Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Top Stories

 

GUEST ESSAY: The role ‘deep learning’ AI can play relieving security teams of debilitating stress

By Karen Crowley

The cybersecurity profession can be very rewarding, but at the same time quite taxing.

Related: Equipping SOCs for the long haul

In fact, stress factors  have risen to where some 45 percent of the security professionals polled in Deep Instinct’s third annual Voice of SecOps report said they’ve considered leaving the industry altogether.

Ransomware is at an all-time high; attackers are as elusive as ever. Thus the job of detecting an active adversary and stopping them before they can do material damage has become extremely difficult.

Some 91 percent of respondents reported feeling stress in their security roles, of which 46 percent stated that the level of stress had increased in the past 12 months.

Productivity disruptor

A significant proportion of security pros concede that stress is negatively impacting their ability to do their daily tasks at work; this is the result of a number of variables including:

•A gap between the number of qualified candidates to fill positions and experienced staff members; skilled security personnel are often poached for higher wages and larger responsibilities.

SHARED INTEL: Here’s why security analysts need to remain on high alert for fake bug reports

By Zac Amos

In an ideal world, cybersecurity analysts would get legitimate daily reports on improving a company’s security. Unfortunately, the likelihood of being handed unsolicited, untrustworthy advice is high.

Related: Tech giants foster third-party snooping

This is what fake bug reports are all about. Scammers now routinely spray out fake bug reports designed to take advantage of the naiveite and/or lack of vigilance of security analysts in the field.

Scammers will send reports known as bug bounties stating security vulnerabilities in a machine. The fraudster might claim it’s missing security credentials or necessary security software.

These often come as unsolicited phone calls or computer notifications and might sound convincing and well-intentioned, claiming they can solve all the vulnerabilities in the electronics if recipients buy the report.

Compounding risk

These engagements aim to extort money — and in the most severe circumstances with more advanced cybercriminal tactics — infect computers or steal data. Security analysts should be on high alert. Unless it’s someone from within an organization or part of a company’s employed team, a best practice is to second guess any experts claiming they have cybersecurity advice.

What may appear to be a legitimate cybersecurity query, may in fact be designed to flush out and exploit security in the system. Caution is the order of the day.

GUEST ESSAY — How threat detection services for SMBs are continuing to evolve and improve

By Morten Kjaersgaard

Small and medium-sized businesses are facing immense security challenges and these are the same as those of mid-size or larger enterprises.

Related: Myths about safe browsing

Clearly, SMBs need to be alert for cyberattacks, but they also need to stay focused on their business and not sacrifice productivity.

Organizations are confronted with a severe security threats landscape, and it is critical that they have the ability to prevent, detect and respond to these threats in a timely manner. Hence, using a threat prevention and detection solution that doesn’t disrupt day-to-day operations while providing early warning and stopping potential threats before they escalate is essential.

Our dependence on technology has grown and so has the number of ways that criminals can exploit vulnerabilities to gain access to sensitive information or disrupt critical systems. Today, businesses of all sizes must be vigilant in protecting their data and infrastructure from a wide variety of threats, including malware, phishing, and denial-of-service attacks.

While the threat landscape is constantly evolving, there are a few trends that we are seeing in the modern cybersecurity landscape:

•Increased use of AI and automation by attackers.

NEW TECH: DigiCert unveils ‘Trust Lifecyle Manager’ to centralize control of digital certificates

By Byron V. Acohido

To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets.

The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward.

Related: The rise of security platforms

This development has gained quite a bit of steam over the past couple of years with established vendors of vulnerability management (VM,) endpoint detection and response (EDR,) and identity and access management (IAM) solutions in the vanguard.

And this trend is accelerating as 2023 gets underway. DigiCert’s launch today of Trust Lifecycle Manager, is a case in point. I had the chance to get briefed about this all-new platform, which provides a means for companies to comprehensively manage their Public Key Infrastructure (PKI) implementations along with the associated digital certificates.

I visited with Brian Trzupek, DigiCert’s senior vice president of product. As a leader of digital trust, DigiCert is best known as a Certificate Authority (CA) and a supplier of services to manage PKI. We drilled down on why getting a much better handle on PKI has become vital in a massively interconnected operating environment. DigiCert’s new solution is designed to “unify PKI services, public trust issuance and CA-agnostic certificate lifecycle management,” he told me.

Here are the main takeaways from our discussion:

NEW TECH: How I started a company to supply democratized pentests to immunize websites

By Eden Zaraf

My name is Eden Zaraf. I’ve been driven by my passion for technology for as long as I can remember. Somewhere around the age of 13, I learned to code. I developed scripts, websites and got involved in security which led me to penetration testing.

Related: Leveraging employees as detectors

Penetration Testing is a never-ending challenge. Five years ago, my friend Sahar Avitan, who is the co-founder and CEO of Kayran, began developing an automatic penetration testing tool for our own use.

A year and a half ago, we decided to turn it into a commercial platform. I was sitting in a classroom when I had this Eureka moment. I realized that our technology could actually help people. I decided to meet with my neighbor, Arik Assayag. I said to myself, if he thinks we can market it, let’s go for it. He did and, together with Sahar and I, co-founded  Kayran.

We supply an advanced web application scanner that’s unique in the world of web penetration testing.

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

By Bipin Damodaran

As the world becomes more digital and connected, it is no surprise that data privacy and security is a growing concern for small to medium sized businesses — SMBs.

Related: GDPR sets new course for data privacy

Large corporations tend to have the resources to deal with compliance issues. However, SMBs have can struggle with the expense and execution of complying with data security laws in many countries.

Organizations with 500 or fewer employees have many positive attributes, such as their ability to make fast decisions and avoid bureaucracy that can slow down larger enterprises. But this same characteristic can also be a disadvantage, as SMBs often lack the resources and expertise to keep up with complex regulations.

Let’s look at some of the challenges faced by SMBs in today’s data privacy landscape.

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

By Chris Reffkin

In golf there’s a popular saying: play the course, not your opponent.

Related: How ‘CAASM’ closes gaps

In an enterprise, it’s the same rule. All areas of an organization need to be free to “play their own game.”

And  when malware, ransomware, or other cyber threats get in the way, the focus shifts from forward progress to focused co-operation. A security strategy should clear obstacles and enable  every part of a business operation to run smoothly.

Smarter security is the rising tide that lifts all ships. As all parts of an organization overlap with security, an increase in one allows benefits in others.

Departments such as support, manufacturing, design, services, and delivery are enhanced by smart security measures, which allay distracting setbacks and increase the overall inertia. This leads to revenue gains and positive customer outcomes.

What constitutes “smarter security?” Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy.