Operational resource aimed at helping small newsrooms shore-up their cybersecurity practices

prnewswire | October 15, 2020

Today the Global Cyber Alliance (GCA) released the GCA Cybersecurity Toolkit for Journalists at the 2020 Online News Association conference. The toolkit is a free, operational resource aimed at helping journalists, watchdogs, and small newsrooms shore-up their cybersecurity practices. Journalists around the world have long been targets of cyber attacks, whether reporting on crime, politics, or simply being a target for the spread of disinformation. Recent examples include an Angolan journalist reporting on the embezzlement of public funds and two Turkish journalists whose accounts and devices were compromised after reporting on the death of Turkish soldiers in Libya.   In order to provide some practical resources to manage these risks, GCA assembled a set of tools that journalists can use to shore up their cyber defenses, protect their devices and data, and help safeguard their online presence.

Spotlight

Ce n'est un secret pour personne. Le travail virtuel a déjà un impact significatif sur la façon dont les employés travaillent et génèrent de la valeur. Et plus d'entreprises que jamais emboîtent le pas. Lisez cet eBook pour découvrir pourquoi:

  • 50 % des entreprises ont dépensé plus pour les technologies mobiles et le travail virtuel au cours des trois dernières années.
  • Oxford Economics estime que ce chiffre passera à 70 % au cours des trois prochaines années.
  • Il n’est pas trop tard pour investir dans des Digital Workspaces sécurisés qui protègent les données et favorisent la productivité des employés.


Other News
PLATFORM SECURITY

QuSecure Launches Industry’s First End-to-End Post-Quantum Cybersecurity Solution to Uniquely Address Current and Future Quantum Computing Threats

QuSecure | May 21, 2022

QuSecure™, Inc., an innovator in post-quantum cybersecurity (PQC), today introduced its quantum orchestration platform, QuProtect™, the industry’s first end-to-end PQC software-based solution uniquely designed to protect encrypted communications and data with quantum-resilience using quantum secure channels. With QuProtect, for the first time organizations can leverage quantum resilient technology to help prevent today’s cyberattacks, while future-proofing networks and preparing for post-quantum cyberthreats. Leading experts, including Arthur Herman, senior fellow and director of the Quantum Alliance Initiative at The Hudson Institute, believe that a Cryptographically Relevant Quantum Computer (CRQC), which is a quantum computer that can break current cryptography and will expose the world’s encrypted communications and data, will be available within the next 3-5 years. Additionally, nation-state attackers are currently stealing encrypted data, using a “Steal Now, Decrypt Later” (SNDL) strategy to collect global encrypted data, which will be retroactively decrypted once a CRQC is available. As a result, on May 4, the White House mandated PQC compliance via the National Security Memorandum “Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.” Also, the bipartisan Endless Frontiers Act would establish a Technology and Innovation Directorate at the National Science Foundation which would use $100 billion in federal funds over five years to research emerging technologies including quantum computing, and specifically mentions the need for PQC. Organizations will need to follow suit to protect their data and communications from post-quantum cyberthreats. QuProtect provides quantum-resilient cryptography, anytime, anywhere and on any device. QuProtect uses an end-to-end quantum security as a service (QSaaS) architecture that addresses the digital ecosystem’s most vulnerable aspects, uniquely combining zero-trust, next-generation post-quantum-cryptography, quantum-strength keys, high availability, easy deployment, and active defense into a comprehensive and interoperable cybersecurity suite. The end-to-end approach is designed around the entire data lifecycle as data is stored, communicated, and used. “Quantum technologies have the potential to represent a platform shift, and platform shifts don’t come around that often,” said Laura Thomas, former CIA Chief of Base with more than 17 years in various national security and leadership roles and currently VP of Corporate Strategy at ColdQuanta, a quantum computing and sensing company. “When they do, they bring enormous opportunity coupled with the power for intense disruption, in all arenas, to include national security and economic security. Organizations should be evaluating post-quantum encryption solutions now and mapping out the resources and timelines needed to deploy them on their networks. QuSecure is playing a key role in future-proofing our networks from current classical and future quantum attacks.” QuSecure also today announced its formal company launch. See accompanying company launch press release issued by QuSecure today at QuSecure Company Launch. “Enterprises are charged with providing high levels of data security,” said Skip Sanzeri, QuSecure Founder and COO. “We are facing the largest computer upgrade cycle in history as all public key cryptography globally needs to be upgraded to PQC. Our QuProtect solution provides organizations with a first-mover advantage as the industry accelerates toward a quantum future. QuProtect allows organizations and their clients to maintain the highest level of quantum-resilient security to address cyberthreats with minimal disruption to existing systems.” QuProtect protects any node on the network by using National Institute of Standards and Technology (NIST) approved quantum algorithms to create secure quantum communications channels. Its technology enables backwards compatibility and can translate back and forth from PQC to standard Transport Layer Security (TLS), ensuring interoperability with any network. No other company combines QuSecure’s broad-based quantum and post-quantum technologies providing secure, interoperable cybersecurity to protect organizations’ networks from quantum threats. QuProtect’s unique differentiators include (partial list): Post-quantum open-source, end-to-end data protection on all platforms and networks – QuSecure applies post-quantum protections to all systems and devices – from cloud, to server, to laptop, to edge and IoT – protecting communications and data. QuProtect uses Quantum Random Number Generation (QRNG) to create quantum-resilient cryptographic keys which provide entropy throughout the entire network. Network-wide entropy is important because true quantum randomness protects systems from vulnerabilities and attacks such as pattern detection and cryptanalysis. Easy integration and deployment with zero client-side installations supporting most platforms – QuProtect is designed to be simple to deploy, operate and manage for existing devices and systems. Any existing platform that runs cryptography can be upgraded to PQC through QuProtect’s software-upgrade solutions. QuSecure’s solution enables controlled, phased deployment in highest priority segments first, enabling organizations to audit and/or delay endpoints which don’t need immediate upgrade. QuProtect permits instantaneous re-selection of algorithms enabling crypto agility while NIST finalizes the PQC algorithms to be standardized. Continuous monitoring and attack resilience – QuProtect improves security through continuous anomaly monitoring, machine learning-enabled attack detection, and active remediation. QuProtect is the industry’s most advanced PQC solution providing end-to-end quantum-resilience for many of today’s critical use cases, including satellite, network, and IoT communications. QuProtect can be hosted on-premise or via cloud-based orchestration delivering the most compatible solution to the post-quantum problem. An organization can implement PQC across all devices on the network with minimal disruption to existing systems, protecting against current and future classical and quantum attacks which could irreparably disrupt industries and infrastructures across government and commercial sectors. About QuSecure QuSecure is an innovator in post-quantum cybersecurity with a mission to protect enterprise and government data from quantum and classical cybersecurity threats. Its patent-pending, quantum-safe solutions provide an easy transition path to quantum resiliency across any organization. The company’s QuProtect solution is the industry’s first PQC software-based platform uniquely designed to protect encrypted communications and data with quantum-resilience using a quantum secure channel. QuSecure has current customer deployments in banking/finance, healthcare, space/satellite, IT/data enterprises, datacenters and various Department of Defense agencies. QuSecure is investor backed and has offices in Silicon Valley.

