Ottawa and Montreal with our partner Interset to highlight some of the benefits human-machine teaming can bring.

At the events, McAfee Vice President and General Manager Jason Rolleston, noted some organizations invest in Security Information and Event Management (SIEM) systems, believing that doing so will protect them from cybersecurity incidents. While investing in a SIEM is a necessary step, it’s only part of building an effective cybersecurity solution.

Once a SIEM is in place, organizations need to build a plan that focuses on particular risks or challenges. Depending on the type of organization, the focus could be on breaches, compliance, or denial of service. Without a focus, analysts won’t be able to handle all the information that’s being thrown at them by the SIEM.

The final phase in a comprehensive cybersecurity plan is adding tools that can help analysts investigate and respond to attacks. Solutions featuring advanced analytics and automation can help analysts pinpoint specific threats quickly, so they can be dealt with before they cause harm to an organization.

Stephan Jou, the Chief Technology Officer at McAfee partner Interset, walked attendees through how analytics and artificial intelligence can complement a SIEM and enhance the capabilities of a security operations team.

Analytics and automation don’t replace humans – they scale them, allowing them to handle more information and better identify threats. Interset’s solutions use mathematical modelling to determine risk, based on data aggregation and real-time monitoring.

For example, an insider threats detection solution would build a behavioural profile for employees within an enterprise, then monitor traffic based on the user, machine, applications, data types, etc. to determine a threat level. If a user was downloading large amounts of data from a remote location, when they typically would not need access to that data, the insider threats product would flag them to a security analyst as a high risk, requiring immediate action.

Given the huge amount of data and sources security teams have to deal with today, there is a growing need for human-machine teaming. McAfee’s Enterprise Security Manager combined with other tools such as McAfee Behavioral Analytics and McAfee Investigator enable enterprise security operations teams to streamline and improve threat detection, while improving response times.

Learn more about combining the unique strengths of humans and machines for better security outcomes.

The post How Human-Machine Teaming Helps Security Operations Deal With Greater Volume of Threats and Data appeared first on McAfee Blogs.

Hackers gain access to millions of T-Mobile customer details

T-Mobile has fallen foul of yet another cybersecurity issue. In a statement released this week the company said that an unauthorized entry into its network may have given hackers access to customer records, including billing ZIP codes, phone numbers, email addresses and account numbers. According to T-Mobile, the intrusion was quickly shut down, and no financial data, social security numbers or passwords were compromised.

Source: ZDNet

Take a Holistic Approach to Reviewing Security Strategy

The first step in building a culture of security in an organization is embedding it into your vision and values. Creating a foundational commitment to security among all employees establishes a strong first line of defense. With that in place, the next step is reviewing each area of the business to ensure you’re walking the talk when it comes to thinking security-first. Knowing where to start can be overwhelming. But using this simple framework will guide you through the critical elements.

Begin with a holistic review of your security strategy

In today’s digital world, businesses are more interconnected and fast-moving than ever. It’s important to take a wide perspective and review all angles of security across governance, people, process, and technology.

  • Governance: Depending on many factors – including company size, industry, geography, ownership structure, and more – the level of data governance at a company can vary greatly. It’s worth evaluating what you have in place and considering adding new structures for data protection for the long term.
  • People: This is an organization’s greatest vulnerability, but also its strongest line of defense. Review your education and training for cybersecurity best practices across all levels and departments, from your most junior staff up to executives, and make sure your people are part of the solution.
  • Processes: This should extend beyond just security-specific processes to broader business-level processes. Review data collection, flows, processing, storage, and handling to understand the scope of securing that data. But also evaluate processes for product design and development, new hire onboarding, and other departmental workflows to identify areas to add new security measures.
  • Technology: This is the backbone of your digital organization, so ensuring your technology is secure is table stakes. It’s important to also assess how the systems are actually used by staff and consider changes if people tend to bypass standard procedures to avoid any inconvenient steps required.

Measure outcomes to gauge effectiveness

While gaining clear visibility into actual security strategies in effect across the organization provides understanding of scope, it’s only the first step. As you craft a plan to strengthen your security and implement changes, measuring the impact is critical to evaluating effectiveness. Start by establishing a baseline metric for each change in your plan, whether it is designing new procedures for data protection, rolling out an updated staff training, adjusting steps in product design to consider security, or replacing a technology system.

As updates are implemented, build a cadence of evaluations into regular workflows. For example, include measurement of outcomes in quarterly review or planning cycles. Check progress against the original baseline, including quantitative measurements when possible as well as qualitative feedback from team members to validate. Use that data to course correct and continuously improve implementation of your strategies.

Throughout each stage of this holistic review process and implementation of changes, continually think about how various roles on each team are affected by implementation of changes. Understanding impact and communicating each person’s responsibility to security on a personal level is key to developing a sustainable culture of security.

Steps for Conducting a Holistic Review of Security Strategy

Thinking about the scope and effectiveness of security measures across every area of the business can be overwhelming. Breaking it down into defined segments helps get started. Use this framework to guide your review.

Download one-pager

The post Take a Holistic Approach to Reviewing Security Strategy appeared first on McAfee Blogs.

Security is Not a One-Person Job

Pharmacy benefits management company Prime Therapeutics is responsible for the safety of personal health information for more than 27 million Blue Cross Blue Shield members nationwide. As employees and systems handle this sensitive data in daily interactions with Blue Cross Blue Shield, pharmacists, Medicare and Medicaid and employees, a reliable defense system is critical. With such a vital responsibility, it’s no surprise to find a security hero among their ranks in Jacob Walls, an information security engineer brought on in 2016 to bolster data loss prevention (DLP).

But Walls recognizes no one team or system can do the job alone. His experience implementing McAfee DLP Endpoint and McAfee Network has taught him much of the work happens outside of the tools and requires meeting with stakeholders to understand the various use cases. He says working to improve Prime Therapeutics’ DLP initiatives gives him the ability to engage with other departments outside of security, which is some of his favorite work. This also provides greater visibility into how the sensitive data moves, where it interacts with people and what potential risks can be addressed to protect that data.

An additional benefit has been increased awareness of security of sensitive data across the employee base. Walls’ team works with different departments collaboratively to design rule sets that address various use cases presented. After implementing the required policies, they continue meeting regularly to get feedback on its effectiveness and update for improvements, as needed. These ongoing interactions raises understanding all around for the need for protections and controls around data.

“Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people.

Hear directly from Jacob Walls about his experience with McAfee and what a good day at Prime Therapeutics looks like in this video.

The post Security is Not a One-Person Job appeared first on McAfee Blogs.

Brazilian Educational Organization Gets High Marks for Innovation Leadership with Integrated Security from McAfee

Furthering the cause of education in Brazil is the mission that fuels SOMOS Educação’s laser-focused drive toward technology and innovation—and McAfee is playing a pivotal role in that transformation. As CIO Juliano Pereira points out, “Compared to 99% of the educational organizations in Brazil, we are way ahead of the game”—and, in large part, it’s a result of embracing McAfee’s connected security ecosystem.

As one of the biggest K through 12 educational groups in Brazil, SOMOS Educação provides a comprehensive portfolio of integrated educational textbooks, digital products, and services, including the administration of preparatory courses and exams. The organization’s push toward innovation is evidenced by its recent migration of instructional systems and applications to the cloud. And, alongside that effort, SOMOS Educação, with enthusiastic support from its board of directors, is making a significant investment in strengthening, unifying, and streamlining its security architecture at every touch point—servers, endpoints, and databases.

CIO Juliano Pereira and lean team of devoted and seasoned IT and security professionals are determined to ensure a more secure and consistent experience for the students who use their services, their parents, and SOMOS Educação’s 5,500 employees, who are distributed across 50 locations nationwide. Personal privacy, data protection, and building a solid and reliable defense against advanced threats like the recent WannaCry ransomware outbreak top their list of security priorities.

To that end, Pereira and his team selected McAfee as the organization’s primary security vendor, primarily because of the McAfee integrated approach to security and the simple, single-pane-of-glass management capabilities via the McAfee ePolicy Orchestrator (McAfee ePO) console. The organization started its journey with McAfee by deploying McAfee Endpoint Security, which provides a single platform with an array of defenses—everything from web protection to ensure safe browsing to scanning that uncovers vulnerabilities to behavioral analysis and machine learning to detect advanced and zero-day threats.

Next on the agenda was implementation of McAfee DLP Endpoint, which has had a marked impact on the organization’s culture and on those who make use of its educational services. Pereira has made a point of informing all the organization’s constituents about these added data security controls as a way of heightening security awareness among employees and giving external users greater peace of mind. “Students and their parents will feel more at ease, and employees will be more mindful about the way they use and transmit data,” says Pereira.

At the heart of SOMOS Educação’s updated security architecture is the McAfee ePO console (video below), which has considerably elevated the security team’s efficiency and capabilities by consolidating management tasks, facilitating enforcement of data protection policies, and offering an unprecedented level of visibility and reporting. As an example, Pereira points out that the McAfee ePO console revealed that McAfee had thwarted 1,065 threats in a week’s time.

Migration of student services to the cloud, which Pereira sees as both inevitable and necessary, prompted him to adopt McAfee Web Protection, which provides consistent protection and policies both on premises and in the cloud.

SOMOS Educação’s journey to innovation and better cybersecurity has just begun, but already the organization has made great strides. Pereira and this team are proud of the progress they’ve made so far and look forward to expanding the depth and breadth of their cutting-edge cybersecurity architecture and to serving as an example for other organizations in the education sector.

“We are at the beginning of our journey, and we still have far to go before we achieve all our goals, but we take pride in the fact that we are leading the way when it comes to cybersecurity. When our schools hear that we are providing them with stronger security, they are really pleased and receptive,” affirms Pereira.

To read the full case study, click here.

The post Brazilian Educational Organization Gets High Marks for Innovation Leadership with Integrated Security from McAfee appeared first on McAfee Blogs.

Six Things your Enterprise Needs to Learn from the DNC Hacking Indictment

All politics aside, the United States Department of Justice on Friday unsealed a judicial indictment against a number of individuals alleged to be from Russia’s intelligence services engaged in activities in 2016.

Stepping outside of the context of this party or that party, and politics as a whole – McAfee’s CTO, Steve Grobman noted, “Attribution is amongst the most complex aspects of cyberwar and the US government is in a unique position to make this attribution assessment.  Technical forensics combined with information from trusted intelligence or law enforcement agencies are needed to provide confidence behind identifying actors in an attack or campaign.  These indictments clearly show the US has reason to believe Russia interfered with the election process. “

The level of technical detail also offers practical insight for aspects of organizations’ readiness to react to the threat environment.

1) Nation State Activity is Real

At McAfee, we operate our own Advanced Threat Research.  We employ many professionals whose entire job it is to find ways to break things, to learn how others have already broken things, and to make decisions on the level of risk it represents to our customers and future customers.  Our hope is that our activity is both non-disruptive, ethically conducted, and consistent with our corporate values and our commitments to our customers.  In today’s threat environment, countries throughout the globe are investing in the cyber capabilities to practice intelligence, deception, counter intelligence, and in the past few years, we have documented the crossover from the cyber capability into kinetic effects.

While matters of one service’s actions versus another’s being perceived as “good” or “bad”, a matter of “criminal conspiracy” or “policy” involves many factors and points of view, as a profession it is critical that we recognize this rapidly growing reality for the fact that it is.

This judicial action is another breadcrumb reminding us as enterprise leaders that sophisticated adversaries need resources to act, especially those enterprises involved in services to organizations of public importance.  Organizations should evaluate their customer base, and the services that they provide for relative risks.  Risk has upside opportunity (“Revenue”) but should also prompt questions internally as to whether an organization or subset requires advanced security controls, or more proactive threat detection and resistance measures.

