DATA SECURITY

Trend Micro Global Capture the Flag Winners Show Cybersecurity Excellence

prnewswire | December 21, 2020

Pattern Micro Incorporated , the pioneer in cloud security, today declared the victors of its worldwide Capture the Flag (CTF) rivalry, a yearly occasion that exhibits the absolute most noteworthy cybersecurity ability on the planet in a straight on fight.

The previous year has prompted an exceptional degree of corporate computerized presence because of monetary and social movements identified with the COVID-19 pandemic. With this move comes an interest for expanded cybersecurity, the same number of associations around the globe have relocated quite a bit of their labor force on the web and their IT foundation to crossover cloud models.

The CTF was planned by Trend Micro analysts to show true cybersecurity situations. Occasions like this fill in as a significant piece of Trend Micro's way to deal with tending to the cybersecurity abilities lack by rousing future ability and building a cybersecurity labor force devoted to securing an associated advanced world.

"In a time where we can't be together in person, opportunities to unite under the common interest of guarding against cybercrime are increasingly important," said Mike Gibson, vice president of threat research for Trend Micro. "The excellent display of talent, competition, and comradery of this event bolsters Trend Micro's mission of making the world safe for securing digital information. In today's threat landscape, the success of any organization rests on its ability to remain agile while also achieving a high standard of security. With events like our Global CTF, it is our goal to train defenders to successfully navigate this landscape."

While the challenge incorporates a virtual segment each year in the online qualifier, which occurred on October 3-4, this year a virtual last was held unexpectedly on December 19-20, 2020.

Groups from across the globe contended in difficulties zeroed in on figuring out, legal sciences/misuse, open-source knowledge (OSINT), versatile, IoT, AI, and radio recurrence (RF) frameworks. RF was incorporated unexpectedly after a profoundly effective commitment with the cybersecurity network in isolated Capture the Signal occasions in the course of recent years.

About Trend Micro
Trend Micro, a global leader in cybersecurity, helps make the world safe for exchanging digital information. Leveraging over 30 years of security expertise, global threat research, and continuous innovation, Trend Micro enables resilience for businesses, governments, and consumers with connected solutions across cloud workloads, endpoints, email, IIoT, and networks. Our XGen™ security strategy powers our solutions with a cross-generational blend of threat-defense techniques that are optimized for key environments and leverage shared threat intelligence for better, faster protection. With over 6,700 employees in 65 countries, and the world's most advanced global threat research and intelligence, Trend Micro enables organizations to secure their connected world.

Spotlight

With this free e-book we would like to assist agencies, freelancers, website owners and WooCommerce shop operators to get an easy access to the most important contents of the EU’s upcoming General Data Protection Regulation (EU GDPR). In addition, we will show you some practical case examples such as tracking, email marketing and WordPress plugins. In this guide, you will also find concrete task instructions and a checklist, which will help you to get your business and your WordPress website ready for legal compliance with GDPR right on time.

Spotlight

With this free e-book we would like to assist agencies, freelancers, website owners and WooCommerce shop operators to get an easy access to the most important contents of the EU’s upcoming General Data Protection Regulation (EU GDPR). In addition, we will show you some practical case examples such as tracking, email marketing and WordPress plugins. In this guide, you will also find concrete task instructions and a checklist, which will help you to get your business and your WordPress website ready for legal compliance with GDPR right on time.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

IronNet Enhances Network Detection and Response Solution, IronDefense

IronNet, Inc. | January 05, 2023

IronNet, Inc., a pioneer in transforming cybersecurity through collective defenseSM, has announced that its network detection and response (NDR) solution, IronDefense, now has more features. IronDefense, awarded the best possible grade by SE Labs for Enterprise Advanced Security NDR Detection, enables advanced and early visibility of unidentified cybersecurity threats that have evaded endpoint and firewall detection and infiltrated the network, regardless of whether it is on-premises or in the cloud. With IronNet's most recent NDR enhancements, Security Operations Center (SOC) analysts can use IronDefense to identify VPN misuse, including high abnormal login times, password spraying, and unsuccessful logins, all of which may be suggestive of brute force attacks or unauthorized access attempts. Additional analytics enhancements enable the identification of ongoing patterns of both randomized-timing and fixed-interval beacon activity, as well as the detection of DNS tunnels utilizing innovative encoding techniques employed by cybercriminals. The IronNet product development team has also improved IronDefense's usability. Specifically, new sensors can now be automatically commissioned and upgraded without the intervention of SOC personnel. IronDefense allows customers utilizing SentinelOne endpoint detection and response (EDR) to remotely establish and update network inventory and isolate a device in a SentinelOne-deployed network through the Entity page of the IronDefense user interface. CarbonBlack and Crowdstrike endpoints offer equivalent capabilities. About IronNet, Inc. IronNet, Inc., founded in 2014 by GEN (Ret.) Keith Alexander, is a global leader in cybersecurity that is revolutionizing how enterprises safeguard their networks by providing the first-ever Collective Defense technology operating at scale. IronNet, which employs a number of ex-NSA cybersecurity operators with both offensive and defensive cyber experience, incorporates extensive tradecraft knowledge into its industry-leading technologies to address the world's most difficult cyber problems.

Read More

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Wiz Launches Free Cloud Framework to Drive Community-Backed Security

Wiz | December 15, 2022

Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process. "Over the past year and a half, Wiz researchers and other members of the cloud security community discovered several cross-tenant vulnerabilities in various multi-tenant cloud applications. "Although these issues have been reported extensively and were dealt with appropriately by the relevant vendors, we've seen little public discussion on how to mitigate such vulnerabilities across the entire industry. This is where we see an opportunity to strengthen the collaboration between members of the security community." Wiz CEO Assaf Rappaport Beyond offering a guideline for organizations, PEACH is a starting point for empowering security teams to work together to establish standard transparency and common language when it comes to mitigating cloud threats. Serving as a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, PEACH manages the attack surface exposed by user interfaces and provides a clear standard for transparency on tenant isolation assurance. Wiz developed the following parameters based on lessons learned to address the rising cross-tenant vulnerabilities, lack of a standard for transparency, and missing common langue among vendors: Privilege hardening – ensure tenants and hosts have minimal permissions in the service environment. Encryption hardening – confirm the data belonging to each tenant is encrypted with a unique key, regardless of where the information is stored. Authentication hardening – validate that communication between each tenant and the control plane use authentication with a validated key unique to each tenant. Connectivity hardening – establish that all inter-host connectivity is blocked by default unless explicitly approved by the tenants involved. Hygiene – verify that unnecessary secrets, software and logs scattered throughout the environment are purged to avoid leaving clues or enabling quick wins for malicious actors. The second part of the security review process consists of remediation steps to manage the risk of cross-tenant vulnerabilities and improve isolation as necessary. These include reducing interface complexity, enhancing tenant separation, and increasing interface duplication -- all while accounting for operational context such as budget constraints, compliance requirements, and expected use-case characteristics of the service. This framework was reviewed and collaborated on with cloud security industry experts from AWS, Google, IBM, Netflix and Cisco. Instead of commercializing PEACH though, Wiz will be offering the framework for free. About Wiz Wiz secures everything organizations build and run in the cloud. Founded in 2020, Wiz is the fastest-growing software company in the world, scaling from $1M to $100M ARR in 18 months. Wiz enables hundreds of organizations worldwide, including 30 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman & Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks and Aglaé.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION

Wallarm Announces the Early Release of Its Enhanced API Security Technology

Wallarm | January 23, 2023

Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak. Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data. With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach: Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute. Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio. Control - Wallarm also continuously monitors and prevents the use of leaked API secrets. The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation. About Wallarm Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.

Read More