Gartner evaluated Rapid7’s integrated detection and investigation solution—which combines user behavior analytics, endpoint detection, and visual log search to spot and contain a compromise quickly and effectively—for both the 2017 Magic Quadrant and Critical Capabilities for SIEM.
InsightIDR supports monitoring and responding to alerts through a guided investigation feature, making InsightIDR an intuitive solution for all levels of experience. It offers user behavior and advanced analytics capabilities, as well as endpoint detection and response and honeypot technology, which enable users to leverage threat detection technologies along with InsightIDR.
Securonix’s Next-Gen SIEM combines the power of machine learning and big data architecture to provide a solution that is equipped to meet your current and future security requirements.
"We are thrilled with the recognition by Gartner. To achieve such a phenomenal position on the Magic Quadrant in our debut year coupled with being recognized as the most complete UEBA solution earlier this year is a validation of our vision" - Sachin Nayyar, CEO, Securonix
Synology® Inc. announced the official release of Virtual Machine Manager. It provides the ability to install and run multiple virtual machines, including Windows, Linux, and Virtual DSM on Synology NAS. Hardware resources can be allocated more flexibly with Virtual Machine Manager. Virtual machines can even be moved without interruption to running hosts.
According to a 2016 study made by market authority Gartner, up to 80% of x86 server workloads have been virtualized. Virtual Machine Manager attracted more than 60,000 users during its 6-month beta program. The results also show that server virtualization is definitely a trend of IT industry. Virtual Machine Manager not only provides virtualized system resources, but it also combines the powerful advantages of the Btrfs next-generation file system. This provides users with the ability to complete virtual machine snapshots and replication in just seconds. The meticulously engineered clustering architecture provides enterprises with multiple NAS management capabilities. Operations run on virtual machines scattered across NAS devices can be managed from a single portal. Virtual Machine Manager brings efficient management capabilities to help IT staff easily reach high availability in a cluster. Moreover, users can set scheduled snapshots and replication plans to protect the data of virtual machines, enjoying a variety of advanced features designed specifically for business.
Synology used to provide storage services in virtualization infrastructure in the past. In recent years we saw the rising demand for virtualization needs of SMBs and professional users. In 2015, we pioneered the Virtual DSM Manager Beta to create NAS virtualization capabilities. Now Synology NAS can support more diverse operating systems with the fully evolved Virtual Machine Manager and its flexible and powerful cluster architecture. IT staff can easily create an efficient and professional server virtualization environment.
said Chen Feng Wang, Product Manager of virtualization at Synology.
Synology's DiskStation Manager operating system has been widely acclaimed and now can run as a virtual machine on Virtual Machine Manager via Virtual DSM. By separating multiple Virtual DSM virtual machines on a single Synology NAS, users can achieve NAS server virtualization while creating a highly resilient, easy-to-manage, and multi-tenant environment.
18-series: DS3018xs, DS918+, DS718+, DS218+
17-series: FS3017, FS2017, RS3617xs, RS3617RPxs, RS4017xs+, RS3617xs+, RS18017xs+, DS3617xs, DS1817+, DS1517+
16-series: RS2416RP+, RS2416+, RS18016xs+, DS916+
15-series: RS815RP+, RS815+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+
14-series: RS3614xs, RS3614RPxs, RS3614xs+
13-series: RS3413xs+, RS10613xs+
12-series: RS3412xs, RS3412RPxs, DS3612xs
11-series: RS3411xs, RS3411RPxs, DS3611xs
Threats to your IT infrastructure (AWS accounts & credentials, AWS resources, guest operating systems, and applications) come in all shapes and sizes! The online world can be a treacherous place and we want to make sure that you have the tools, knowledge, and perspective to keep your IT infrastructure safe & sound.
Amazon GuardDuty is designed to give you just that. Informed by a multitude of public and AWS-generated data feeds and powered by machine learning, GuardDuty analyzes billions of events in pursuit of trends, patterns, and anomalies that are recognizable signs that something is amiss. You can enable it with a click and see the first findings within minutes.
GuardDuty voraciously consumes multiple data streams, including several threat intelligence feeds, staying aware of malicious IP addresses, devious domains, and more importantly, learning to accurately identify malicious or unauthorized behavior in your AWS accounts. In combination with information gleaned from your VPC Flow Logs, AWS CloudTrail Event Logs, and DNS logs, this allows GuardDuty to detect many different types of dangerous and mischievous behavior including probes for known vulnerabilities, port scans and probes, and access from unusual locations. On the AWS side, it looks for suspicious AWS account activity such as unauthorized deployments, unusual CloudTrail activity, patterns of access to AWS API functions, and attempts to exceed multiple service limits. GuardDuty will also look for compromised EC2 instances talking to malicious entities or services, data exfiltration attempts, and instances that are mining cryptocurrency.
GuardDuty operates completely on AWS infrastructure and does not affect the performance or reliability of your workloads. You do not need to install or manage any agents, sensors, or network appliances. This clean, zero-footprint model should appeal to your security team and allow them to green-light the use of GuardDuty across all of your AWS accounts.
Findings are presented to you at one of three levels (low, medium, or high), accompanied by detailed evidence and recommendations for remediation. The findings are also available as Amazon CloudWatch Events; this allows you to use your own AWS Lambda functions to automatically remediate specific types of issues. This mechanism also allows you to easily push GuardDuty findings into event management systems such as Splunk, Sumo Logic, and PagerDuty and to workflow systems like JIRA, ServiceNow, and Slack.
Learn more about Amazon GuardDuty
November, 17 – CYBONET, a leader in the field of information security, and Softprom by ERC, a Value Added Distributor, announce that they have signed a global distribution agreement. As part of the agreement with CYBONET, Softprom by ERC will carry out distribution and business development activities and will offer CYBONET’s security product lines to partners in Central Europe, Russia and CIS markets.
CYBONET additions to the Softprom by ERC solution portfolio:
Cybowall - breach detection, network visibility and vulnerability management for small and medium sized organizations to quickly detect potential vulnerabilities and active breaches, automatically respond to threats as they are discovered, manage and report on compliance (GDPR, PCI-DSS, ISO etc.) and record and analyze all events and incidents within the network for further investigation.
PineApp Mail Secure - neutralizes advanced threats with a multi-layer anti-spam and anti-virus system, enforced user defined policy controls, automated virus updates and easy to deploy solution modules.
Outbound Spam Guard (OSG) - scan and block up to 99% of all unwanted or malicious outbound email traffic with this carrier grade solution.
“CYBONET’s products add a strategic dimension to our security portfolio. We can offer more market leading solutions to our resellers to address the cybersecurity challenges faced by customers” said Paul Zhdanovych, Managing Director, Softprom by ERC.
CYBONET, formerly PineApp, was originally established as an Email Security Solutions company. Since 2002, CYBONET's internet security and network control products have enabled SMB/Es and Telcos to comprehensively protect their critical network infrastructure. Whether through the flagship PineApp Mail Secure solution or the next generation of cyber detection and response solutions, CYBONET is dedicated to security.
About Softprom by ERC
Softprom by ERC is a leading Value Added Distributor in the Eastern Europe and CIS markets, and is trusted by over 1000 partners.
The company provides professional services in testing, training, installation, implementation and technical support. At the moment, Softprom by ERC has more 40 distribution contracts with the world’s largest vendors.
In DSM 6.2 Beta, businesses can enjoy the security and reliability of the Btrfs file system. Performance tuning is also easier than ever before.
Want to join the Beta Program?
Deception has become a strategic tool across many large organizations in the last 12 months. These organizations have had many tools in their security stacks, and have had to answer the question whether Deception should replace existing controls, complement or incorporate it into the existing security ecosystem. The answer is simple: Deception is an augmentation of existing tools in an organization, providing critical threat intelligence to the ecosystem with early breach detection and high-fidelity alerting.
Before we go on to explain the mission-criticality of Deception, let’s look at things logically. Deception adds a fake layer to your infrastructure by placing decoy (traps) assets, fake data and other artifacts to your current infrastructure landscape. Even from a technology agnostic view, no system or person should ever touch something fake unless it is actively seeking something or there is a misconfiguration.
Further to this, if an adversary or an insider threat engages with a fake asset, having already compromised a real one, then he has bypassed all of your existing security controls. This means the Deception telemetry is a critical part of your situational awareness of the threat landscape, providing you early breach detection. Once you have a single alert from a Deception solution, the question moves from whether additional telemetry is necessary to how you mobilize your incident responders to close off the threat.
Deception technology feeds your existing tools and supports the next phase of security decision making. What to do with the attacker? Contain, Monitor, Mitigate? In making these decisions, additional value is opened to the organization; what can I do with the telemetry or data? Can I use the identified IoCs to query my existing infrastructure and find other assets with the same infection profile?
Can I kill processes to close risk loops and shore up my systems? More than this, a Deception Strategy can support automated SOC workflows that use of Network Access Control solutions to move the adversary away from critical systems, to segments where they are interacting only with decoys. The attackers can perform further recon on the non-production system, while supplying all manner of useful data to the security team about their methods of intrusion.
Finally, by leveraging telemetry from the Deception solution, you can leverage your firewall infrastructure and block malicious IP Addresses associated with the campaign. If an attacker has injected malicious binaries into the system to supply backdoor access, they can be analyzed and fed into the security ecosystem to mitigate Command and Control activity before the attack even starts!
As you can see, Deception based technology uses classical tools already in place in the security landscape and uses them to support workflows and complement the ecosystem that will quarantine and vend off attacks that have slipped under the radar.
By Michael Fabrico
Welcome to your one-stop file manager. Start saving your time with the world's #1 compression software.
Zip, protect, manage and share all your files quickly and easily.
Easily share large files by email, cloud services, social media and instant messaging. Quickly share links to your cloud files.
With just a click, open all major compression formats, including Zip, Zipx, RAR, 7z, TAR, GZIP, VHD, XZ, POSIX TAR and more.
Easily find, open, edit, move and share your files, whether they are on your computer, network or cloud service.
Easily encrypt files as you zip to secure information and data. Create read-only PDFs and add watermarks to deter copying.
Synology® Inc. today launched DS218play, DS218j, and DS118, three feature-rich NAS servers with media streaming, file sharing, and data backup features perfect for home and small offices.
DS218play is equipped with a 64-bit quad-core 1.4 GHz processor with a hardware encryption engine and 1 GB RAM, delivering encrypted sequential reading/writing throughput at over 110 MB/s. Powered by a hardware transcoding engine, DS218play supports real-time single channel 10-bit H.265 4K Ultra HD or single channel full HD video transcoding.
This enables users to enjoy videos on the go with no device limits.
DS218j features a dual-core 1.3 GHz processor with a hardware encryption engine and 512 MB RAM, delivering sequential reading throughput at over 113 MB/s and writing throughput at over 112 MB/s. DS218j allows users to experience faster data access while achieving energy efficiency with its eco-friendly design, consuming only 17.48 W during peak usage and 7.03 W under HDD hibernation.
DS118 is a new 1-bay tower NAS, equipped with a 64-bit quad-core 1.4 GHz processor and 1 GB RAM. With its hardware encryption engine, DS118 offers encrypted sequential reading/writing throughput at over 110 MB/s. DS118 is an ideal storage solution that comes with data backup and QuickConnect features that allow users to access data from any location. It also supports 10-bit H.265 4K video transcoding on the fly to enrich multimedia entertainment.
These three home storage solutions are built to be the best multimedia library for users who love taking photos and videos to capture every important moment with their family and friends." said Katarina Shao, Product Manager at Synology Inc. "With versatile add-on packages, the three NAS models are also excellent choices for small studio owners who are seeking better productivity during work hours.
DS218play, DS218j, and DS118 run on DiskStation Manager (DSM), one of the most advanced and intuitive operating systems that offers a wide range of applications including multimedia, file sharing, and productivity tools for network-attached storage devices.
Synology has received numerous media accolades, topping the mid-range NAS category in TechTarget's storage solution survey and winning PC Mag Readers' Choice seven years in a row.
Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24 October, and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics.
Following the initial outbreak, there was some confusion about what exactly Bad Rabbit is. Now the initial panic has died down, however, it's possible to dig down into what exactly is going on.
Organisations across Russian and Ukraine as well as a small number in Germany, and Turkey have fallen victim to the ransomware. Researchers at Avast say they've also detected the malware in Poland and South Korea. Russian cybersecurity company Group-IB confirmed at least three media organisations in the country have been hit by file-encrypting malware, while at the same time Russian news agency Interfax said its systems have been affected by a "hacker attack" -- and were seemingly knocked offline by the incident. Other organisations in the region including Odessa International Airport and the Kiev Metro also made statements about falling victim to a cyber-attack, while CERT-UA, the Computer Emergency Response Team of Ukraine, also posted that the "possible start of a new wave of cyberattacks to Ukraine's information resources" had occurred, as reports of Bad Rabbit infections started to come in. At the time of writing, it's thought there are almost 200 infected targets and indicating that this isn't an attack like WannaCry or Petya was but it's still causing problems for infected organisations. "The total prevalence of known samples is quite low compared to the other "common" strains," said Jakub Kroustek, malware analyst at Avast.
Those unfortunate enough to fall victim to the attack quickly realised what had happened because the ransomware isn't subtle it presents victims with a ransom note telling them their files are "no longer accessible" and "no one will be able to recover them without our decryption service".
Victims are directed to a Tor payment page and are presented with a countdown timer. Pay within the first 40 hours or so, they're told, and the payment for decrypting files is 0.05 bitcoin around $285. Those who don't pay the ransom before the timer reaches zero are told the fee will go up and they'll have to pay more.
If the ransom note looks familiar, that's because it's almost identical to the one victims of June's Petya outbreak saw. The similarities aren't just cosmetic either Bad Rabbit shares behind-the-scenes elements with Petya too. Analysis by researchers at Crowdstrike has found that Bad Rabbit and NotPetya's DLL (dynamic link library) share 67 percent of the same code, indicating the two ransomware variants are closely related, potentially even the work of the same threat actor.
The main way Bad Rabbit spreads is drive-by downloads on hacked websites. No exploits are used, rather visitors to compromised websites some of which have been compromised since June are told that they need to install a Flash update. Of course, this is no Flash update, but a dropper for the malicious install.
Much like Petya, Bad Rabbit comes with a potent trick up its sleeve in that it contains an SMB component which allows it to move laterally across an infected network and propagate without user interaction, say researchers at Cisco Talos. What aids Bad Rabbit's ability to spread is a list of simple username and password combinations which it can exploit to brute-force its way across networks. The weak passwords list consists of a number of the usual suspects for weak passwords such as simple number combinations and 'password'.
When Bad Rabbit first appeared, some suggested that like WannaCry, it exploited the EternalBlue exploit to spread. However, this now doesn't appear to be the case. "We currently have no evidence that the EternalBlue exploit is being utilized to spread the infection," Martin Lee, Technical Lead for Security Research at Talos told ZDNet.
At the same point following the WannaCry outbreak, hundreds of thousands of systems around the world had fallen victim to ransomware. However, Bad Rabbit doesn't appear to indiscriminately infecting targets, rather researchers have suggested that it only infects selected targets."Our observations suggest that this been a targeted attack against corporate networks," said Kaspersky Lab researchers. Meanwhile, researchers at ESET say instructions in the script injected into infected websites "can determine if the visitor is of interest and then add content to the page" if the target is deemed suitable for infection. However, at this stage, there's no obvious reason why media organisations and infrastructure in Russia and Ukraine has been specifically targeted in this attack.
At this time, it's still unknown who is distributing the ransomware or why, but the similarity to Petya has led some researchers to suggest that Bad Rabbit is by the same attack group although that doesn't help identify the attacker or the motive either, because the perpetrator of June's epidemic has never been identified. What marks this attack out is how it has primarily infected Russia - Eastern Europe cybercriminal organisations tend to avoid attacking the 'motherland', indicating this unlikely to be a Russian group.
Whoever it behind Bad Rabbit, they appear to be a fan of Game of Thrones: the code contains references to Viserion, Drogon, and Rhaegal, the dragons which feature in television series and the novels it is based on. The authors of the code are therefore not doing much to change the stereotypical image of hackers being geeks and nerds.
At this stage, it's unknown if it's possible to decrypt files locked by Bad Rabbit without giving in and paying the ransom - although researchers say that those who fall victim shouldn't pay the fee, as it will only encourage the growth of ransomware.
A number of security vendors say their products protect against Bad Rabbit. But for those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' in order to prevent infection
By Danny Palmer | October 25, 2017 -- 10:59 GMT (03:59 PDT) |
Imagine: You’re sitting at home on a conference call for work and, unbeknownst to you, hackers have gained access to the files you’re sharing on the call. How did they do this you ask? It’s really quite simple: through your smart home IoT devices. Because IoT devices like smart fridges, garage doors, home alarms, baby monitors and even toasters are connected to the same wireless network used to host your conference call, hackers can hijack those vulnerable, unsecure devices and gain full access to everything happening on your network. Soon enough, you might discover that they’ve gained access to your organization’s customer data, business plans and internal financial reports.
IoT devices are inherently insecure and there are a myriad of real-world examples of this very kind of occurrence. Take the massive denial of service (DDoS) attack on the Internet traffic company Dyn in 2016. The attack affected major Internet platforms and services such as Airbnb, Amazon, Box and PayPal, to name a few. It was later discovered that the attack targeted over 100,000 Internet-connected devices such as IP cameras, printers, residential gateways and baby monitors to install Mirai malware. The Mirai malware then overwhelmed Dyn-hosted sites with traffic so that they were forced to deny service to users.
The Mirai botnet is only one example. Recently, cybersecurity researchers at Black Hat 2017 proved that the mechanical components of an automated car wash could be hacked, including the entrance and exit doors, dangerously trapping the passengers of the vehicle inside. The hack was achieved by gaining access to internet-connected operating system running the car wash parts, which was protected only by a default password, readily accessible on connected device archival networks, such as the Shodan Network.
Despite these examples, only a handful of IoT device manufacturers are taking heed. As more consumers purchase connected devices – an integral part of the smart home – it’s worth taking a few precautionary measures to prevent the device from wreaking real havoc.
Most people don’t have two wireless connections in the home, which could make segmenting a challenge, but it’s really quite easy and entirely necessary. A lot of recent 5G networks come with a 4G or option with a weaker bandwidth, just in case the higher bandwidth has performance issues. If you have two networks, set up the IoT device on the network with the lower bandwidth and keep it there. You could even create a separate network for all of your IoT devices, if you want to be on the safe side. Make sure to create a different password for your IoT device network so that if hackers commandeer the device, they can’t access private information.
This tip should really be the first direction in any IoT device instruction manual, but it rarely is. The moment that you begin the installation process for an IoT device, make sure to change the default password to something that’s hard to guess and not the same as other passwords that you commonly use. Even using your telephone number presents a risk as hackers could somehow access that information. This step is crucial as the passwords of connected devices are available over the Internet (see the car wash example).
If some of the critical systems in your home are connected devices, make sure that you have a back-up plan in place in case they go haywire. This may seem like a silly enough step, but hacker’s goal is often to inflict physical and psychological damage on their targets in order to extract a ransom payment. A go-to strategy would be to disconnect and reset all of the IoT devices if they start acting out of line, but sometimes even those steps can’t remediate the problem. Try to consult with an expert or cybersecurity professional at the point of purchase and ask them about a continuity plan, or data back-up if the device stores information.