2) Geo-Location is Practically Irrelevant

For many professionals engaged in the early days of information security, we could leverage aspects of connection metadata to make snap judgements about the trustworthiness of requests.  The days of first-jump relays to command and control servers going to a given country’s public IP space or a two- letter country-associated domain are mostly over.

Instead, the organization needs to transition, looking more directly at the behavior of not just users, but of systems, and the access of resources.  At McAfee, we have evolved our own offerings in this space to establish McAfee Behavioral Analytics to discern elevated risks that break established patterns and to put advanced tools like McAfee Investigator in the hands of threat hunters.

Whether using our products or not, today’s enterprise needs to rely on security behaviors that do not look for traditional geographic or demographic identifiers as a means of making a strong determination of trust for access and/or threat identification.

When it comes to identify mis-use, where multi-factor authentication is possible, it should be implemented, with a decreased emphasis on means which are easily open to interception by opponents (like SMS based message codes).  Yubikey, TOTP based generators, and interactive application confirmation by providers like Duo Security are all effective measures to make it more difficult to apply credentials intercepted or cajoled from end users by other means.

3) URL Shorteners can be a Risk Indicator

While for many organizations – especially in the realm of social media analytics – the use of URL shorteners has enabled short-format messaging with business intelligence potential, they are often a means to obscure potentially malicious targets.  The indictment released by the United States Department of Justice highlights the continuing threat that the combination of URL Shortening and the user-focused technique of Spear Phishing continue to present as a means to attack the enterprise.

Aside from education campaigns to help users distinguish legitimate links and to help them become more sensitive to the risk, the organization can also consider web access methods for greater control and recognition of potential threats.

Systems like User Entity Behavioral Analytics (UEBA) can identify outlier websites not otherwise accessed at the organization and the presence or use of unknown URL shorteners can itself be a risk indicator.  The security operations team may want to look at the identification/risk management of certain URL shorteners over time to aid in determining which become commonly seen in the wild in the organization’s recent incidents, and thus could or should be managed in email and web access hygiene.

4) Vulnerability Management is a Key Risk Mitigation

I’ve never known a security professional who skips into the office with their coffee and announces, “I love patching servers.”  Never.  As experienced security leaders, we know how hard it can be to manage the impact to production systems, to identify system owners, to work together to maintain a cadence of patching.  Sometimes, even just the heterogeneous nature of the modern operating environment can be its own challenge!

The alleged activity of the identified conspirators reminds us how critical the public attack surface remains in protecting the enterprise as a whole.  Try as we might, each of our public infrastructure will maintain a footprint.  We “leak” details of our enterprise systems as a necessary byproduct of creating the ability for those systems to technically operate.  DNS Records.  Public IP block ownership.  Routing advertisements.  Job listings.  Employee CVs.  Employee social media profiles.

Vulnerability management requires an organization to think about more than patching.  Your organization’s threat surface has to be considered in a broader sense to manage holistic threat consideration and remediation.  The organization can also use public models as a means to check the organization’s readiness to defend against new vulnerabilities ahead of patching or other long-term remediation.

5) Response Threat Hunting is Hard – Trust Nothing

Despite the best efforts of technical security teams, sometimes intelligence and cues are missed.  The reality is that sophisticated adversaries have sophisticated skills and multiple means to stay engaged.  They also have reason and/or desire to hide from security teams.  As security professionals, we have to put personal ego and hubris aside.  Threat hunting in an incident is a time for humble approaches that recognize the adversaries are at or above our own skill level (and hope that is not the case).

In such a case, we go back to a few core fundamentals: we trust nothing.  We require validation for everything.  Each piece of intelligence goes into the picture, and through our tools to identify additional leads to pursue, and is evaluated for potential remediate actions made possible.  While we have talked at length prior about the cyber kill chain, a fundamental truth illustrated in today’s Department of Justice action is that where advanced activity occurs, the entire environment needs to be suspected and become zero trust.

Can you force each network flow to be validated for a time?  Can someone form the organization vouch for a piece of software or a specific node on the network?  Do your pre-work ahead of time to create the space so that when company brand is on the line, you can use maintenance windows, incident response policies, and similar corporate buffers to buy the “right” to shut down a segment, temporarily block a network flow and see what happens, etc.

6) Your organizational data is in the cloud. Your Incident Response needs to be, too.

The cloud was a key opportunity for the organizations compromised in these activities to continue to lose information.  Indications are that when the identity and initial incident was addressed “on premise”, the cloud systems were not connected to those changes.

Your organization has leveraged the advanced capability and time to market of the cloud.  Our recent survey of organizations worldwide indicates that the typical enterprise class organization has dozens of distinct providers hosting corporate data.  Just as your sensitive information may be stored in those providers, yet is part of your brand value and your delivery strategy, your response plans need to integrate intelligence from those providers – and to those providers – for investigation and mitigation.

Building unified visibility across cloud providers requires a deliberate approach and investment from the organizations.  Incident response procedures should include looking at cloud sources for activity from potential Indicators of Compromise, as well as an incident step of considering what actions are needed to manage the risk in cloud providers.

Your cloud is part of your holistic data and threat stance, it also needs to be part of your remediation and resilience plan.

Nation State Actors Remind us of the Fundamentals

The indictment released by the United States Department of Justice describes a multi-faceted effort that involved target research, user-focused phishing, exploiting vulnerable software, malware, and making use of the disconnect between on-premise and cloud management.

For literally years, McAfee has focused on a platform approach to security in our products.  We offer software with advancements like OpenDXL and an actively managed ecosystem of Security Innovation Alliance offerings.  We make these investments for the simple reason that in order to protect and adapt to continuing threats, your organization needs rapidly available, actionable intelligence.  Your organization’s approach to information security should return periodically to verify fundamental information sharing and basic controls, even as advanced capabilities are implemented.

 

The post Six Things your Enterprise Needs to Learn from the DNC Hacking Indictment appeared first on McAfee Blogs.

Taking the Robot out of the Human

This blog post was written by Nick Viney.

Artificial intelligence, or simply AI, was merely a dream a number of years ago – now, not only are we seeing it become more common in our everyday lives, it’s beginning to be a very hot topic amongst businesses. Last year, the Boston Consulting Group and MIT Sloan Management Review study published a report that found 84% of respondents thought AI will enable them to obtain or sustain a competitive advantage whilst 75% felt AI would allow them to move into new businesses and ventures. Simply put, AI is revolutionising business as we know it.

Many business leaders agree that having AI and a level of self-automation being present in some part of a business, however big or small, is beneficial. However, there are still a number, albeit a small group, of leaders who have voiced their concerns. At the very worst, there is a worry that should AI become too prominent, the worst-case scenario is a humans vs robots with ultimately the human workforce being side-lined. Putting that to one side, the benefits of AI in business is vast and here are a few examples of how I believe AI will be revolutionising the enterprise space in the not too distant future:

Redefining logistics

When AI and robotics were added to the production line, many feared that manual jobs would become solely automated. However what sceptics of robotics don’t realise is that it was implemented to take on the smaller, less critical tasks – like packing, stacking and labelling boxes. Many think the world is on the verge of a technological revolution, or the “The Fourth Industrial Revolution” (4IR) which is a combination of technologies that fuse the physical, digital and biological worlds together – a world where machines can think for themselves.

Similar to production lines, basic data entry and programming roles are becoming much more efficient and cost-effective through AI. Filling vacancies with long-term, fully automated AI-powered computers could be the answer, but in the short term, teaching smart technology to work alongside human talent could be the way forward for businesses and help bridge the skills gap, which takes me onto my next point.

Data Insights

Whilst the access to time and skills is limited and businesses become more and more data-driven, it’s clear that taking two weeks to manually translate raw data has significant implications. With the volume of data being generated on a daily basis, it’s no surprise that inaccuracies occur. Whilst time is eaten by employees tidying data into something that’s meaningful – chances are that by the time it’s complete, it’s already out of date. Sceptics will argue that certain jobs can be done more efficiently by humans, however, this can come at a higher cost in man-hours and more receptive to human error. Jeopardising the security of your business cannot be an exception at any cost.

Improving data security

Cybersecurity is a critical part of enterprises with businesses spending billions of dollars each year in making sure its defences are able to keep out hackers. The job of staying ahead of hackers is incredibly challenging for CTO’s, but the capabilities of AI can certainly help. Whether it’s the latest spyware, DDoS attack patterns or botnets, hackers are constantly evolving and adapting to find new ways in which to breach a company’s data defences. Where we’re seeing AI supporting is having the ability to scour the internet to look for some of these threats ahead of time and before they are used against companies. Human security analysts can only do so much and in many cases, the pace and change to the threat landscape are simply too much. Leveraging AI and deep learning to help human analysts will make things a lot safer for businesses.

Bridging the skills gap

Despite AI’s potential to drive change, there continues to be a shortage of cyber skills. According to a ESG survey of 650 IT cybersecurity professionals this year, 51% claimed they had a “problematic shortage of cybersecurity skills”. The ramifications include increased workload on cybersecurity staff to hire and train juniors as opposed to hiring experienced cybersecurity professionals – leaving less time to deal with cyber crises when they need to. However, this shouldn’t be seen as replacing jobs, but will instead increase the need for workers with more advanced skills. Businesses need to invest in creating a culture of constant learning for their staff where they can learn new skills and attract leading AI practitioners. The introduction of AI could help bridge the gap by widening skills and allowing employees to work alongside machines – leaving AI to manage less critical jobs.

AI should not only create time for innovation and proactive threat hunting but deliver cost savings and increase employee productivity. Like the revolutions that preceded it, 4IR has the potential to improve the quality of life for employees and their employers around the world. With AI taking a leading role in tackling simple and repetitive tasks, the human workforce can focus on roles that are more complex, challenging and require much more critical thinking power. Unfortunately, though we cannot see the future yet, businesses should think more holistically about the advantages of AI and what can be reaped, before competitors do.

To keep up-to-date with the latest cybersecurity news, take a look at the McAfee Security blog here.

The post Taking the Robot out of the Human appeared first on McAfee Blogs.

How One Healthcare Company Implements DLP to Protect PII and PHI

In 2016, Prime Therapeutics, an American pharmacy benefits management company, hired Jacob Walls to bolster data loss prevention across the enterprise. The company serves 22 Blue Cross Blue Shield health care plans and more than 27 million members nationwide, including one out of every six people covered through US public healthcare exchanges. Since Prime Therapeutics’ employees and systems handle both PII and PHI daily as they interact with Blue Cross Blue Shield, pharmacists, Medicare and Medicaid, and employers, a robust DLP defense is essential.

Defining and Implementing DLP Use Cases Throughout the Enterprise

In his role as a senior information security engineer and Prime Therapeutics’ main DLP expert, Walls and his team spend a lot of time engaging with other departments outside of security. First, they work to understand the stakeholders’ DLP-related concerns and define specific use cases to meet their various privacy, compliance, legal, or incident response-related requirements. Then they create rules for the company’s McAfee Network DLP appliance[s] and McAfee DLP Endpoint agents to test and implement.

“Different departments come to us and request the services for a specific use case,” explains Walls. “We’ll usually provide them with metrics around how well a rule set can address their use case… go over false positive rates and things like that to give them a baseline of how effective [DLP] would be.” Then, after implementing the policy, Walls or another engineer will meet regularly with the requestor of the policy to provide feedback on its effectiveness and, as necessary, tweak for improvements.