Read More

SOFTWARE SECURITY

Palo Alto Networks Calls on Cybersecurity Industry to Adopt ZTNA 2.0 -- Zero Trust with Zero Exceptions

Palo Alto Networks | May 12, 2022

Palo Alto Networks , the global cybersecurity leader, today urged the industry to move to Zero Trust Network Access 2.0 (ZTNA 2.0) — the foundation for a new era of secure access. ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs did not adequately scale and were overly permissive, but the first-generation ZTNA products (ZTNA 1.0) are too trusting and can put customers at significant risk. ZTNA 2.0 solves these problems by removing implicit trust to help ensure organizations are properly secured. "This is a critical time for cybersecurity. We are in an era of unprecedented cyberattacks, and the past two years have dramatically changed work — for many, work is now an activity, not a place. This means that securing employees and the applications they need is both harder and more important. Zero trust has been embraced as the solution — and it is absolutely the right approach! Unfortunately, not every solution with Zero Trust in its name can be trusted. ZTNA 1.0 — for example — falls short." Nir Zuk, founder and chief technology officer at Palo Alto Networks For modern organizations where hybrid work and distributed applications are the norm, ZTNA 1.0 has several limitations. It is overly permissive in granting access to applications because it can't control access to sub-applications or particular functions. Additionally, there is no monitoring of changes in user, application or device behavior, and it can't detect or prevent malware or lateral movement across connections. ZTNA 1.0 also cannot protect all enterprise data. ZTNA 2.0-capable products, such as Palo Alto Networks Prisma® Access, help organizations meet the security challenges of modern applications, threats and the hybrid workforce. ZTNA 2.0 incorporates the following key principles: Least-privileged access — enables precise access control at the application and sub-application levels, independent of network constructs like IP addresses and port numbers. Continuous trust verification — after access to an application is granted, continuous trust assessment is ongoing based on changes in device posture, user behavior and application behavior. Continuous security inspection — uses deep and ongoing inspection of all application traffic, even for allowed connections to help prevent threats, including zero-day threats. Protection of all data — provides consistent control of data across all applications, including private applications and SaaS applications, with a single data loss prevention (DLP) policy. Security for all applications — consistently secures all types of applications used across the enterprise, including modern cloud native applications, legacy private applications and SaaS applications. In a new report, John Grady, ESG senior analyst, said: "[F]irst-generation/ZTNA 1.0 solutions fall short in many ways on delivering on the promise of true zero trust. In fact, they grant more access than is desired. What's more, once access is granted in ZTNA 1.0 solutions, the connection is implicitly trusted forever, allowing a handy exploit route for sophisticated threats and/or malicious actions and behavior." Grady also said, "It is time to embrace a new approach to ZTNA, one that has been designed from the ground up to meet the specific challenges of modern applications, threats, and a hybrid workforce." "Securing today's hybrid workforce, with an increase in cloud and mobile technologies and evolving requirements, can be complicated," said Jerry Chapman, engineering fellow, Optiv. "Rethinking Zero Trust is essential for modern, hybrid organizations to prevent threats. Together with Palo Alto Networks, we're advising our customers to incorporate ZTNA 2.0 principles like continuous review of identity and connection across their domains to stay secure." New Prisma Access Capabilities Palo Alto Networks Prisma Access is the industry's only solution that meets today's ZTNA 2.0 requirements. Prisma Access protects all application traffic with best-in-class capabilities while securing both access and data. New additions to Prisma Access announced today add the following capabilities: ZTNA connector — simplifies the process of onboarding cloud native and traditional applications into the service, helping make ZTNA 2.0 easier to deploy and more secure. The industry's only unified SASE product — providing a common policy framework and data model for all SASE capabilities, managed from a single cloud management console. Self-serve autonomous digital experience management (ADEM) — helps proactively notify users of issues that require prompt attention and provides them with guidance on how to remediate. Availability Prisma Access is generally available today with full support for ZTNA 2.0. The new ZTNA connector, unified SASE, and self-service ADEM will be available in the next 90 days. About Palo Alto Networks Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

Read More

DATA SECURITY

HackNotice Releases First-Ever Combined Security and Threat Awareness Service for Free

HackNotice | February 07, 2022

HackNotice, the world's leading threat awareness company, announced the first-ever security and threat awareness combined service, accessible to new and existing users. The added security awareness training course enables individuals to deepen their understanding of good cyber hygiene practices. The course offers 50 training videos, a security exam, and a certification. Cybersecurity training is mostly offered to company employees, often costing hundreds of thousands of dollars for intensive, week-long seminars and lectures. However, having good security awareness is vital for any individual. The newly released self-paced course ensures that anyone online can learn good cyber practices. "What makes the combined service great is that our threat modeling and security awareness course work together. When someone faces a large amount of personal information exposure, we recommend more phishing training. When someone has several passwords stolen, we have them focus on our password training. Now, users can receive the critical training that they need instantly, tailored to their specific risks," Steve Thomas, CEO, and Co-Founder of HackNotice For customers of HackNotice Teams, HackNotice's security and threat awareness service, the new course is an excellent addition for companies looking to strengthen their enterprises' security programs. Quick, in-the-moment, lessons are a perfect way to engage employees and business departments within the organization. Clients can also access dynamic reports to see user and departmental progress, and areas of improvement. About HackNotice Hacknotice is the only company-wide threat awareness platform, making employees more cautious online. Users monitor, review, and take swift actions against their real cyber-threats. The platform focuses on bridging the gap between security teams and other employees through real-time alerts, around-the-clock monitoring, recovery recommendations, and additional education. HackNotice's mission is to make all employees threat aware, creating a resilient culture of security.

Read More

DATA SECURITY

Armis Selects Radware to Deliver Cloud Security for AWS

Radware | December 30, 2021

Radware a leading provider of cyber security and application delivery solutions, today announced that Armis, a leading unified asset visibility and security platform provider, chose Radware’s Cloud Native Protector to safeguard its Amazon Web Services (AWS) environment. This born-in-the-cloud business adopted Radware’s solution to fortify its cloud security posture and identify potential vulnerabilities before they evolved into threats. Armis’ security platform enables companies to safely use and control IoT and other unmanaged devices without fear of compromise by cyberattacks. Armis was looking for a solution that would give its DevOps team full visibility and control of its public cloud environment. The company turned to Radware to make it easier for its team to remotely track assets, supervise access to sensitive resources, and detect suspicious activity. “The Radware team understands that we are a dynamic company with requirements that are constantly changing,” said Roi Amitay, head of DevInfra at Armis. “Radware’s Cloud Native Protector plays an essential role in securing our cloud environment. It helps us see our full cloud picture and focus on what matters most. Radware provides trusted products and support, making this the best solution for our company.” Radware’s solution enhances the visibility and control Armis has over its public cloud environment. It automates manual analysis and notifies Armis about any publicly exposed assets and potential cyberattacks to help the company prioritize its work. “Cloud-native companies like Armis have unique and constantly shifting security requirements that need specialized solutions,Our Cloud Native Protector not only secures Armis’ cloud workloads but also is continually assessing risks and improving visibility and governance of their cloud.” Gilad Barzilay, director of public cloud sales at Radware Radware’s Cloud Native Protector is an agentless solution that provides centralized visibility and reporting for workloads and accounts on AWS and Microsoft Azure. Its intuitive 360-degree centralized dashboard shows alerts across accounts and clouds with risk-prioritized alerting so that security teams know which alert to focus on first. Using a multi-layered approach that covers a wide security posture of the cloud and threats to individual workloads, the solution also identifies and prevents public exposure of public facing assets, cloud security misconfigurations, excessive permissions, and malicious activity in the cloud. About Radware Radware is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

Read More

Spotlight

Ce n'est un secret pour personne. Le travail virtuel a déjà un impact significatif sur la façon dont les employés travaillent et génèrent de la valeur. Et plus d'entreprises que jamais emboîtent le pas. Lisez cet eBook pour découvrir pourquoi:

  • 50 % des entreprises ont dépensé plus pour les technologies mobiles et le travail virtuel au cours des trois dernières années.
  • Oxford Economics estime que ce chiffre passera à 70 % au cours des trois prochaines années.
  • Il n’est pas trop tard pour investir dans des Digital Workspaces sécurisés qui protègent les données et favorisent la productivité des employés.

Resources