Page 127 - CDM-Cyber-Warnings-March-2014
P. 127
was not being done. The Target breach pointed out that many breaches are not from the lack of technology, but the lack of corporate competence. Concurrent with the disclosure of fundamental incompetence of IT security at Target, their CIO left in March 2014. They focus on privileged identity management from a point solution that is used to remediate existing poor practices and implement a hard control into the realm of a privileged identity security platform. Their latest versions are being deployed in headless configuration (no console or web GUI needed) and being driven by PowerShell and Web Service APIs. These APIs orchestrate the discovery, randomization and release of credentials for a limited amount of time as a baked in feature of each machine (virtual and physical) and application’s lifetime. In essence their product is becoming a platform for cloud providers, MSPs, and government project that are seeking securing as part of their offering stack. RealSec USA While some know of Realsec as a hardware security module manufacturer (HSM), they are much more. They have a new Cryptosec Mail Server that was introduced a week before the show is a complete integrated system for electronic digital signing and encryption/decryption of corporate emails and powered by their own industry-leading Cryptosec PCI Hardware Security Module (HSM). The Cryptosec Mail Server is an ideal device for organizations that must make email authentication and security a priority. Seems the timing of their launch of the Cryptosec Mail Server couldn’t be better. They are offering a perfect solution for the end-to-end encryption of digital signatures, email, protected messages and attachments through a tamper responsive module that automatically erases every key if tampered with by a hacker. You can read more about Cryptosec Mail Server on their website. AlienVault I learned from my friends AlienVault that it was another successful year for them at the annual RSA Conference. In addition to seeing more than 800 people stop by the AlienVault expo booth for demos and presentations, the team also collected over 200 responses to a survey on crowdsourcing threat intelligence, which they plan to publish the results from in the weeks ahead. Coinciding with the conference, another infosec magazine named AlienVault as the winner of their “2014 Why My Company is Awesome” award. There was also a lot of buzz on the show floor around the need for affordable threat sharing for companies of all sizes but especially the mid-market – a way to benefit from a broader view across the diverse threat landscape than the limited perspective we get from looking only at the threats coming into our own organizations. I noticed this problem a few years ago. To help fix the problem, AlienVault created the crowd-sourced Open Threat Exchange. Since the launch of OTX two years ago, they have seen substantial growth in participation with more than 8,000 contributing sites across 140 countries—and that’s just from their customer and open source user base. In addition, they provide analysis and insights on the data they gather and remediation advice from AlienVault Labs security researchers. Needless to say, their experience at RSA this year was a memorable one and they tell me they are looking forward to building on the conversations and insights that came out of the show and continuing to help their customers put the attackers on the defensive. " # % " $ " # ! !
