Category Archives: RSA Conference 2018

Expand vulnerability and risk management programs to eliminate security misconfigurations

In this podcast recorded at RSA Conference 2018, Tim White, Director of Product Management, Policy Compliance at Qualys, discusses how expanding vulnerability and risk management programs can eliminate security misconfigurations. Many don’t realize misconfigurations can be exploited just as easily as a vulnerable piece of software to result in compromise. Here’s a transcript of the podcast for your convenience. Hi, my name is Tim White with Qualys. I am the Director of Product Management for … More

The post Expand vulnerability and risk management programs to eliminate security misconfigurations appeared first on Help Net Security.

Most dangerous attack techniques, and what’s coming next

Experts from SANS presented the five most dangerous new cyber attack techniques in their annual RSA Conference 2018 keynote session in San Francisco, and shared their views on how they work, how they can be stopped or at least slowed, and how businesses and consumers can prepare. The five threats outlined are: 1. Repositories and cloud storage data leakage 2. Big Data analytics, de-anonymization, and correlation 3. Attackers monetize compromised systems using crypto coin miners … More

The post Most dangerous attack techniques, and what’s coming next appeared first on Help Net Security.

Customized IOCs, intelligence and SOC automation for orgs of every size

CrowdStrike announced at RSA Conference 2018 that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new threat analysis subscription module, CrowdStrike Falcon X. The output of this analysis is a combination of customized indicators of compromise (IOCs) and threat intelligence designed to help prevent against threats your organization faces now and in the future. Falcon X produces IOCs for both the threat that was actually encountered in your organization and … More

The post Customized IOCs, intelligence and SOC automation for orgs of every size appeared first on Help Net Security.

NIST releases Cybersecurity Framework 1.1

The US Commerce Department’s National Institute of Standards and Technology (NIST) has announced at RSA Conference 2018 the release of version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework. The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and … More

The post NIST releases Cybersecurity Framework 1.1 appeared first on Help Net Security.

Identity-as-a-Service for hybrid customer environments

OneLogin is showcasing enhancements to its Identity-as-a-Service (IDaaS) cloud platform, including the OneLogin Desktop experience, LDAP, and RADIUS capabilities, at RSA Conference 2018, in continued efforts to serve the sophisticated Access Management needs of modern enterprises. As customers digitally transform, OneLogin makes it simpler and safer for organizations to access the apps and data they need anytime, anywhere. OneLogin’s Unified Access Management Platform (UAM) is purpose-built for hybrid customer environments, allowing companies of any size … More

The post Identity-as-a-Service for hybrid customer environments appeared first on Help Net Security.

Stealth network traffic analysis appliance automates defense actions

LookingGlass Cyber Solutions announced at RSA Conference 2018 the general availability of the LookingGlass IRD-100 (Intelligence Response and Deception) security appliance. This fully programmable, custom stealth hardware is invisible to adversaries’ view of corporate and government networks. Designed to run in-line with low latency, the appliance creates a new point of control by using real-time traffic analysis. Performing these actions invisibly at line speeds across enterprise networks is made possible by the IRD-100’s unique Titan … More

The post Stealth network traffic analysis appliance automates defense actions appeared first on Help Net Security.

How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices

An iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer, could be exploited by attackers to gain lasting control over the device and extract sensitive information from it. The vulnerability was discovered by Symantec researchers, disclosed to Apple and now to the RSA Conference 2018 attendees and the wider public. Apple has implemented a mechanism that should prevent easy exploitation of the … More

The post How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices appeared first on Help Net Security.

In preparation for the GDPR, CoSoSys launches Endpoint Protector 5.1

CoSoSys announced the latest update of its award-winning flagship Data Loss Prevention product, Endpoint Protector 5.1, which brings added functionalities to key features and a boost for GDPR compliance. With only a few weeks to go until the EU’s General Data Protection Regulation (GDPR) comes into force on May 25th, companies on both sides of the Atlantic serving European customers are rushing to reach compliance before time runs out. Placing a heavy emphasis on protecting … More

The post In preparation for the GDPR, CoSoSys launches Endpoint Protector 5.1 appeared first on Help Net Security.

Open-source library for improving security of AI systems

IBM researchers have created the Adversarial Robustness Toolbox, an open-source library to help researchers improve the defenses of real-world AI systems. Attacks against neural networks have recently been flagged as one of the biggest dangers in our modern world where AI systems are increasingly getting embedded in many technologies we use and depend on daily. Adversaries can sometimes tamper with them even if they don’t know much about them, and “breaking” the system could result … More

The post Open-source library for improving security of AI systems appeared first on Help Net Security.

