From Paul's Security Weekly
Enterprise Security News
- Trend Micro Incorporated : Collaborates with Wind River to Accelerate Deployment of NFV Solutions - Trend Micro Virtual Network Function Suite is designed to offer flexible, reliable and high-performance virtual network security functions for service providers from premise, to edge, to the core network. The core of Virtual Network Function Suite is innovative deep packet inspection (DPI) technology, which provides various network security functions including intrusion prevention, URL filtering and application control. So you have a virtual network and they are applying virtual security. Is this virtually possible?
- ForeScout and Rapid 7 Deliver On-Connect Vulnerability Assessment and Automated Risk Mitigation to Reduce Attack Surface - The ForeScout Extended Module for Rapid7 Nexpose allows customers to automatically block devices from joining their network until they reach an acceptable risk level. I don't see how they can do this without an agent identifying vulnerabilities, and oh look, Rapid7 now has an Insight Agent. However, this is a chicken and egg problem. I bring in devices, security must be evaluated, but now I need to install an agent, and then yet another dissolvable agent to get me on the network. We suffer from too many agents. Also, does InsightIDR do vulnerabilities on the endpoint? How does that tie to UBA? Dear Rapid 7, I am now officially confused by your products and messaging, please help because your web site doesn't...
- Cisco to slash as many as 14,000 jobs, 20 percent of its global workforce, says report - CIsco is playing catch up, are they too late? the cuts were due in large part to the shift to cloud computing, which eliminates tech talent devoted to “back-end” operations. Cisco was late to enter the cloud market where it faced stiff competition from Amazon Web Services and Microsoft Azure.
- Attivo Networks and Carbon Black Partner to Deliver Advanced, Continuous Threat Management and Response - I had to read this 3 times to figure out that Attivo can detect an attack and tell Carbon Black to block it. The integrated solution combines the Attivo ThreatMatrix™ Deception and Response Platform with Carbon Black Response for early detection of in-network threats, automated response actions based on deception server engagement, and the ability to query Cb Response for additional forensic artifacts on other infected systems. The integrated solution provides organizations an advanced level of visibility and improves overall threat management operations by simplifying information sharing and automating incident response actions. And I still think I might be getting it wrong.
- Kaspersky Lab & LogMeIn team to provide 'premium' cybersecurity solution - Another blending of an IT management suite and a security suite. I believe we will see more of this, and maybe less of non-security companies buying security companies. Why take on more when you can just integrate. However, I could make the arguement the other way. Hey, this security thing is important, lets go buy a security company. This is always an interesting trend to watch.
- Innovation Update: Fortscale 2.7 Reveals New Ways to Detect Insider Threats - Fortscale 2.7 consumes external threat feeds that roam the Dark Web in search for compromised enterprise usernames and passwords. Uhm, so yea, this is not new and probably something you could build yourself easy and using free software and resources. Caution here: In addition to processing access and SIEM logs to find anomalies, Fortscale 2.7 leverages its new Generic Data Source framework (GDS) to provide out-of-the-box support for several new data source types, including Network DLP, Secure Web Gateway, and Cisco ACS. Anyone can say they accept logs, but actually doing something meaningful with them is a different story.
Interview: Paul Paget, CEO Pwnie Express
Detecting Rogue In The Enterprise