For instance, the company’s Privacy and Data Distribution department was concerned that users could print sensitive information on unauthorized printers. Using the built-in local printing rules in the McAfee Network DLP appliance, Walls easily addressed the issue, enforcing the printing of sensitive information only to authorized printers. In addition, discussions on effectiveness led to reporting that filters printing by user and content to pinpoint any employees who need additional education or monitoring.

Preventing Sensitive Data Leakage Via Email

Since email is the primary form of communication with entities outside the network, for many specific departments and the enterprise in general, preventing exfiltration of sensitive information via email message or attachment is one of Prime Therapeutics’ most important DLP use cases. This use case was also the main reason for purchasing McAfee Network DLP.

“Using McAfee Data Loss Prevention, we have implemented corporate policies that restrict sensitive information from exiting the network via email unless authorized and encrypted,” notes Walls. “Moving this functionality from the MTA [Mail Transport Agent] to DLP has allowed for true security ownership and has greatly enhanced our capabilities in this area. Additionally, reporting and metrics around the use of email for communicating sensitive information has helped us internally to gauge the level of risk associated with this communication method…The visibility we now have into outbound email communication has been extremely beneficial on multiple fronts.”

Effectiveness and speed are driving indicators of success… The visibility McAfee DLP has given us into both our data at rest and our data in motion has had both an immediate and ongoing positive impact on our business.”

—Jacob Walls, Senior Security Engineer, Prime Therapeutics

How Successful are These DLP Implementations?

“Effectiveness and speed are driving indicators of success,” says Walls, pointing to lack of data leakage incidents and ease of compliance as components of those two indicators. “The visibility McAfee DLP has given us into both our data at rest and our data in motion has had both an immediate and ongoing positive impact on our business.”

A side-benefit of implementing McAfee DLP Endpoint and McAfee Network DLP for Prime Therapeutic has been an increase in awareness across its employee base regarding sensitive data. “Awareness around data-at-rest and the need to place controls around approved locations appears to be growing,” states Walls. “[It] is not limited to specific departments, but rather arises from projects and conversations between all the teams involved. It’s a positive maturing of controls due to greater business awareness of DLP.”

Advice to Those Looking to Implement DLP Solutions

Based on his experience, Walls says he would advise anyone looking at DLP solutions to begin by identifying and prioritizing use cases. “Much of the work around DLP happens outside of the tool and is process-driven,” he elaborates. “Therefore, it’s important to engage with the stakeholders and affected parties even prior to any rule configuration. That said, make sure you know what the DLP solution is capable of, and what it offers for integration and workflow. Doing so up front will save a lot of time and help avoid miscommunication and misaligned expectations.”

Walls also offers words of encouragement. He really enjoys his job, and especially interacting with other areas of the business. “I get great satisfaction in solving a problem and sharing that with the people I’ve solved the problem for,” he claims.

Working with DLP has also shifted Wall’s priorities and expanded his viewpoint. “DLP definitely branches out to other departments and gets you engaged with privacy, with legal—really with your core business,” he says. “I’ve been able to sympathize a little more [and understand better] the desired end results of other departments outside of security. So that’s been helpful.”

“Security is not a one-person job; it can’t be accomplished with one person [or] one company,” concludes Wall. “So we need partners, and we need friends in the industry to work together. The McAfee support team has consistently available, receptive, and responsive to our questions and needs. ‘Together is Power’ is definitely something that McAfee represents for us.”

To watch a video of Jacob Walls talking about his experience with McAfee and information security, watch below. Get your questions answered by tweeting @McAfee_Business.

The post How One Healthcare Company Implements DLP to Protect PII and PHI appeared first on McAfee Blogs.

Securing the vulnerabilities of working from home

This blog post was written by Nick Viney.

With more and more businesses offering employees the opportunity to work outside of the office, it’s no surprise that IT departments are becoming increasingly nervous about the dangers of remote working. As this method of boosting staff morale becomes common, sensitive company data has the potential to be in various risky locations outside the remit of the office safe zone. We’ve rounded up some key areas that all businesses should be focusing on to stay ahead of the game especially when their reputation could be at risk.

Recruiting talent and training

Employees that work outside the four office walls, exposes businesses to the risks of data theft and fraud, even from a distance. By assessing the risks associated with all types of remote working, it’s good practice to train and advise staff on the impact of their actions, otherwise, it’s easy to lose sight of rules and procedures.

Due to the ongoing issue of too few people with the ‘right skills’ in the tech sector, the future to success may be to merge human and machine learning. This could not only reduce the gap, but allow businesses to remain on the front foot against cybercriminals. Without it, we’re could be wasting valuable time that could otherwise be used for innovation and proactive threat hunting.

Share responsibility

With emails and the web being the most common form of digital comms in a workplace, staff must be educated on the key giveaway signs in spotting, flagging and reporting anything that looks suspicious. By sharing the responsibility and encouraging employees to flag anything suspect, you’re naturally raising awareness internally and warning others from falling into similar traps – openness is the key, and this way you’re always one step ahead of those with malicious intent.

You must also have trust in the people that work for you. In the “second economy,” trust is key to the success of a business and the prime casualty of conflict. Without it, you may be putting your company, its data and even your other employees at risk. By evolving both technology and organisational culture, businesses would naturally become more cohesive and share responsibilities where no one can do it alone – ‘Together is Power’.

Security

By ensuring that all systems holding any business related data are fully equipped with firewalls and protective software, you’re reducing the risk of data breaches. Teams must work together to ensure tools can operate collectively to protect and detect potential threats. With some data being too sensitive to be outside of the office walls, it’s useful setting up staff accounts with permissions that limit data or deny staff from accessing it remotely.

Security must be taken seriously – from the CEO’s desk to the end user. This is especially prevalent with employees coming and going constantly in a business – Employers must have strategies in place to ensure accounts are deactivated and activated at any given time. Although it’s still early days, we may see GDPR being an opportunity for security transformation across businesses where a culture of privacy is compulsory.