Infrastructure-agnostic web app protection with virtual patching option

Signal Sciences announced the latest innovations for its Web Protection Platform. Its patented architecture provides security, operations and development teams with the visibility, security and scalability needed to protect against the full spectrum of threats their web applications now face, from OWASP Top 10 to account takeovers, API misuse and bots. Signal Sciences works across any architecture, providing the broadest coverage against real threats and attack scenarios as well as integrations into DevOps tools that … More

The post Infrastructure-agnostic web app protection with virtual patching option appeared first on Help Net Security.

Top tech firms pledge not to help governments launch cyberattacks

34 global technology and security companies have pledged not to aid governments launch cyberattacks and to protect all customers regardless of nationality, geography or attack motivation. The Cybersecurity Tech Accord The Cybersecurity Tech Accord is a watershed agreement among the largest-ever group of companies agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states. The 34 companies include ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, Datastax, Dell, DocuSign, Facebook, … More

The post Top tech firms pledge not to help governments launch cyberattacks appeared first on Help Net Security.

Photo gallery: RSA Conference 2018 Innovation Sandbox

The RSA Conference 2018 is underway at the Moscone Center in San Francisco. Here are a few photos from the Innovation Sandbox, where the 10 finalists – Acalvio Technologies, Awake Security, BigID, BluVector, CyberGRX, Fortanix, Hysolate, ReFirm Labs, ShieldX Networks, and StackRox – demonstrated their technology to conference attendees as well as a judging panel. This year’s winner is BigID.

The post Photo gallery: RSA Conference 2018 Innovation Sandbox appeared first on Help Net Security.

Anomali collaborates with Microsoft to integrate threat data

Threat management solutions provider Anomali announced a collaboration with Microsoft to integrate threat intelligence from the Anomali ThreatStream platform with the security insights customers can obtain from the new Microsoft Graph security API. The collaboration provides Microsoft and Anomali customers with the ability to correlate cloud service and network activity with adversary threat information. As the work progresses, the integration will provide a complete view of asset and user information from Graph providers allowing for … More

The post Anomali collaborates with Microsoft to integrate threat data appeared first on Help Net Security.

Photo gallery: CIO/CISO Interchange inaugural event

CIO/CISO Interchange, a new non-profit, non-commercial organization co-founded by Philippe Courtot, Chairman & CEO, Qualys, and the Cloud Security Alliance (CSA) was launched during RSA Conference 2018. The CIO/CISO Interchange is a private, invitation-only forum for discussions, debates and exchanges between CIOs, CTOs, CISOs and security experts centered around securing the digital transformation. There are no product pitches and no sales personnel, just frank talk on important security issues to help CXOs secure the digital … More

The post Photo gallery: CIO/CISO Interchange inaugural event appeared first on Help Net Security.

Tech-skilled cybersecurity pros in high demand and short supply

The worldwide cybersecurity skills gap continues to present a significant challenge, with 59 percent of information security professionals reporting unfilled cyber/information security positions within their organization, according to ISACA’s new cybersecurity workforce research. The research is the result of polling 2,300+ cybersecurity professionals who hold ISACA’s Certified Information Security Manager (CISM) and/or Cybersecurity Nexus Practitioner (CSXP). Among the concerning trends revealed in part 1 of the ISACA State of Cybersecurity 2018 Report, released today at … More

The post Tech-skilled cybersecurity pros in high demand and short supply appeared first on Help Net Security.

Distributed security event correlation solution helps SOCs combat cyber-attacks

Micro Focus announced ArcSight Enterprise Security Manager (ESM) 7.0, the latest release of its solution that prioritizes security threats and compliance violations with real-time threat intelligence to quickly identify and impede potential cyber-attacks. Micro Focus ArcSight ESM 7.0 enables security operations centers (SOCs) to become agile, expand their cyber security footprint and respond quickly to evolving threats. By collecting, correlating, and reporting security event information at a massive scale (up to 100,000 correlated events per … More

The post Distributed security event correlation solution helps SOCs combat cyber-attacks appeared first on Help Net Security.

Cisco announces new endpoint and email security services

To combat the rise of advanced threats targeting employees, Cisco is announcing new email security services at RSA Conference 2018, to protect users from fraudulent emails, as well as new capabilities to protect employees’ devices from ransomware, cryptomining, and fileless malware. Endpoint protection Nearly all endpoint security solutions on the market claim to block 99 percent of malware. But what about the one percent of threats that evade detection using sophisticated techniques? Cisco Advanced Malware … More

The post Cisco announces new endpoint and email security services appeared first on Help Net Security.

BigID is this year’s most innovative startup at RSA Conference

BigID was named “Most Innovative Startup” at the 2018 RSA Conference Innovation Sandbox Contest. A judging panel comprised of venture capitalists, entrepreneurs and industry veterans selected BigID from a group of 10 finalists and announced the winner at RSA Conference 2018. Based in New York and Tel Aviv, BigID uses advanced machine learning and identity intelligence to help enterprises better protect their customer and employee data at petabyte scale. Using BigID, enterprises can better safeguard … More

The post BigID is this year’s most innovative startup at RSA Conference appeared first on Help Net Security.

Most US consumers don’t trust companies to keep their data private

While a majority of the US public sees companies’ ability to keep data private as absolutely key, it has little trust in companies to do so. In fact, only 20 percent of them “completely trust” organizations they interact with to maintain the privacy of their data, the results of a recent survey have shown. They are also much more worried about hackers accessing their data than companies using it for purposes they have not agreed … More

The post Most US consumers don’t trust companies to keep their data private appeared first on Help Net Security.

Passwordless enterprise authentication on Windows 10 and Azure AD

Yubico announced that the new Security Key by Yubico supporting FIDO2 will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) customers. This means that organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, simply by using the Security Key by Yubico to get … More

The post Passwordless enterprise authentication on Windows 10 and Azure AD appeared first on Help Net Security.

Devs know application security is important, but have no time for it

Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results of the survey showed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014. This follows on from Sonatype’s findings earlier in the year, which showed that 1 in 8 open source components downloaded by developers in the UK contained a known security vulnerability. Yet despite … More

The post Devs know application security is important, but have no time for it appeared first on Help Net Security.

Enterprise-grade security for midmarket organizations

To simplify how customers protect their organizations, FireEye is launching three core subscription solutions plus one comprehensive suite at RSA Conference 2018. FireEye Endpoint Security is designed to provide comprehensive defense on the endpoint, combining endpoint protection to stop common malware and endpoint detection and remediation to find, block and remove advanced targeted attacks. FireEye Network Security is designed to protect against all types of threats, from commodity breaches to the most advanced, targeted attacks, … More

The post Enterprise-grade security for midmarket organizations appeared first on Help Net Security.

Qualys brings web application security to DevOps

Qualys announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC), drastically reducing the cost of remediating application security flaws prior to production. Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, a new native plugin for Jenkins for automated vulnerability scanning of web applications, and the new Qualys Browser Recorder. New functionality Qualys WAS 6.0 and new capabilities include: … More

The post Qualys brings web application security to DevOps appeared first on Help Net Security.

Rambus launches fully programmable secure processing core

At RSA Conference 2018, Rambus announced the availability of the CryptoManager Root of Trust (CMRT), a fully programmable hardware security core built with a custom RISC-V CPU. The secure processing core creates a siloed architecture that isolates and secures the execution of sensitive code, processes and algorithms from the primary processor. This mitigates the risk of critical vulnerabilities like the recent Meltdown and Spectre security flaws and allows designers to optimize the primary processor for … More

The post Rambus launches fully programmable secure processing core appeared first on Help Net Security.

Third-party and insider threats one of the biggest concerns to IT pros

External threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organization’s own network, Bomgar’s 2018 Privileged Access Threat Report reveals. In fact, 50% of organizations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% … More

The post Third-party and insider threats one of the biggest concerns to IT pros appeared first on Help Net Security.

Free Qualys services give orgs visibility of their digital certs and cloud assets

Qualys announced two new free groundbreaking services: CertView and CloudView. Harnessing the power and scalability of the Qualys Cloud Platform, Qualys CertView and CloudView enable organizations of all sizes to gain such visibility by helping them create a continuous inventory and assessment of their digital certificates, cloud workloads and infrastructure that is integrated into a single-pane view of security and compliance. Qualys CertView CertView helps customers inventory and assess certificates and underlying SSL/TLS configurations and … More

The post Free Qualys services give orgs visibility of their digital certs and cloud assets appeared first on Help Net Security.

1-in-4 orgs using public cloud has had data stolen

McAfee has polled 1,400 IT professionals across a broad set of countries (and continents), industries, and organization sizes and has concluded that lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However, the business value of the cloud is so compelling that some organizations are plowing ahead. Cloud services nearly ubiquitous According to the survey, the results of which have been unveiled at RSA Conference 2018, 97 percent … More

The post 1-in-4 orgs using public cloud has had data stolen appeared first on Help Net Security.

