Privacy Experts Skeptical of Proposed Data Protection Agency

Threatppost | February 13, 2020

A new federal bureaucracy, the Data Protection Agency (DPA), has been proposed to completely revamp how the U.S. government regulates data collection and misuse by big tech companies. However, while privacy experts call the agency a “good first step,” they remain skeptical about how effective it would be once enforced. Currently, the responsibility of privacy regulation is divvied between several various agencies, including the Federal Communications Commission (FCC), Federal Trade Commission (FTC) and Department of Justice (DOJ). The new agency, introduced by Sen. Kirsten Gillibrand (D-NY), would streamline data regulation efforts under one group, billed with enforcing data privacy and penalizing improper data collection or use.

Spotlight

The Higher Education Information Security Council (HEISC), along with EDUCAUSE and Internet2, held its annual Information Security Awareness Video & Poster Contest, an event that allows college students to win prizes, gain experience, and earn recognition by creating a PSA about information security.
HEISC works to improve information security & privacy programs across the higher education sector

Spotlight

The Higher Education Information Security Council (HEISC), along with EDUCAUSE and Internet2, held its annual Information Security Awareness Video & Poster Contest, an event that allows college students to win prizes, gain experience, and earn recognition by creating a PSA about information security.
HEISC works to improve information security & privacy programs across the higher education sector

Related News

ENTERPRISE SECURITY

MRK Technologies Adds New Autonomous Penetration Tests

MRK Technologies | April 18, 2022

MRK Technologies, a cybersecurity risk management company, has announced a collaboration with Horizon3.ai to assist its clients tackle the ever-evolving ransomware threat with a new Autonomous Penetration Tests as a Service (APTaaS). Penetration testing can be automated and executed as often as needed to guarantee all systems are safe utilizing Horizon3.ai's NodeZero platform. John Tookman, Chief Revenue Officer and Senior Vice President of MRK Technologies said that "We pride ourselves on continuously bringing the best technology to our customers. We're excited to add Horizon3.ai's NodeZero platform to our managed security services, which allows us to help ensure our customers' systems are secure." He further added that, "In the last couple of years, we've doubled down on our efforts to build out our Security Operations Center in order to provide best-in-class service offerings to our customers. Adding APTaaS is just the next step in continuing to achieve our mission of helping our customers achieve a stronger security posture amidst the ever-evolving threat landscape." Annual penetration testing is often seen as a compliance necessity rather than a value addition. Many pentests merely provide a snapshot of a network that is only relevant for a limited time. This new continuous APTaaS is a real SaaS product that assists cybersecurity teams in constantly identifying and fixing vulnerabilities in their systems before attackers can use them. "Threat actors know how to chain together network misconfigurations, vulnerabilities, harvested credentials, and dangerous product defaults to create attack vectors you never imagined would be exploitable. Our partnership with MRK Technologies allows us to provide APTaaS to customers, helping them to harden their security postures with pentests that can run as often as they wish." Snehal Antani, CEO and co-founder of Horizon3.ai This new product complements MRK Technologies' Security Operations Center's existing managed securities portfolio, which includes Managed Detection & Response (MDR/EDR), Managed Security Information & Event Management (SIEM), Managed Deception Technology, and Managed Network Detection.

Read More

DATA SECURITY

ISTARI, the Cyber Risk Management Company, to Invest in Pioneer Prevalent AI (PAI)

ISTARI | July 05, 2021

A global cybersecurity platform, ISTARI, which is dedicated to helping clients managing digital risk and build cyber resilience, and the leaders in Security Data Science, Prevalent AI (PAI), has today announced that ISTARI has opted to become an important minority shareholder of PAI. Industry veterans Sir Iain Lobban, Paul Stokes, Arun Raj, and Andrew France OBE founded PAI in 2017. When founded, they had the aims such as enabling organisations to quickly ingest, convert and contextualise complex, large, and disparate data sources by using their Security Data Science Platform and connected services, increasing the capability to respond to cyber riss and attacks in time and prevent it. Rashmy Chatterjee, the Chief Executive Officer of ISTARI commented that they are thrilled to welcome PAI to the ISTARI Collective. In response, Sir Iain Lobban, PAI Founder and Chairman, added that this is a spectacular match to join together with the same aim and goal protecting organizations from cyber threats. About ISTARI ISTARI was established in 2020 and headquartered in Singapore. It is a an investment company, founded by Temasek. It is an advisory practice, investor and educator through its cyber Academy and has a global presence in the US, Europe and Singapore. About PREVALENT AI PREVALENT AI (PAI), the leaders in Security Data Science, provides successful cyber analytics solutions for both government and commercial. Founded by former UK government cyber officials and industry experts in 2017, the company has changed the way organisations use risk data. Its 75 professionals work out of two offices, which are located in London and Cochin, India.

Read More

DATA SECURITY

Darktrace's Cyber AI Analyst is now running open Investigations

Darktrace | February 22, 2022

Darktrace, a global leader in cyber security AI, announced significant upgrades to its flagship Cyber AI Analyst product, which now intelligently groups incidents to cover the life cycle of complex compromises as they develop and progress across various entities within a company's digital estate. In addition, Cyber AI Analyst now treats incidents as 'open investigations,' with fresh supporting evidence being added to ongoing cases regularly. Cyber AI Analysts' open investigations piece together cross-entity incidents, so a SaaS account takeover can now be linked back to the same compromised credentials used on a local device. In addition, Cyber AI Analysts' open investigations are known for augmenting human analysts by continuously investigating to surface and prioritize the most critical incidents. This procedure is similar to open criminal investigations, in which a single piece of evidence can link two seemingly unconnected crimes. With ever-growing, distinct digital estates, it's vital that Cyber AI Analyst investigations are tailored to their specific circumstances rather than following a one-size-fits-all paradigm with pre-programmed investigative strategies. The on-the-fly technological approach to studies by AI Analysts allows it to identify the needle in a thousand haystacks, which could be essential in linking different compromises. Previously, several events would have been treated as separate incidents. When AI Analyst finds a link between two incidents, it can automatically integrate them. As a result, early adopter customers have seen a 63 percent reduction in total incidents and a 92 percent reduction in the most critical incidents as a result of the shift to open investigations, further reducing time-to-meaning and analyst triage time, allowing customers to focus on macro-level tasks and initiatives. Cyber AI Analyst open investigations can be run manually by a human member of the security team or triggered automatically by a third-party event, such as an alert ingested directly from another security solution, to validate and further contextualize their detections and decisions, in addition to continuously running based on directly observed events. Furthermore, investigations are immediately connected into human and technological ecosystems for consumption, whether through the Darktrace UI, exportable results, or third-party technologies like SIEMs and ticketing systems. "Our Cyber AI Research Centre focused on identifying ways to piece together seemingly disparate activity from different sources and entities to tie multiple possible indicators of compromise closely, This cross-entity approach to incident discovery allows for the automated detection of compromises, and the automated determination of their full scope, without human attention. This influential research evolved to directly impact these key updates that make understanding incidents easier for Darktrace customers." Dr. Tim Bazalgette, Research, and Development Product Lead, Darktrace

Read More