PLATFORM SECURITY

Delinea Publishes Guide for Server Security

Delinea | June 01, 2022

Delinea Publishes Guide for Server Security
Delinea, a leading supplier of PAM solutions for seamless security, released "Conversational Server Access Security" to assist enterprises safeguard hybrid infrastructure against assaults. The free eBook from Conversational Geek illustrates how to use Zero Trust to adhere with Least Privilege and decrease risk.

Cybercriminals target Windows, UNIX, and Linux servers on-premise and in the cloud to exploit vulnerabilities. By attacking servers, fraudsters may access financials, IP, and more, opening the door to system-wide data theft, ransomware, and worse.

Delinea's guide on server access security explains how stacking security measures directly on servers can check that privileged credentials have the proper rights at every access point. Implementing a Zero Trust cybersecurity approach based on the Principle of Least Privilege reinforces this by giving access to server resources only to confirmed identities with the necessary entitlements, when they need them, and for only the time required to perform the job. Then remove those rights so they cannot be exploited.

"The concepts of Zero Trust and least privilege are not new, but many IT and security professionals are unclear about how to apply them in rapidly-changing, more complex hybrid environments. This new resource can help anyone get a better understanding of how to secure access to  on-premises and cloud servers and take actionable steps to avoid becoming the next victim of cybercrime targeting modern infrastructure."

Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea

The eBook's best practices assist cybersecurity professionals in implementing a server access security plan to:

  • Find and remove standing privileges that allow users to connect to servers from anywhere and at any time.
  • At each access control point, verify identities and permissions.
  • Make certain that only authorized users may access or modify resources on each server.
  • Allow users just-enough, just-in-time access and only provide elevated access when necessary.
  • At the server-side, log and record behavior.

Spotlight

THE PROBLEM of information security entails the protection of information elements (e.g., multimedia data) thereby ensuring that only authorized users are able to access the contents available in digital media. Content owners, such as authors and authorized distributors, are losing billions of dollars annually in revenue due to the illegal copying and sharing of digital media. In order to address this growing problem, digital rights management (DRM) systems are being deployed to regulate the duplication and dissemination of digital content [68]. The critical component of a DRM system is user authentication which determines whether a certain individual is indeed authorized to access the content available in a particular digital medium. In a generic cryptographic system, the user authentication method is possession based. That is, the possession of the decrypting key is sufficient to establish the authenticity.

Spotlight

THE PROBLEM of information security entails the protection of information elements (e.g., multimedia data) thereby ensuring that only authorized users are able to access the contents available in digital media. Content owners, such as authors and authorized distributors, are losing billions of dollars annually in revenue due to the illegal copying and sharing of digital media. In order to address this growing problem, digital rights management (DRM) systems are being deployed to regulate the duplication and dissemination of digital content [68]. The critical component of a DRM system is user authentication which determines whether a certain individual is indeed authorized to access the content available in a particular digital medium. In a generic cryptographic system, the user authentication method is possession based. That is, the possession of the decrypting key is sufficient to establish the authenticity.

Related News

DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS

At-Bay Selects Guidewire Cyence to Enhance Cyber Portfolio Accumulation Risk Management and Further Propel Market Growth

At-Bay, Inc. | September 17, 2022

At-Bay, the insurance provider for the digital age, and Guidewire today announced that At-Bay has chosen Guidewire’s cyber risk modeling and analytics product, Cyence, to further bolster its view, and management of, aggregation risk, within its growing cyber insurance portfolio. “Cyber risk aggregation is an important area of risk that every insurer should be actively monitoring and managing within their cyber portfolio. Investing in the right data capabilities, tools, and mechanisms for monitoring and sizing aggregation risk exposure is critical to managing cyber insurance risk in today’s fast changing threat landscape,” said Roman Itskovich, At-Bay’s Chief Risk Officer and Co-Founder. “With At-Bay’s steadfast focus on proactive risk management, Guidewire’s solution will help us to expand our data capabilities and toolkit for proactive risk management, so that we can continue to deliver great loss results,” Itskovich added. By combining world-class technology with industry-leading insurance expertise, At-Bay aims to provide the clarity and confidence that businesses need to address digital risk head on. Founded in 2016, At-Bay protects tens of thousands of business customers from today’s ever growing cyber threat landscape. With its in-house data collection capabilities aimed at addressing attritional risk in the selection, pricing, and active risk management of its portfolio, At-Bay will now expand its focus to aggregated risk exposures. “We selected Guidewire because it has a strong reputation for being one of the top cyber risk vendors, especially for transparency, in-house data collection, and market validation. “By applying Cyence’s advanced risk models and detailed aggregated risk scenarios to our own active risk monitoring capabilities and claims experience, we believe that we will be able to further enhance our underwriting and portfolio risk management decisions, and maintain a strong loss performance as our book grows.” Yoshifumi Yamamoto, Director of Cyber Risk Modeling, At-Bay Commenting on the news, Charles Clarke, Group Vice President, Analytics Sales & Advisory, Guidewire, said, “We admire At-Bay’s use of Cyence to expand its modeling capabilities to account for aggregated risk. We are pleased by their vote of confidence in our cyber capabilities and look forward to infusing data analytics to help At-Bay’s clients meet digital risk head-on.” About At-Bay, Inc. At-Bay is the insurance provider for the digital age. By combining world-class technology with industry-leading insurance expertise, At-Bay was designed from the ground up to empower businesses to thrive in the digital world. At-Bay is backed by Acrew Capital, Glilot Capital, the HSB fund of Munich Re Ventures, Icon Ventures, ION Crossover Partners, Khosla Ventures, Lightspeed Venture Partners, M12, entrepreneur Shlomo Kramer, and Qumra Capital. www.at-bay.com About Guidewire Software Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. ​We combine digital, core, analytics, and AI to deliver our platform as a cloud service. Approximately 520 insurers in 38 countries, from new ventures to the largest and most complex in the world, run on Guidewire.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SentinelOne LABScon Security Research Conference Unifies Private and Public Sector Through Groundbreaking Cybersecurity Discoveries