IoT devices are quickly becoming the mainstay of home appliances which is why it’s important to know the risks and have strategy in place that will help you recover in case the connected device is compromised. Until IoT device manufacturers are required to integrate security software into their products, make sure you are taking precautions while implementing connected technology.
National Cyber Security Awareness Month (NCSAM) is all about sharing knowledge to promote a safer and more secure internet environment for all users. Inform your peers when you hear of threats to stop them from spreading and always remain wary of what you search, receive and send over the internet. Awareness and education are the best ways to beat hackers!
by Nilly Assia CMO of Portnox company
In the new Calendar for web, you can:
G Suite admins can now enter detailed information about their organization’s meeting rooms—so employees know where a conference room is located, how large it is, and whether it has audio/video equipment or is wheelchair accessible. Employees can simply hover over the room name in Calendar when they want to book a space, and a hovercard will pop up with details about the conference location and resources.
Link to relevant spreadsheets, documents or presentations in your Calendar invite and open them directly from the new “Event Detail” view. This can help you create more detailed agendas and ensure all materials are in one place before your meeting starts.
Now you can view and manage calendars in separate columns. This makes it easier for employees who manage multiple calendars, like administrative assistants, to schedule meetings on behalf of their teams. Click “Day” view and select the calendars you want to compare.
There are a number of other changes in Calendar, too.
Now you can see contact information of meeting participants when you hover over their names in a Calendar invite. There’s also a new way to view and restore deleted items in one place in case you accidentally delete a meeting invite. Additionally, "Day,” "Week,” and "Month" views are now more accessible, featuring better compatibility with screen readers.
Additional information for G Suite admins
To help you and your users transition to the new Calendar web UI, we’re offering two rollout options to choose from (see the Help Center for more information):
To choose the Manual option, go to Apps > G Suite > Calendar > New Calendar. Here, you can set by organizational unit when you’d like your users to access the new version of the Calendar UI. If you choose the Manual rollout option, please plan to transition all your users to the new UI before Feb. 28, 2018. Any users who are still accessing the old Calendar UI on Feb. 28, 2018, will be transitioned to the new UI, with no ability to opt out.
DeceptionGrid now provides comprehensive support for both Amazon’s EC2 Cloud and the Kernel-based Virtual Machine (KVM) hypervisor used in large scale OpenStack Linux environments. DeceptionGrid support for the cloud enables customers to enjoy the full benefits of a Deception in Depth architecture to deceive, detect, and defeat attackers within their cloud based deployments. DeceptionGrid brings better security and support for the most sensitive and critical applications deployed in your cloud environment.
Widespread private and public cloud adoption presents a difficult mix of security challenges. Security teams must extend operations across internal networks with a large number of cloud based applications to best support:The accurate assessment of threat intelligence on lateral movement from the network to the cloud and within the cloud. Extension of security to large and rapidly evolving cloud environments.Extension of protection to situations where the cloud and corporate network are connected through a vpn, blurring the boundaries; and Integration of cloud security with the existing security eco-system used within the corporate network.
DeceptionGrid addresses and supports all of these important requirements and provides highly accurate detection and extensive visibility into the lateral movement of threats within the evolving cloud attack surface. This visibility closes the gap in attacker detection. Lateral movement within the cloud, movement from internal networks into the cloud, and lateral movement from another segment is detected and an alert is sent immediately. Ecosystem integrations can shut down the attack rapidly to support the rapid return to normal operations. DeceptionGrid with cloud support is available now – share your interest with us and we can help you get set up.
By Ori Bach
Why would I care about the type of device that connects to the network? Someone has already approved it!
IoT devices seem to get all-access passes to corporate networks due to the assumption that they can bring no harm to your network.
What users fail to comprehend is that IoT devices are possibly the weakest point in the corporate network. When an IP connects to an internet forum that’s okay, but when that IP is an IP security camera, itprobably means that, that IP security camera is compromised.
Only IT teams connect IoT devices to the corporate network The notion that ONLY IT teams connect IoT devices to the organizational network doesn’t reflect our reality.
In reality, there are many instances where an employee can connect their own device to the corporate network without it being cleared by IT. For instance, a doctor might bring a medical device to help him better diagnose his patients, he just plugs the device into the hospital network and uses it. Since IT never checked its security settings, the hospital network becomes susceptible to malicious activity, such as the theft of patients’ medical records.
If it’s a hardware device – it’s secure! On-prem appliances provide security teams with a false sense that they are safer than other softwarebased solutions.
The truth of the matter is that once appliances leave the vendor, regular firmware patch updates are required. Appliances that have not been vigilantly updated with the latest firmware patch expose corporate networks to security risks.
It’s ok to connect your point of sales (POS), PC and IP Security camera on the same network segment What can potentially go wrong? It’s convenient and easy to define. There shouldn’t be any issues from a security stand point. Right? Wrong!
Since IoT devices are your weakest link, putting them on the same network segment as other devices, you not only put them at risk, you also make the hacker’s job much easier.
If it’s up and running, it’s good to go! Another common misconception is that if a device is working on default configuration, then that is enough. For example, setting up an IP camera on the network without first changing the default password.
This default configuration poses a significant threat by exposing the device to attacks from other unsecured devices. Failing to change the default settings on an IoT device can allow a hacker to remotely execute malicious code, spy on users, break devices, or recruit them into a DDoS botnet through a known backdoor. Most users do not bother to change factory default usernames and passwords, making the hackers’ lives much easier.
Healthcare is one of society’s most vital industries, yet many healthcare organizations are struggling to keep up with technological innovations, namely the Internet of Things (IoT) and cloud computing. In this guest post, Ofer Amitai, CEO and co-founder of Portnox, a company that delivers network access control, visibility, management and policy compliance to ensure networks run smoothly and securely, provides ways healthcare organizations can control their exposure to risks.
The hesitance of some healthcare organizations is understandable, as making these changes could put lives at risk if the technological transfer fails or creates security concerns for the safety of patients’ protected health information and personal medical devices. While these concerns are valid, there are a number of benefits in making the shift to IoT and cloud computing technologies that causes organizations like MarketsandMarkets to predict that by 2020, healthcare spending on cloud services will reach $9.5 billion.
IoT is a big deal for health care because it has so many relevant applications. From personal medical devices, like pacemakers and insulin pumps, to vital hospital equipment for patient care and facility operations, the applications seem endless. Yet hospitals are concerned with the lack of security regulation for IoT devices and that by applying the technology known for increasing efficiency and productivity, they could be putting their business and even patients’ lives at risk. However, there are a few simple ways that healthcare organizations can control their exposure to risks from IoT devices using existing solutions in their data center.
Securing IoT devices beings, first and foremost, by gaining visibility into the connected endpoints on the network, including device parameters such as operating systems, anti-virus/anti-malware status, and running applications to identify potential areas of vulnerability. Once organizations know what’s on their network – a step that’s sometimes overlooked when it comes to IoT medical devices – they will be able to effectively prepare their IT teams to address areas of risk.
Another best practice is segmenting IoT devices (that often can’t be patched) into a separate part of the network, so that if they’re commandeered by a hacker, they can be easily contained and controlled. This creates a boundary between the IoT devices, sensitive medical records and other endpoints, such as laptops, PCs, etc., and other medical devices to control against lateral attacks across the hospital network.
Finally, another important rule of thumb is to change the default credentials of IoT devices connected to the network. The logon credentials of nearly 36,000 medical devices are listed on the Shodan network for Internet-connected devices, which makes them easy targets for hackers. Once these credentials are changed to unique passwords, hackers will have a harder time accessing the IoT device to carry out an attack.
While IoT transforms the lives of healthcare employees and patients, cloud computing has also shown its immense benefits in improving the management of healthcare data, as well as hospitals’ network infrastructure. Some of the top benefits of moving to the cloud for CSOs/CISOs in the hospital environment include: flexibility, reduction of capital expenditures, efficiency and improved doctor-patient relations.
With solutions like cloud storage, hospital data centers can store information off-site and make data accessible to patients and doctors in all locations. In addition, with data off-site, hospitals increase their resiliency to cyber threats and ensure business continuity, in the case of weather events or other disasters.
The move to the cloud also means hospital CISOs/CSOs no longer need to renew physical hardware and software to keep their data centers in compliance with industry standards, making investment in security appliances an operational expense as opposed to a hefty capital expense. Finally, cloud solutions are known for fast deployment, which makes time for data center professionals to engage in more essential tasks, such as monitoring the network for vulnerabilities.
Despite the wide range of benefits inherent in the cloud shift, CISOs/CSOs remain concerned with the security of these solutions. That’s why, in addition to deploying cloud security solutions, hospital data centers should ensure they have a full-proof security and mitigation plan in the case of a cloud outage or weather event (preventing Internet access, thereby preventing access to the cloud).
In addition, CISOs/CSOs should encourage a peer review system so that network security is being actively monitored in house, together with the cloud. Some hospitals have decided to categorize which data is relevant for storage in the cloud – patient health records and financial systems, for instance – as opposed to what is managed on premise, such as emails and security appliances. These are decisions that every hospital should make based on its business needs.
IoT and cloud computing have real value for healthcare industry because they allow for a democratization of patient-doctor relations like we’ve never seen before. Indeed, allowing patients full access to their healthcare records so they can receive adequate medical care from any location and any doctor is what IoT and cloud enable.
These advancements are great news for patients and doctors, but slightly worrisome for IT security professionals tasked with securing the hospital network. However, with enough planning and visibility into the hospital network, IoT and cloud can be embraced with open arms by the IT security community.
Ofer Amitai is the CEO and co-founder of Portnox, a company that delivers network access control, visibility, management and policy compliance to ensure networks run smoothly and securely.
With version 3.6, you can take advantage of new render elements, and enjoy support for Nuke 11.
With the Light Select Render Element in V-Ray 3.6, you can now render the full contribution of any light, or group of lights, including global illumination, reflections and refractions.
Cryptomatte automatically generates ID mattes with support for transparency, depth of field and motion blur.
This update is free for all V-Ray for Nuke customers.
Sign up to get a free V-Ray for Nuke trial >
Discover pricing options for educators and academic institutions>
Check out new review from Peter Stephenson, technology editor, SC Media about TrapX Security DeceptionGrid™ :
"This product is the most representative of what we see as an advanced deception network. It is actively morphing constantly to cut off the intruder at every turn and lure him into the deception grid and away from the real network using advanced AI and an escalating deployment of lures and deceptions. DeceptionGrid is an exceptionally well-thought-out system that has a specific process feeding a workflow and integrating with third party tools. In the early stages of an attack, the intruder is led through a series of intensifying functions that either derail the attack or lead it to a conclusion that is, itself, a dead-end.
The first stage is the deployment of endpoint lures. These are low interaction and are intended to move a genuine attacker along or to defeat the attack as in the case of a script kiddy who finds himself seeing assets but getting nowhere near them and giving up. The next stage is a medium interaction trap that masquerades as whatever is typical within the victim network. This is not a full operating system but has the characteristics of one. A persistent attacker is led to a high interaction honeypot which is a real (virtual) machine with a complete operating system and the types of applications and activity that would be expected on the real network.
This behavior is routed to the workflow, which collects intelligence dynamically and feeds an incident response process supported by third-party products such as SIEMs. The process is bait attackers with endpoint lures, then trap them with emulated traps and engage them with full operating system traps. The medium interaction traps can be deployed in very large numbers to help detect lateral movement when taken with the targets makes it easier to identify attackers.
The system can deploy any quantities of up to 500 unique decoys. When it is time to deploy full O/S decoys it uses lightweight virtual deployments, such as .ova files. These decoys can be deployed manually, can be imported or the system can decide what it needs on the fly. The medium interaction decoys are not full O/S deployments though they appear to be and have all the characteristics, behave correctly and the attacker cannot use them to escape into the real system.
High interaction honeypots are full O/S contained in a wrapper that allows the attacker to interact at all levels without being able to escape into the real operating environment. The deception tokens are lures or breadcrumbs that draw the attacker towards the safe part of the deception grid. To aid in identifying malware, a sandbox subscription is included in the licensing fee.The highpoint of the system is the event analysis.
This consists of the event analyzer, attack visualization, forensics, event correlation, the monitor and the event workflow. Attack visualization is one of the system's crown jewels. The visualization shows exactly what the attacker has done, how it has moved and with what it is interacting. Drilling down gets significant detail. TrapX contends that because assets in a deception network are not real they have no business reason to exist. Therefore, any attempted interaction must be malicious. The web site is adequate and there is premium support included in the licensing fee.
September 28, 2017 — Synology® Inc. announced the official launch of DiskStation DS418play, a 4-bay NAS ideal for serving as a home multimedia center.
DS418play is equipped with a dual-core 2GHz processor capable of bursting up to 2.5GHz. It comes with 2GB DDR3L memory by default, which is twice the size of its predecessor, and expands up to 6GB to enhance multi-tasking operations. Powered by a new hardware transcoding engine, DS418play supports up to two channels of H.265/H.264 4K video transcoding.
"Mobile devices supporting 4K video recording are becoming increasingly popular. However, since 4K video clips are capacity-consuming and not all TVs at home support 4K video playback, users tend to record videos with lower resolution as an alternative," said Michael Wang, product manager at Synology Inc. "With DS418play supporting up to 40TB of raw capacity, users can store their favorite videos in ultra-high definition, organize and share videos with families and friends effortlessly, and transcode videos on-the-fly to allow video playback on devices that do not support 4K."
The processor of DS418play supports AES-NI hardware accelerated encryption. With Link Aggregation enabled, DS418play delivers excellent encrypted data throughput at over 226 MB/s reading and 185 MB/s writing. Users' digital assets are protected by AES-256 encryption, which allows them to enjoy high-performance data transmission.
DS418play runs on DiskStation Manager (DSM) 6.1, the advanced and intuitive operating system for Synology NAS devices, with various applications offered to enhance work productivity. Synology has received numerous media accolades, topping the mid-range NAS category in TechTarget's storage solution survey and winning PC Mag Readers' Choice seven years in a row.
What’s NEW in MindManager 2018
Your priorities — straight.
Isolate your priorities in uncluttered interface that makes next steps clear. Items tagged with priority icons will automatically show up in the view. Or drag and drop unassigned tasks into priority columns. When priorities change, you can rearrange them in seconds, to keep projects moving forward on the right track.
Get a clear picture of the road ahead.
Organize your to-dos in a clean, easy-to-read and instantly- accessible calendar. When you know what’s coming when, you can plan and spend your time a lot more effectively. And with simple drag-and-drop scheduling, attaching dates to action items you create while brainstorming or planning won’t take you out of the flow.
Your wish is your map’s command.
Make your dashboards come alive with new Conditional Formatting capabilities. Trigger dynamic changes in response to fluctuations in whatever data you choose — so you can instantly understand and react to new developments in a plan, project or your business, without having to read a word.
Your vision. Our tools. Endless possibilities.
Reinvent the way you use MindManager with expanded background objects and map-making tools. Customize existing templates or create whole new structures to organize and understand your world. You have free rein over the way your map looks, the story it tells about your business, and the results it helps you achieve.
Visualize new paths to growth and profit.
Take our new library of background objects to the next level with more than a dozen inspired NEW and improved templates that help you see ideas, plans and possibilities in ways that empower more informed thinking, smarter decisions and better outcomes.
Forest and trees, together at last.
Surface the information you need in an ingenious new layered view that brings your selected items into sharp focus, while keeping the rest of your map visible in the background — the perfect blend of detail and context. Now you can focus on one thing, without losing sight of anything.
Send your maps on a journey of their own.
Some maps are too good to keep to yourself. Publish lets you quickly and easily share ideas with colleagues to build understanding and alignment, show proposals and plans to customers to create engagement and excitement, or simply put your masterpieces “out there” for others to learn from, be inspired by and build on.
Make your point with REAL power.
The latest evolution of the HTML5 Interactive Map Export introduces a new level of polish, professionalism, effortlessness and impact to your map presentations.
Whether you’re a fan of digital transformation or not, there’s no denying that the shift to the cloud is engulfing enterprise IT. According to Gartner, over the next five years, over $1 trillion in compounded IT spending will be directly or indirectly impacted by the cloud shift, making cloud computing one of the most disruptive forces of IT spending since the early days of the digital age. That said, it’s time to debunk some of the most common myths regarding cloud security before an outdated IT stack exposes your organization to emerging digital business risks.
Myth #1 – The Cloud Isn’t Secure
The top concern among C-Suites and IT teams alike is that cloud-based security solutions are more prone to external threats than legacy security solutions.
Debunked: On-premise security appliances require firmware upgrades to protect against known exploits, resulting in a constant need to keep the solutions up-to-date. In addition, configuration changes could expose the network to potential vulnerabilities, requiring tedious maintenance of management procedures and periodic penetration testing. However, cloud-based security solutions are constructed, from the outset, to evolve to address relevant threats in the current cyber security landscape. David Linthicum, a leading cloud analyst and VP at Cloud Technology Partners, explains that the security of the cloud is on par with the security of any external device: “Anything that can be possibly accessed from the outside – whether enterprise or cloud – has equal chances of being attacked, because attacks are opportunistic in nature”.
Myth #2 – The Cloud Is Still Too ‘New’ To Be Trusted
Cloud-based applications and services are relatively new on the IT front. So why trust them?
Debunked: An increasing number of both large and small to medium-sized enterprises across a variety of industries – government, healthcare, ecommerce etc. – are employing cloud-based solutions for everything from human resource management to network security. According to IDG Research, “Cloud technology is becoming a staple to organization’s infrastructure as 70% have at least one application in the cloud”.
Myth #3 – The Cloud Is Great for Productivity Apps, But Not for Securing the Network
There is big difference between cloud productivity apps, and performing key security actions, such as Network Access Control (NAC) from the cloud.
Debunked: NAC is a growing concern for CIO/CISOs and IT teams in large to SMEs due to the increased need to gain control over digital business risks. And the stigma of the cloud being less secure isn’t necessarily correct. Gartner reports that by 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.
Myth #4 – Cloud Solutions Require Re-Educating IT Teams
Training IT teams to deploy a cloud-based security-as-a-service solution would require significant time and resources.
Debunked: Cloud solutions inherently cut time and costs associated with security management in IT teams, freeing them up to carry out more productive and profitable action items. That’s added to the easy and instant deployment associated with cloud-based solutions including automatic system updates, usage demos, access to use cases, and more.
Myth #5 – Cloud Solutions Can’t Help with Compliance
Cloud solutions are constantly changing – one minute they are a “must have” security tool, and the next they are an imminent source of risk to company information. How can you trust cloud security solutions uphold compliance?
Debunked: Cloud solutions are taking heed and are doing their part to relieve this part of the “IT headache”. Many solutions integrate compliance standards into their product while allowing for modifications to the network policy where necessary. Built-in compliance is a winning strategy for business success, and ensures that there aren’t any loopholes the IT team is missing out on.
As Gartner puts it, “By 2020, a corporate ‘no-cloud’ policy will be as rare as a ‘no-Internet’ policy is today”. While in many cases, hype can have dangerous potential, in the case of cloud security, it’s a win-win situation: a win for digital transformation and a win for the IT team that’s eager to expand their business value proposition.
Portnox CLEAR – Security-as-a-Service Solution: The first completely cloud-based Security-as-a-Service solution for Network Access Control (NAC), CLEAR controls access for all devices and users to wired, wireless and virtual networks, to effectively confront digital business risks and cybersecurity threats.