Cloud control

The Cloud has become an integral part of business, however, its advantages come with its own share of high risks. It’s important to note that each additional data storage site increases your exposure to risks, therefore the number of places you’re storing data should be kept at a minimum. By regularly monitoring for any potential threats and implementing a strong security plan with your employees, you’ll have much greater control of your assets. When you have control, especially focused in one dedicated place it’s easier to locate where security is weakest, identify new gaps and mitigate risk quickly.

With the number of businesses offering flexible working increasing, the risk of vulnerabilities is becoming greater. Employers must take responsibility for how staff are administering their first line of defence and consider what policies they need to put in place to concede to these demands in the safest way possible.

To keep up-to-date with the latest cybersecurity news, take a look at the McAfee Security blog here.

The post Securing the vulnerabilities of working from home appeared first on McAfee Blogs.

Winning the Game at McAfee: How Gamers Become Cybersecurity Workers

This blog was written by Jeff Elder.

When Austin Ortega was 12, he and his brother fought over who got to play video games like Gorillas and Commander Keen on an old family computer his parents had bequeathed to them. Then one day, they broke it. Their dad brought to their Grapevine, Texas, home a stack of floppy disks, dropped them in front of the boys, and told them to fix it. They did.

“I think it took like 14 floppy disks. They took a while to install,” says the McAfee technicalsupport engineer, who references gaming in every class he teaches to new employees. “Video games probably pushed a lot of us into an IT job,” says Ortega, 32. “We were sitting in front of a computer for hours, anyway. We might as well get paid for it.”

 

Ninety-two percent of cybersecurity managers say gamers possess skills that make them suited to a career in cybersecurity – and 75% would consider hiring a gamer even if that person had no cybersecurity training or experience.

Welcome to cybersecurity in 2018, where “Winning the Game” is more than a metaphor for beating attackers. Gaming today is part of a strategy to attract scarce workforce talent. And once cybersecurity workers are hired, gaming can help keep them sharp, keep them happy, and keep them, period.

In our recent report, Winning the Game, 950 cybersecurity managers and professionals in organizations with 500 or more employees were surveyed to gain insight into innovation, employee-satisfaction, and gamification.

The corroborating evidence to Ortega’s experience is stacked up like 14 floppy disks:

  • 92% of managers surveyed say gamers possess skills that make them suited for a career in cybersecurity
  • 80% of extremely dissatisfied employees who report their organization does not use gamification say they wish they did.
  • 77% of senior managers say their organization’s cybersecurity would be much safer if they implemented more gamification.

At McAfee, we see that at our company’s main offices in Santa Clara, Calif., and Plano, Texas, and with employees around the world.

“Video games brought me into computers and more technical areas of interest,” says Conor Makinson, a quality assurance engineer in Cork, Ireland. “Personally being one of the ‘young cybersecurity workers,’ I think that some games can really help develop mindsets that are beneficial to working in security.”

This is part of our public outreach to tech workers, a workforce in very high demand. Our chief information security officer told security’s biggest trade show about the benefits of gamification last week. “I’m a gamer,” said Grant Bourzikas at a session on recruiting talent at the RSA Conference in San Francisco. “I hate losing a game three times in a row. I have to win, and my wife is mad because we’re late, but I am focused.” Bourzikas looks for that focus and tries to channel it in our security operations center, where games are part of the work.

All those hours trying to beat a game may have actually been an investment in your career. (Hear that Mom and Dad?)

And building games may take Ortega’s floppy disk challenge into the 21st century. “I actually made flash games, first-person shooter games, and role-player games when I was in high school, and it definitely increased my interested in tech and coding,” says Catherine Gabel, demand generation specialist in Silicon Valley who joined McAfee it its Skyhigh Networks acquisition.

Gaming, like its dark-arts cousin hacking, has global reach. Nam Nguyen, a McAfee sales engineer, grew up gaming in South Vietnam, beginning at age 10. “I spent all of my lunch money on it.” He sees great potential for gamifying cybersecurity. “You have to find out new ways to beat the game, and the same is true in cybersecurity.”

Bourzikas and Chatelle Lynch, McAfee’s head of human resources, are already looking ahead to seek out the future of cybersecurity talent, and see much of it engaged in gaming. Austin Redlin, 17, agrees. “Gaming did, in fact, spark an interest in computers for me,” he says. “I began to want to understand what everything meant in a computer.”

Redlin is headed to the U.S. Marine Corps’ military occupational specialty school for Communications and IT. Is a career in the cybersecurity industry in his future? Well, it runs in the family. His mom, Deb Redlin, is executive assistant to McAfee Chief Technology Officer Steve Grobman.

Gaming and cybersecurity go hand in hand, the young Redlin said – via snail mail to his mom from Parris Island, South Carolina. Boot camp, even in 2018, is still one place that doesn’t tolerate games.

Jeff Elder was a member of the McAfee Digital Media Team.

The post Winning the Game at McAfee: How Gamers Become Cybersecurity Workers appeared first on McAfee Blogs.

Come Talk to McAfee at the Gartner Security and Risk Management Summit

A wide group of experts from McAfee will be attending the Gartner Security & Risk Management Summit from June 4-7 in National Harbor, Maryland. The summit brings together an estimated 3400 attendees and over 200 exhibitors looking to share their vision, stories and capabilities with a wider range of cybersecurity and risk management experts. Personally, I’m looking forward to sessions on Security Operations, Management and Orchestration,

Join us on Tuesday, June 5th from 10:30-11:15, for a session entitled Appetite for Destruction – The Cloud Edition, given by Rajiv Gupta, SVP of the Cloud Security Business Unit and Raj Samani (@Raj_Samani), Chief Scientist and McAfee Fellow. Raj and Rajiv will examine the evolving threat landscape in 2018 and how the cloud will increasingly come under fire.

Looking to hear more about our view on cloud security? One of our system engineers, Will Aranha, a DC native from Skyhigh, now part of McAfee, will give a great session entitled Cloud Security in the Era of “There’s an App for That. While it takes place on Monday, June 4th, the same day this blog was published, swing by the booth if you want a summary or a follow-up on the slides he presented. If you’re reading this in time – head to George’s Hall D by 1:50pm.