MinerEye introduces AI-powered Data Tracker

MinerEye is launching MinerEye Data Tracker, an AI-powered governance and data protection solution that will enable companies to continuously identify, organize, track and protect vast information assets including undermanaged, unstructured and dark data for safe and compliant cloud migration. Most data tracking and classification technologies categorize data based on descriptive elements such as file size, type, name and location. MinerEye dives deeply into the basic data form to its essence – to uncover and categorize … More

The post MinerEye introduces AI-powered Data Tracker appeared first on Help Net Security.

Protect and manage secure company files with Vera’s agentless solution

Vera is taking the next step to a truly agentless experience by giving customers the ability to edit, collaborate, and save changes to secure files without requiring any downloads whatsoever. This new browser-based editing experience makes it easy for enterprises to collaborate on all Office file types — notes, documents, presentations, and more — while preserving the company’s policy, security, and control, no matter where the file travels or who has access. Frictionless solution “One … More

The post Protect and manage secure company files with Vera’s agentless solution appeared first on Help Net Security.

Onapsis raises $31 million Series C funding for ERP cybersecurity

Onapsis, the global experts in business-critical application cybersecurity and compliance, today announced a $31 million Series C minority funding round led by new investor LLR Partners, with participation from existing institutional investors .406 Ventures, Evolution Equity Partners and Arsenal Venture Partners. This marks the largest single round of funding in the company’s history, bringing the total investment in Onapsis to $62 million. David Stienes, Partner at LLR Partners, will join the company’s board of directors. … More

The post Onapsis raises $31 million Series C funding for ERP cybersecurity appeared first on Help Net Security.

RSA Conference 2018 AdvancedU expands security education to new audiences

RSA Conference is known among CTOs, CISOs and information security professionals as the place where the world talks security. What started as a small cryptography conference in the early 1990s now brings close to 45,000 attendees together in San Francisco each year. But as the conference expands, so does its influence among new audiences – spanning beyond the security C-Suite and reaching students, parents and educators and infosec professionals at all stages of their careers. … More

The post RSA Conference 2018 AdvancedU expands security education to new audiences appeared first on Help Net Security.

Absolute debuts GDPR data risk assessment

Absolute announced new GDPR Data Risk and Endpoint Readiness Assessments to accelerate compliance with the impending General Data Protection Regulation (GDPR). These comprehensive assessments empower organizations to accelerate GDPR compliance programs by pinpointing vulnerable endpoints and at-risk data — on and off the corporate network. Absolute’s new assessments offer deep insights and actionable recommendations to better protect and manage endpoints, where sensitive data might be accessed, stored or shared. Increasingly sophisticated security incidents and escalating … More

The post Absolute debuts GDPR data risk assessment appeared first on Help Net Security.

Illumio and Qualys integrate to deliver vulnerability-based micro-segmentation

Illumio announced new global vulnerability mapping capabilities on its Adaptive Security Platform. Vulnerability and threat data from the Qualys Cloud Platform is integrated with Illumio application dependency mapping to show potential attack paths in real time. Automated vulnerability-based policy recommendations: mitigate vulnerabilities without breaking your application. The integration between the Qualys Cloud Platform and Illumio delivers vulnerability maps, enabling organizations to see connections to vulnerabilities within and between applications. This new capability also includes an … More

The post Illumio and Qualys integrate to deliver vulnerability-based micro-segmentation appeared first on Help Net Security.

Capsule8 introduces Linux workload attack detection platform

Capsule8 announced the general availability of Capsule8 1.0, a real-time, zero-day attack detection platform capable of scaling to massive production deployments. As organizations modernize their production infrastructure with technologies like cloud, microservices and containers, they face a changing attack surface that conventional security solutions can’t address. And with vulnerabilities such as Meltdown and Spectre, legacy Linux environments such as bare metal and virtual infrastructures are also up against inadequate protection due to low visibility and … More

The post Capsule8 introduces Linux workload attack detection platform appeared first on Help Net Security.

Qualys at RSA Conference 2018: Best practices presentations from industry leaders

There will be no lack of interesting content from Qualys at this year’s RSA Conference. Depending on you interests, you might want to make time for some of these talks and presentations. Visit Qualys at Booth N3815 to hear best practices presentations from industry leaders. Monday, April 16 5:10 – 5:35 PM Continuous Security and Visibility of Your Complete Public Cloud Infrastructure Hari Srinivasan, Director of Product Management, Qualys Learn how to extend continuous cloud … More

The post Qualys at RSA Conference 2018: Best practices presentations from industry leaders appeared first on Help Net Security.