SentinelOne | September 22, 2022

SentinelOne, an autonomous cybersecurity platform company, today launched the inaugural LABScon, a conference dedicated to advancing cybersecurity research for the benefit of collective digital defense. The event features novel findings from sought-after voices in cybersecurity and groundbreaking research by leading research teams. “The goal of LABScon is to provide a venue for advanced security collaboration and community building,” said Migo Kedem, VP Growth and Head of SentinelLabs, SentinelOne. “We are pleased to unite the cybersecurity community - researchers, vendors, and practitioners - to strengthen collective understanding of the security landscape. Only through shared knowledge and collaboration will cybersecurity evolve.” The conference lineup features prominent speakers and world-class researchers presenting on today's most important cyber security topics. Conference highlights include: Mark Russinovich, Microsoft Azure CTO, presents the story of his seminal malware analysis toolkit, which transformed malware analysis and forensic investigation Dmitri Alperovitch, Executive Chairman of the Silverado Policy Accelerator and CrowdStrike Co-Founder and former CTO, discusses cyberwarfare and effective policies Morgan Adamski, Director of NSA's Cyber Collaboration Center, keynotes “Operational Collaboration: The Realities of Success” Chris Krebs, the first director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Partner of the Krebs Stamos Group, shares in-the-trenches perspectives on cybersecurity and government M.J. Emanuel, CISA Incident Response Analyst, delves into recent cyberattacks targeting satellite communications and critical infrastructure Mauro Vignati, International Red Cross, discusses the line between combatants and digital collaborators in war Thomas Rid, Professor of Strategic Studies and founding director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins SAIS, debuts cybersecurity discoveries Kim Zetter, world-renowned cybersecurity author, facilitates fireside chats and shares perspectives on cyberwar Kris McConkey, PwC’s Global Cyber Threat Intelligence Practice Lead, releases research detailing new activity emanating from Chinese advanced persistent threat (APT) groups Mandiant, Sophos, Volexity, BlackLotus, PwC, and Binarly drops new APT research and vulnerabilities SentinelLabs releases “Metador,” our most ambitious APT research to date LABScon is hosted by SentinelLabs, a world-class team of security researchers that identifies critical vulnerabilities, new attack vectors, malware strains, and threat actors. The event is sponsored by Stairwell, Luta Security, Cisco Talos, GreyNoise, HP Wolf Security, Aesir, Binarly, Team Cymru, and ReversingLabs. To stay updated with groundbreaking threat research and cybersecurity discoveries, visit https://www.sentinelone.com/labs/ About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

SOFTWARE SECURITY

McAfee and Telstra Partner to Bring Privacy, Identity and Security Solutions to Customers Across Australia

McAfee | July 11, 2022

Today, McAfee Corp., a global leader in online protection, announced a multi-year partnership with Telstra, Australia’s leading telecommunications and technology company, to deliver comprehensive protection to safeguard the privacy and identity of consumers across activities, devices, and locations. The partnership will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. “A recent McAfee study found 27% of Australians surveyed reported attempted account theft and 23% had experienced financial account information leaks. “As the proliferation of life online accelerates, we are thrilled to be partnering with Telstra who are showing through this collaboration, a commitment to innovation and to their customers by investing in new infrastructure and technologies that safeguard their mobile and broadband subscribers.” Pedro Gutierrez, Senior Vice President of Global Sales and Operations at McAfee McAfee’s integrated consumer security platform offers a wide array of mobile security solutions to protect customers’ privacy and identity while blocking viruses, malware, spyware, and ransomware attacks. This partnership allows Telstra’s customers to take advantage of these capabilities and protect themselves from additional threats including potential hacks, identity theft and broader gaps in online and mobile security so they can live life confidently online. “In today’s increasingly connected world the risk of cyber threats continues to grow. To counter the risk, Telstra is committed to providing our customers with the safety and security features needed to protect them online,” said Matthew O’Brien, Cyber Security Executive and Group Owner at Telstra. “This partnership with McAfee helps drive our mission to build a safe and secure connected future where everyone can thrive, and further complements Telstra’s T25 ambition to extend our network leadership position by delivering greater value to our customers.” To activate Device Security, Telstra customers can simply go in-store, online or to their MyTelstra app. The full suite of McAfee features supported include Antivirus/System Scan, Safe Browsing, Protection Center, Identity Protection, Password Manager, Parental Controls, Protection Score and Secure VPN. All eligible Telstra customers can try Device Security for three months on Telstra, then auto-roll onto $10/month after. About McAfee McAfee Corp. is a global leader in online protection. Focused on protecting people, not just devices, McAfee’s solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protect their families and communities with the right security at the right moment.

Read More