Speaking of our booth, I have to encourage you to visit McAfee at booth #436. Talking to experts 1:1 is one of the best ways to get educated and answer questions. My hope is that you’ll walk away with a bigger and broader vision of what McAfee can do. We call it our Device to Cloud protection vision.

Better yet see live demos of both updated and new products. We’ll have 4 stations centered on the following:

Endpoint Security – Protecting against advanced and fileless threats is important, but you also need context on threat trends (not just EDR) and the ability respond quickly and efficiently (a single security management console called ePO makes it easier). Find out what the new McAfee is doing differently in this space.

Evolve Your Security Operations – Wondering why you can’t get more out of your SIEM? Wish you had a few more tier 2 or tier 3 security analysts on staff? See how analytics and machine-learning can transform how every analyst, regardless of their level, can find threats and make decisions faster. Here’s a screen shot from our Mock SOC demo that gives you a taste of how both McAfee Behavior Analytics and McAfee Investigator can transform your team.

McAfee Behavioral Analytics (MBA) screen shot that shows a high-risk user and the reason for the rating. MBA uses machine-learning to model users and organizational behavior.

The beginning of an investigation with McAfee Investigator as shown in the mock SOC demo (the red box highlights a guided investigation). Turns an analyst into a real Sherlock Holmes.

Data Center & Cloud DefenseIf you’re like most enterprises, you’ve got some workloads running in a hybrid cloud. The team here will show you how to make protection fast and easy through things like automated workload and container discovery, cloud-optimized threat defense, and network visibility and micro-segmentation. A recent SANS endpoint survey (a multi-vendor effort) showed the network as 1 of 3 top areas where respondents detected compromises.

McAfee Skyhigh Security Cloud (CASB)Your teams are working the in cloud which makes securing the areas where they work (e.g., Office 365, AWS, Azure, Box, Salesforce, Slack, and others) important. The team will help you better understand everything from DLP to collaboration control policies to detecting compromised accounts in cloud environments.

Click here to find out how MGM Resorts International uses McAfee solutions, including the McAfee SIEM and Investigator products, to significantly reduce detection and response times. Select benefits included:

  • Improved security posture through well-orchestrated integration and intelligence sharing
  • Accelerated time and reduced effort to contain, investigate, and remediate advanced threats
  • Improved collaboration and skills of security investigation team

Stop by our booth (#436) to hear about more customers and use cases. If you can’t make it to the show, I encourage you to reach out to learn more about the innovation occurring at the new McAfee.

The post Come Talk to McAfee at the Gartner Security and Risk Management Summit appeared first on McAfee Blogs.

The New Security Experience

Everyone has their limits — limited budget, limited staffing and time — but we seldom take into account the basic limitations imposed on us by something we can hardly control: our minds. But understanding limits helps us work with them, not against them. Following years of hard work and focus, we have now begun to introduce a new security experience.

McAfee wants to bring radical efficiency to cybersecurity staffs. That can be achieved in part by developing technologies like the McAfee® Data Exchange Layer (DXL) to bring cross-product and cross-vendor communication to cybersecurity solutions, though we see a place where the needs of our customers can be met even further by honestly addressing the limits of our minds.

How large is the average person’s working memory? Conventional wisdom says we can juggle seven different things at a time, plus or minus two. Even the smartest among us can still remain fairly ignorant about how little we can hold in our heads at any one time.

Some years ago, University of Notre Dame researchers ran a study1 where they instructed people to start a task at a table on one side of a room before walking to a table on the other side of the room to complete it. As humans, we do that kind of thing reasonably well.

But then the researchers partitioned the room, leaving a doorway between the two tables, and completion rates plummeted. The study blamed that common human experience of walking to another room to get something and forgetting what it was once you got there.

Imagine leaving your living room to make popcorn, but the moment you enter the kitchen you can’t remember what you’d been thinking. The study supposed that our minds dehydrate our sense of where we were as we move from one place to another, to better focus on our new location. But context-switching is a lossy operation. If you don’t deliberately carry something over that threshold, you might drop it. Returning to the living room rehydrates that context, and suddenly you remember the popcorn.

Those researchers ran the same study with people in front of computers. When moving from one end to another of a single space on screen, people did well. Place a virtual partition in the virtual space and completion rates tanked equivalently to moving through contexts in the real world.

Some cybersecurity products might look simple, but navigating through simple contexts still costs something, and with stakes much higher than failing to make popcorn. Common cybersecurity workflows — from investigating threats to changing policy — regularly require moving across many more screens than anyone can hold in their head at the same time. This burns vast amounts of cognition.

Simply by disassembling the old cybersecurity experience to bring related information together in a single, high-context workspace — encouraging the user to drive into the right information at the right time — we shift the cognitive load from managing context switches to actually solving cybersecurity problems.

Over the past 18 months, McAfee has shipped several new and innovative experiences designed to accelerate mundane tasks, focusing limited cybersecurity staff on the task at hand. Our most recent launch was an entirely new product, McAfee® Investigator which combines a high-context, guided experience with powerful cloud-based analytics and machine learning, with strong customer outcomes being praised by industry analysts and customers alike. Bringing McAfee’s UX approach to our existing products is also testing well, reducing some common workflows from minutes to seconds.*

While we look forward to sharing more about our efforts in the weeks and months to come, we know all too well that once you move your attention somewhere else, you’ll likely forget most of what you just read here. Still, if you keep just one thing, remember this: McAfee wants to be your number one security partner, not only by offering full protection from device to cloud but also by making cybersecurity workers radically more efficient — to help you avoid dropping crucial clues without even realizing it, like something you went to the other room to get and forgot what it was once you got there.

We see a bright opportunity for a new security experience. At McAfee, we look forward to getting there together.

