Bug Bounties and How They Help

Trend Micro

Once a vulnerability becomes known to cybercriminals, the race is on for vendors to create a patch before it is exploited. And with the regular use of exploits in attacks and threats like the WannaCry ransomware using a vulnerability, getting the win has never been so crucial. This month we will cover the bug bounty marketplace, including the different types of markets available to vulnerability researchers.  As well, we will review Trend Micro Research and how their research can benefit organizations through responsible disclosure and pre-disclosed filters to virtually patch vulnerabilities.
Watch Now

Spotlight

It was proposed1  that data fusion techniques should be used to enhance situational awareness into network security events. However, since then, there have been few successes in adopting multi-sensor data fusion technologies for cyber security. This may be due to limited understanding of the entire data fusion process and it can and should be applied in cyber security. Researchers appear to be focused on using network-based intrusion detection systems and fusing their outputs to gain a more full understanding of undesired activities on the network. While there has been some success in this effort, overall awareness of the current status of the network and projection of future actions of adversaries has still not been achieved. The problem is much more complex and requires the fusion of data from widely varied sources, using multiple algorithms to achieve fusion and awareness at different levels and contexts. Most importantly, it must be understood that these tools are situational awareness aids. Their objective is to assist the human cyber security analyst and therefore must take into account human cognitive capabilities. The goals of this research, therefore, are to describe the JDL Data Fusion Process Model in cyber security terms (Section 2), categorize and describe the efforts of previous research in this domain (Section 3) and suggest areas for future work (Section 4).

OTHER ON-DEMAND WEBINARS

Attack Tactics 6! Return of the Blue Team

Black Hills Information Security

In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed in Attack Tactics Part 5. Introduction, password spray toolkit, account lockout, honey accounts, canary tokens, and two factor authorization. fixthefuture , two factor authorization, dumping global address lists, mailsniper 20:30 Lateral movement, OWA, VPN, SSH. Scanning and enumeration, Nmap, SSH Brute Force, “Find Open”, LLMNR, LLMNR Responder, and NrlmRelayX.
Watch Now

Adopting a Purpose-Built Approach to Linux Security

Carbon Black

Cloud is the dominant computing trend of our time, and Linux is the power behind it. As enterprises continue to adopt more cloud native infrastructure, we see accelerated adoption of Linux in the form of both migrations of existing infrastructure and greenfield application deployment. Unfortunately the approach to securing this growing fleet of production servers has not evolved at the same pace.
Watch Now

2022 Cyber Challenges & Industry Intelligence Study

The modern security organization is fueled by intelligence, advanced technology, and more knowledgeable professionals than any other point in history. However, the endless war that started at the dawn of connectivity often sees the same challenges as we do today and much of this stems from the misconception that organizations must fight threat actors on their own. This myth continues to create siloes, both internally and externally, and prevents teams from gaining necessary threat visibility or reducing overloaded analysts workload.
Watch Now

Learning at the Speed of Business

Join Ian Stevens, North America L&D Lead at Publicis Sapient will share his team's successful learning programs that prepared Sapient's consultants to be leaders in digital transformation. Watch now to walk away with: A proven "push-pull" blended learning program How to tie learning with hiring & staffing priorities to motivate
Watch Now

Spotlight

It was proposed1  that data fusion techniques should be used to enhance situational awareness into network security events. However, since then, there have been few successes in adopting multi-sensor data fusion technologies for cyber security. This may be due to limited understanding of the entire data fusion process and it can and should be applied in cyber security. Researchers appear to be focused on using network-based intrusion detection systems and fusing their outputs to gain a more full understanding of undesired activities on the network. While there has been some success in this effort, overall awareness of the current status of the network and projection of future actions of adversaries has still not been achieved. The problem is much more complex and requires the fusion of data from widely varied sources, using multiple algorithms to achieve fusion and awareness at different levels and contexts. Most importantly, it must be understood that these tools are situational awareness aids. Their objective is to assist the human cyber security analyst and therefore must take into account human cognitive capabilities. The goals of this research, therefore, are to describe the JDL Data Fusion Process Model in cyber security terms (Section 2), categorize and describe the efforts of previous research in this domain (Section 3) and suggest areas for future work (Section 4).

resources