From Paul's Security Weekly
Enterprise Security Weekly - Episode 33
Recorded February 16, 2017
Enterprise Security News
- SecureWorks : Teams with Carbon Black to Deliver Automated Cyber Threat Prevention to Clients with SaaS-Based, Next-Generation Antivirus Solution | 4-Traders - If you are struggling with endpoint detection, SecureWorks and Carbon Black have teamed up, so they can manage everything for you, including response. These are muddy waters, but I can't help but think for some with small or no IT security teams, this makes sense in the "something is better than nothing" category?
- Threat Stack Launches Free Cloud Security Audit Trial | Business Wire - The new seven-day free-trial version of the Threat Stack Audit Plan is designed for organizations that need to establish a security baseline, identify AWS configuration risks, and demonstrate their cloud security posture to customers and stakeholders. If it does all that, I'm in.
- Bitglass Unveils New Integration with Trustwave Managed Security Services / New Integration Between Trustwave Managed Detection Service and Bitglass CASB Drives Greater Enterprise Visibility into Cloud-based Threats - This service has been enhanced to support events and additional threat intelligence from leading cloud access security broker (CASB) providers like Bitglass. This increased security visibility helps Trustwave detect cloud-based threats earlier by leveraging support for the latest CASB technologies. This is going to be huge: Gartner predicts that "by 2020, 85 percent of large enterprises will use a cloud access security broker platform for their cloud services, which is up from 5 percent today."
- CyberArk Advances Insider Threat Detection to Accelerate Incident Response SAT Press Releases - Right at the bottom, we get a glimpse of what this really means: CyberArk Labs and customers’ security operations teams identified some examples of commands that are frequently associated with malicious – or accidentally damaging – behavior. Highly sensitive commands that were frequently cited as being indicative of risk include “mmc.exe, Active Directory Users and Computers” on Windows systems, as well as commands containing the terms “authorized_keys” and “sudoers” on *nix systems.
- RiskIQ Offers Security Analysts Free Cyberthreat Hunter and Defender Tools with RiskIQ Community Edition - I like free, free is good and so is being able to kick the tires before you buy. However, this sounds like "I heard you like SEIM and threat intelligence, so I put a SEIM and threat intelligence into your SEIM and threat intelligence" play. Skeptical.
- ThreatConnect Unveils New Threat Intelligence Product Suite - And this is why we love TC, and why they are becoming the company leading the security analytics and dashboard race: TC Complete is a security operations and analytics platform that is designed to support the integration of security processes, data analysis, threat response and progress reports in one place. TC Identify works to provide users access to intelligence from more than 100 open source feeds, crowdsourced intelligence from ThreatConnect communities and analyst-curated intelligence from the ThreatConnect Research Team as well as an option to add intelligence from TC Exchange partners. ThreatConnect developed TC Manage to help organizations orchestrate security functions and partly or completely automate threat data management processes. TC Analyze offers a central platform for analysts to examine data, integrate the platform with other security tools share intelligence and gain insight into adversaries’ attack patterns.
- Fortinet opens the gates on its Network Security Expert courses - - ITP.net - The NSE program has typically been utilised by Fortinet to develop its own employees, partners and end-users. Comprising of a multi-level curriculum, the program begins from cybersecurity fundamentals and covers everything up to advanced security implementation strategies and technical concepts. To date, NSE has issued 50,000 certifications across the globe. Be careful, free training is great, but its no supplement for 1) high quality training that you pay for and 2) experience.
- HPE Aruba Extends Security Leadership Niara for the Intelligent Edge with Niara | PressReleasePoint - Analysts can change the severity level of each alert type at a user or device level. Through such input, the analyst can shape how the alert should be treated in the overall computation of the risk score. Analysts can label an alert as a “true anomaly” or “authorized exception”. This information is incorporated into each model’s continuous learning loop, and allows for ongoing improvements in the model’s accuracy. For example, analyst input into authorized exceptions will ensure that the solution does not trigger alerts for the affected entity on this dimension going forward. See, you still need humans.
- Nerdio Partners with CensorNet to Offer Enhanced Cloud-Based User Authentication :: ITbriefing.net :: - Bravo for admitting it was better to partner rather than build and implement yourself: "Our previous two-factor user authentication solution provided adequate security, but it was more expensive and less flexible, requiring users to download an additional app that often had issues. Our engineering team had to spend a lot of extra time and energy to ensure our clients were comfortable with the product," states Carl Long, Senior Sales Engineer at Nerdio. "Our customers are now truly impressed by the ease-of-use and are especially excited about their highly secure authentication."
Segment: Rules for Security Vendors
A good start: