EU Looks to Reduce Exposure to Chinese 5G Risk: Report

Infosecurity Magazine | January 02, 2019

The European Union is hoping to lead a more coordinated response to security concerns over Chinese 5G equipment makers, it has emerged. Brussels wants to ensure it doesn’t end up with a situation where member states have unwittingly allowed Chinese kit to dominate across the region, according to the FT. One unnamed diplomat told the paper that with although 5G auctions can raise billions for governments, the EU is "urging everyone to avoid making any hasty moves they might regret later.” “It’s quite a serious strategic problem for the EU and we haven’t properly mapped the exposure,” they added. “The problem is every country is interested in the 5G auction because it’s a massive payday. Once these auctions have happened you need to avoid a situation where you end up with the entire continent being with one [equipment] provider.” The EU wants to map its exposure to Chinese technology as national security concerns mount. The US, Australia, New Zealand, Taiwan and Japan have all banned Huawei products on security fears to a lesser or greater extent, despite the firm repeatedly protesting its innocence.

Spotlight

Confidentiality. prevents unauthorized use or disclosure of information. Integrity. safeguards the accuracy and completeness of information. Availability. authorized users have reliable and timely access to information. The Internet was initially designed for connectivity – Trust assumed – We do more with the Internet nowadays – Security protocols are added on top of the TCP/IP.

Spotlight

Confidentiality. prevents unauthorized use or disclosure of information. Integrity. safeguards the accuracy and completeness of information. Availability. authorized users have reliable and timely access to information. The Internet was initially designed for connectivity – Trust assumed – We do more with the Internet nowadays – Security protocols are added on top of the TCP/IP.

Related News

SOFTWARE SECURITY

Exabeam Partners with Google Cloud

Exabeam | June 09, 2022

Exabeam, a pioneer in Next-Generation SIEM and XDR, announced today its intention to construct and evolve its modern cloud-native security information and event management (SIEM) and cybersecurity analytics solutions on Google Cloud. The move provides global security teams with endless data ingestion, speed, and scale options in their continuous battle against more sophisticated cybersecurity threats over an ever-expanding attack surface. “Exabeam is unlike any other SIEM vendor in that we leverage our machine learning-based, cyber analytics product to help security teams be more efficient. With this next version of our product, we will now become completely cloud-native offering unparalleled performance, scale, and cost efficiency. Exabeam is built by security people for security people.” Michael DeCesare, CEO and president, Exabeam Gerrit Kazmaier, Vice President and General Manager, Data Analytics and Business Intelligence at Google Cloud said that “Addressing and protecting data from security threats and attacks is a business-critical focus that is constantly evolving. We look forward to continuing our work together to create products that help companies securely leverage their data at cloud scale.” Adam Geller, chief product officer, Exabeam said that “After looking at several cloud players in the market, we selected Google Cloud, specifically the Data Analytics family of products including BigQuery, Dataflow, and Looker, because of its hyperscale, speed, and ability to support the type of technically advanced products we build at Exabeam. Google Cloud has enabled us to greatly accelerate our own security platform and product innovation resulting in state-of-the-art features and capabilities that can finally overcome the data proliferation and threat detection, investigation, and response (TDIR) challenges faced by security operations teams today.” Exabeam has been named a Leader with the highest ability to execute in the 2021 Gartner Magic Quadrant for SIEM for the third time in a row, joining a rapidly growing list of technology companies that power their products and businesses with Google data cloud products like BigQuery, Looker, Spanner, and Vertex AI.

Read More

DATA SECURITY

SentinelOne and Cribl Partner to Deliver Data Flexibility Across Cybersecurity and Observability

Cribl | August 04, 2022

Cribl, the leader in enabling open observability, today announced a new partnership with SentinelOne, an autonomous cybersecurity platform company. The partnership enables SentinelOne customers to leverage Cribl's observability product suite to streamline cybersecurity triage, optimize data collection, and provide security teams control of their data. By integrating Cribl's observability product suite with Singularity XDR, SentinelOne customers can now unlock the value of all observability data. Key benefits include the ability to: 1) Operationalize endpoint and extended detection and response (EDR & XDR) of data sources in joint customer environments, 2) Streamline for triage and investigative functions in the Security Operations Center (SOC), and 3) Progress cybersecurity programs with enhanced threat intelligence, threat hunting, and adversary simulation. "Today's cybersecurity risk levels are increasingly associated with the ability to understand data across enterprise assets. "Our partnership with Cribl helps optimize data collection at scale, enabling security teams to minimize risk and save time." Chuck Fontana, SVP Business Development at SentinelOne "We're excited to partner with the SentinelOne team," said Zac Kilpatrick, VP of Channel and Alliances at Cribl. "To keep up with persistent threats and the ever-changing security landscape, SOC activity must move from reactivity to proactivity. SentinelOne's autonomous and proactive approach to cybersecurity is differentiated in the market and aligns with Cribl's objective of optimizing analytics platform cost and performance." Integration with SentinelOne's Cloud Funnel Cribl's product suite now integrates with SentinelOne's Cloud Funnel, a data subscription enabling XDR data to be stored locally in an enterprise's data lake. This solution works with any data type, such as file, process, DNS, flow, behavioral, registry, commands, scripts, and more. Cloud Funnel's flexibility provides SentinelOne customers the ability to choose which data type they need, optimize it to find the right signal, and route it for maximum efficiency - all at machine speed. Integration with DataSet Cribl Stream now supports SentinelOne's DataSet as a destination to seamlessly route data from legacy log analytics solutions. DevOps and IT teams choose DataSet to analyze data in real-time, effortlessly scale to petabytes, and cost-effectively retain data for longer periods of time for compliance and audit purposes. The new integration enables Cribl customers to pipeline their data to DataSet without changing their data instrumentation, collection, and ingestion. SentinelOne and Cribl will also continue bringing new offerings to market, including integrating Cribl Stream into SentinelOne's Singularity XDR platform. About Cribl Cribl makes open observability a reality for today's tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It's enterprise software that doesn't suck, enables tech professionals to do what they need to do, and gives them the ability to say "Yes." With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future. Founded in 2017, Cribl is a remote-first company with an office in San Francisco, CA.

Read More

SOFTWARE SECURITY

Bugcrowd Launches Reseller Partnership with SocialProof Security

Bugcrowd | June 27, 2022

Bugcrowd, the market leader in crowdsourced cybersecurity, announced today a strategic reseller collaboration with SocialProof Security, advancing the organization's objective to keep clients ahead of growing cyber threats. As part of the cooperation, Bugcrowd will resell SocialProof Security's services, including social engineering prevention training, protocol and practitioner seminars, and penetration testing. In addition to reselling social engineering services, Bugcrowd continues to innovate and invest in its award-winning Security Knowledge Platform, which provides the most comprehensive suite of security solutions such as bug bounty, vulnerability disclosure programs, attack surface management, and pen testing as a service. Bugcrowd, for example, allows consumers to buy pen tests from a single supplier for any sort of use case, from basic assurance of simple web apps and networks to continuous testing of cloud services and APIs, and now, social engineering. Due to their friendly hacker approach to boosting customer defenses against human-based assaults, SocialProof Security and CEO Rachel Tobac, the market leader in social engineering prevention services, have gained prominence. Twitter, PayPal, Uber, Prudential Insurance, Cisco Systems, WhatsApp, NATO, and the US Air Force are among the noteworthy clients of SocialProof Security. "We are excited to work with Bugcrowd on this reseller partnership as we move forward with our aligned mission to arm organizations with a proactive means to reduce social engineering risk through education, identity verification protocol improvements, technical tools, and measuring those updates with social engineering penetration testing. The majority of cyber attacks now start with some element of social engineering—manipulating people to take actions that could harm organizations. This partnership illustrates the priority Bugcrowd places on actionable and measurable social engineering risk mitigation in a well-rounded security program," said Tobac. "Even with current elevated threat levels, many organizations are surprisingly unprepared for the threats from social engineering attacks, as we repeatedly find low awareness across organizations, outdated or inconsistent identity verification, and limited practitioner skill sets. Fortunately, taking a multidimensional approach that combines prevention training and tools, human-based protocol updates, and pen testing can dramatically reduce the risk of social engineering attacks. We look forward to bringing this innovative solution to market as a part of our services." Ashish Gupta, CEO of Bugcrowd SocialProof specializes in defending against social engineering attacks, in which attackers deceive workers in order to get personally identifiable information (PII), passwords, and unauthorized access to accounts, money, or other sensitive information. Common attack vectors like phishing, impersonation, and pretexting can be used to carry out such manipulation. In fact, respondents to ISACA's 2021 State of Cybersecurity Survey rated social engineering as the #1 cyber threat.

Read More