 

1 “Walking through doorways causes forgetting: Situation models and experienced space” (University of Notre Dame); Radvansky, G.A. & Copeland, D.E. Memory & Cognition (2006) 34: 1150.

*Time reductions are intended as examples of how a given McAfee product, in the specified circumstances and configurations, may provide time savings. Circumstances and results will vary.

The post The New Security Experience appeared first on McAfee Blogs.

McAfee earns a Top Product Award from AV-Test!

McAfee achieved a near perfect score of 17.5 for both McAfee Internet Security (MIS) 20.8, and McAfee Endpoint Security (ENS) 10.5.3, in the areas of protection, performance and usability in the latest round of testing from AV-Test. The AV-TEST Institute, a leading international and independent service provider in the fields of IT security and anti-virus research also honored both products with a Top Product Award.

These results, announced May 28, continue to build on improvements earned over the last several test cycles.  In the latest tests, both MIS and ENS achieved a perfect score of 6 out of 6 in both usability and protection and a near perfect score of 5.5 out of 6 in performance.

Our latest Endpoint Security solutions continue to be market-leading solutions, surpassing other consumer and enterprise platform security vendors in independent scoring around Protection, Performance and Usability.  In fact, both McAfee ENS and MIS was 100% effective against prevalent malware circulating in the past 4 weeks and was virtually 100% effective against 0-day malware attacks as well (a single miss). Both products had ZERO false positives which means you can trust the results you receive from our products. McAfee ENS and MIS also showed virtually no signs of impacting user productivity.

Curious how we fared relative to the competition? You can visit AV Test’s website at https://www.av-test.org/ for all current and past test results.

The post McAfee earns a Top Product Award from AV-Test! appeared first on McAfee Blogs.

Security is not a buzz-word business model, but our cumulative effort

Security is not a buzz-word business model, but our cumulative effort

This article conveys my personal opinion towards security and it's underlying revenue model; I would recommend to read it with a pinch of salt (+ tequila, while we are on it). I shall be covering either side of the coin, the heads where pentesters try to give you a heads-up on underlying issues, and tails where the businesses still think they can address security at the tail-end of their development.

A recent conversation with a friend who's in information security triggered me to address the white elephant in the room. He works in a security services firm that provides intelligence feeds and alerts to the clients. Now he shared a case where his firm didn't share the right feed at the right time even though the client was "vulnerable" because the subscription model is different. I understand business is essential, but on the contrary isn't security a collective argument? I mean tomorrow if when this client gets attacked, are you going just to turn a blind eye because it didn't pay you well? I understand the remediation always cost money (or more efforts) but holding the alert to a client on some attack you witnessed in the wild based on how much money are they paying you is hard to contend.

I don't dream about the utopian world where security is obvious but we surely can walk in that direction.

What is security to a business?

Is it a domain, a pillar or with the buzz these days, insurance? Information security and privacy while being the talk of the town are still come where the business requirements end. I understand there is a paradigm shift to the left, a movement towards the inception for your "bright idea" but still we are far from an ideal world, the utopian so to speak! I have experienced from either side of the table - the one where we put ourselves in the shoes of hackers and the contrary where we hold hands with the developers to understand their pain points & work together to build a secure ecosystem. I would say it's been very few times that business pays attention to "security" from day-zero (yeah, this tells the kind of clients I am dealing with and why are in business). Often business owners say - Develop this application, based on these requirements, discuss the revenue model, maintenance costs, and yeah! Check if we need these security add-ons or do we adhere to compliance checks as no one wants auditors knocking at the door for all the wrong reasons.

This troubles me. Why don't we understand information security as important a pillar as your whole revenue model?

Security is not a buzz-word business model, but our cumulative effort

How is security as a business?

I have many issues with how "security" is being tossed around as a buzz-word to earn dollars, but very few respect the gravity or the very objective of its existence. I mean whether it's information, financial, or life security - they all have very realistic and quantifiable effects on someone's physical well-being. Every month, I see tens (if not hundreds) of reports and advisories where quality is embarrassingly bad. When you tap to find the right reasons - either the "good" firms are costly, or someone has a comfort zone with existing firms, or worst that neither the business care nor do they pressure firms for better quality. I mean at the end, it's a just plain & straightforward business transaction or a compliance check to make auditor happy.

Have you ever asked yourself the questions,

  1. You did a pentest justifying the money paid for your quality; tomorrow that hospital gets hacked, or patients die. Would you say you didn't put your best consultants/efforts because they were expensive for the cause? You didn't walk the extra mile because the budgeted hours finished?
  2. Now, to you Mr Business, CEO - You want to cut costs on security because you would prefer a more prominent advertisement or a better car in your garage, but security expenditure is dubious to you. Next time check how much companies and business have lost after getting breached. I mean just because it's not an urgent problem, doesn't say it can't be. If it becomes a problem, chances are it's too late. These issues are like symptoms; if you see them, you already are in trouble! Security doesn't always have an immediate ROI, I understand, but don't make it an epitome of "out of sight, out of mind". That's a significant risk you are taking on your revenue, employees or customers.

Now, while I have touched both sides of the problem in this short article; I hope you got the message (fingers crossed). Please do take security seriously, and not only as your business transaction! Every time you do something that involves security on either sides, think - You invest your next big crypto-currency in an exchange/ market that gets hacked because of their lack of due-diligence? Or, your medical records became public because someone didn't perform a good pen-test. Or, you lose your savings because your bank didn't do a thorough "security" check of its infrastructure. If you think you are untouchable because of your home router security; you, my friend are living in an illusion. And, my final rant to the firms where there are good consultants but the reporting, or seriousness in delivering the message to the business is so fcuking messed up, that all their efforts go in vain. Take your deliverable seriously; it's the only window business has to peep into the issues (existing or foreseen), and plan the remediation in time.

That's all my friends. Stay safe and be responsible; security is a cumulative effort and everyone has to be vigilant because you never know where the next cyber-attack be.