Fortanix presenting on protecting containerized apps with runtime encryption at RSAC 2018

Fortanix been selected to present in the session Protecting Containers from Host-Level Attacks at RSA Conference 2018 next week. CEO and Co-Founder Ambuj Kumar will join renowned cryptography expert Benjamin Jun, CEO of HVF Labs, and Docker Security Lead David Lawrence in the session that describes how Runtime Encryption and Intel SGX keep a container encrypted during runtime to protect data in use from host OS, root users and network intruders, even if the infrastructure … More

The post Fortanix presenting on protecting containerized apps with runtime encryption at RSAC 2018 appeared first on Help Net Security.

ThreatQ Investigations: Cybersecurity situation room accelerates security operations

ThreatQuotient launched ThreatQ Investigations, a cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response. ThreatQ Investigations allows real-time visualization of an investigation as it unfolds within a shared environment, enabling teams to better understand and anticipate threats, as well as coordinate a response. The solution, built on top of the ThreatQ threat intelligence platform, brings order to the chaos of security operations that occurs when teams work in silos, acting independently, … More

The post ThreatQ Investigations: Cybersecurity situation room accelerates security operations appeared first on Help Net Security.

Cryptshare brings its secure communication and privacy solution to U.S. market

Cryptshare, a German-based maker of data security and privacy solutions for the exchange of business-critical information, today announced its expanded presence in the U.S. market and new QUICK technology used to simplify the exchange of passwords used to protect encrypted files. Cryptshare will demo a beta version of the patent-pending technology at the RSA Conference, April 16-20 in San Francisco, where the company is a co-exhibitor with TeleTrusT in the German Pavilion, booth 3927/20. The … More

The post Cryptshare brings its secure communication and privacy solution to U.S. market appeared first on Help Net Security.

What’s new at RSAC 2018?

With the most significant global information security event just around the corner, we caught up with Sandra Toms, VP and Curator, RSA Conference, to find out what attendees can expect in San Francisco, April 16-20, 2018. What is new at RSA Conference this year that you’d like to highlight? One exciting thing we’re introducing this year is Broadcast Alley, which you could consider the “unofficial newsroom” of RSAC 2018. Publishers, sponsors, partners and exhibitors can … More

The post What’s new at RSAC 2018? appeared first on Help Net Security.

RSAC onDemand: A new way to experience RSA Conference

RSA Conference announced the addition of RSAC onDemand to its RSAC AdvancedU education program. AdvancedU at RSA Conference is a series of programs that teaches cyber-awareness for children, provides outreach to college students to introduce and encourage a career in information security and supports education throughout the various stages of a career within the industry. The new RSAC onDemand program will provide participants the RSA Conference experience without leaving their home or office. Those who … More

The post RSAC onDemand: A new way to experience RSA Conference appeared first on Help Net Security.

You can’t hide from this top trend at RSA Conference, no matter where you operate

Every year, there are certain buzzwords and trends that rise to popularity within the technology community. In years prior, it’s been things like “cloud,” “bitcoin,” or “IoT,” that set the trend. So it’s no surprise when those words fill the agenda at major events like RSA Conference. Leaving us to wonder what the trending topics will be at RSAC 2018, taking place April 16-20 in San Francisco. But, lucky for us, that’s exactly what one … More

The post You can’t hide from this top trend at RSA Conference, no matter where you operate appeared first on Help Net Security.

RSA Conference announces 2018 keynote speakers

RSA Conference, the world’s leading information security conferences and expositions, today announces its full line-up of keynote speakers for the 2018 Conference, which begins Monday, April 16th and runs through Friday, April 20th at the Moscone Center in San Francisco, CA. Keynote speakers at this year’s Conference will bring forward-thinking stories to the keynote stage on a wide variety of industry-relevant topics including artificial intelligence, cyber bullying, gamification, the history of technology and innovation, among … More

The post RSA Conference announces 2018 keynote speakers appeared first on Help Net Security.

RSA Conference 2018 USA: What you can expect at this year’s event

With RSA Conference 2018 USA less than a month away, we asked Britta Glade, Director, Content and Curation for RSA Conference, to tell us more about this year’s event. Read on to find out what’s in store for the world’s largest gathering of information security professionals. What have been the major security developments in the past year, and how have these informed the conference agenda for 2018? Where to begin? 2017 showed us just how … More

The post RSA Conference 2018 USA: What you can expect at this year’s event appeared first on Help Net Security.