Should Facial Recognition be Used to Identify Individuals with Coronavirus?

Security Magazine | March 20, 2020

Facial recognition companies are seeing opportunity in their services with the Coronavirus in identifying individuals without the risk of close contact, according to OneZero. DERMALOG, a biometrics company that makes fingerprint, iris, and facial recognition hardware, has adapted its technology to determine temperature and is pitching the update as a safety feature, says the news report. Telpo is launching temperature-sensing terminals with facial recognition, which allegedly work even if a person is wearing a face mask. “In the face of this outbreak, we have developed a solution for noncontact body temperature measurement plus face recognition in order to meet the rapid need to diagnose the patient and isolate and control the virus in time,” Crystal Chu, a platform marketing specialist at Telpo, wrote to OneZero in an email.

Spotlight

Facing today's continuous changes and adjustments - how can companies avoid the risk of their IT architecture beginning to crumble around them? Which security modules might close gaps, replace critical elements and reestablish stability? msg Information Security offers consulting for each and every situation


Other News
DATA SECURITY

Rubrik Launches Rubrik Security Cloud to Secure Data, Wherever it Lives, Across Enterprise, Cloud, and SaaS

Rubrik | May 18, 2022

Rubrik, the Zero Trust Data Security™ Company, today announced Rubrik Security Cloud to secure customers’ data, wherever it lives, across enterprise, cloud, and SaaS. Ransomware is on the rise and cyberattacks are getting more sophisticated. Despite investments in infrastructure security tools, cybercriminals are still getting through to the data. And when they take the data down, they take down the entire business. It’s time for a new approach. The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data. Rubrik is a pioneer in data security and the Rubrik Security Cloud delivers three unique capabilities: Data Resilience: Safeguards data by providing immutable, logically air-gapped data protection with multi-factor authentication-based access control. Data Observability: Continuously monitors risks and investigates threats to data including Ransomware Monitoring and Investigation powered by machine learning to detect data anomalies, encryptions, deletions, and modifications; Sensitive Data Monitoring to find and classify the most sensitive data, and assess exfiltration risk; and Threat Monitoring and Hunting to identify indicators of compromise and find the last known clean copy of data. Data Recovery: Quickly contains threats and recovers data, whether it’s a file, application data or a mass recovery for the entire organization. Rubrik’s new Threat Containment capability quarantines malware and restricts user access to infected data to support safer recovery. As organizations continue to struggle with cyberattacks that compromise data, Rubrik also launched the Data Security Command Center to easily assess whether data is safe and capable of being recovered from a cyberattack. Now, customers can see which data is at risk and get recommendations to make their data more secure. “Every company in the world is vulnerable as cybercriminals get more savvy every day. With Rubrik Security Cloud, we are strengthening customers' defenses so they can secure their business across enterprise, cloud, and SaaS workloads. Our data security platform enables our customers to defend their data, recover quickly, and prevail in this new cyber landscape.” Bipul Sinha, Rubrik CEO and co-founder “INTEGRIS Health is proud to be the largest not-for-profit health care system in Oklahoma, with eighteen hospitals in our network and more than a million patients that rely on us every year for their health care needs. With the expansive network we support, it’s paramount that our data is resilient, and we maintain a strong data security posture to keep our hospital moving. As a CIO, I believe Rubrik is an important service and helps us provide excellent patient care. As a Rubrik customer, we’re thrilled to see the continued innovation with Rubrik Security Cloud and the company’s ongoing focus on keeping customer data safe and making it easy to recover in the face of cyber-attacks, like ransomware,” said Bill Hudson, CIO of INTEGRIS Health. "NJ TRANSIT delivered more than a quarter of a billion annual passenger trips before the pandemic and is responsible for our riders’ safety, mobility, and livelihoods every day. It’s imperative that nothing interrupts our business, so we’ve prioritized a strong data security strategy in partnership with Rubrik. We’re committed to the ongoing and necessary work that gives our data resilience and helps us reduce our risk as we face ever evolving, and inevitable, cyber threats,” said Rafi Khan, CISO of NJ TRANSIT. Research and Development Fuels Additional Capabilities As part of Data Observability, Sensitive Data Discovery for Microsoft 365 discovers and classifies sensitive data within Microsoft 365 to better assess risk and help maintain compliance with regulations. These latest integrations build on the joint collaboration between Rubrik and Microsoft. Last year, Rubrik Cloud Vault built on Microsoft Azure was launched to help customers better defend against cyberattacks using a fully managed, secure and isolated cloud vault service. Since launch, Rubrik has seen strong demand for Rubrik Cloud Vault across key industries including Healthcare and Life Sciences, Manufacturing, State and Local Government, and Financial Services as customers build Zero Trust solutions to defend against and recover from ransomware. “Businesses need a data resiliency strategy to keep their data secure in the face of escalating cyber threats,” said Jurgen Willis, Vice President Microsoft Azure. “Rubrik's Security Cloud, which builds on integrations with Rubrik Cloud Vault and Microsoft Azure, will help customers accelerate their Zero Trust journey.” Rubrik Security Cloud is available now and new enhancements will be available in the months ahead. About Rubrik Rubrik, the Zero Trust Data Security™ Company delivers data resilience, data observability, and data recovery for organizations. Rubrik keeps your data safe and easy to recover in the face of cyber attacks and operational failures. Now you can recover the data you need, however and whenever you need it to keep your business running.

Read More

SOFTWARE SECURITY

Bluum Launches Comprehensive Cybersecurity Offering to Schools

Bluum | June 14, 2022

Bluum, North America's leading education technology solutions provider, recently announced the launch of a comprehensive cybersecurity offering to schools. Cybersecurity needs and solutions for schools have evolved in recent years – even beyond those brought about by hybrid and remote learning – so Bluum responded with security solutions for people, processes and technology. According to the SecurityScorecard 2018 report, education ranks last out of 17 industries in terms of cybersecurity, demonstrating that a legacy solution that only includes a first-generation firewall and antivirus software has long been rendered obsolete. Since 2016, there have been more than 1,300 publicly disclosed attacks in the U.S., which averages out to more than one K-12 cyber incident per school day. More than three million students have been affected by cybersecurity breakdowns since February 2018, with education institutions spending an average of $2.73 million to address the impact of a ransomware attack. "With limited budgets, highly skilled IT personnel and time, K-12 organizations are hard-pressed to create a solid cybersecurity plan. "Cybersecurity is an incredibly technical and extensive area in IT that is rapidly evolving and needs to stay ahead of ever-evolving attack methods. Historically, school IT budget constraints have resulted in ineffective and outdated systems, so Bluum has developed comprehensive countermeasures to fill that void." Bluum Vice President of Product Strategy and Growth Andre Vashilko Whether cybersecurity incidents are caused externally or self-inflicted, Bluum can assist in preventative measures before, during and after the incidents and attacks. To get started, Bluum has debuted easy-to-use services to help schools assess their cybersecurity needs and identify immediate and future solutions. Vulnerability scans and penetration testing will detect critical areas of concern and exposure in the infrastructure, while a complementary customer survey will provide further insights into a school's specific needs. About Bluum Bluum empowers educators with technology solutions that improve learning and make it more accessible, assisting more than 27 million students grow and flourish.

Read More

SOFTWARE SECURITY

ZeroEyes Announces Partnership with Veteran-Owned Cybersecurity Firm Layer 8 Security

Layer 8 Security | February 02, 2022

ZeroEyes, Inc., creators of the only AI-based video analytics platform focused solely on gun detection, is proud to announce its partnership with Philadelphia-based company, Layer 8 Security. Layer 8 Security is a cybersecurity consulting and technical services firm that arms organizations with practical security, compliance, and privacy strategies. Starting in 2022, Layer 8 Security will assist ZeroEyes with the company's information security certifications. Both companies are veteran-founded, owned, and operated, and are part of the Veterans Business Referral Network with over 200 members in the Greater Philadelphia area. In addition to the local connections, both companies are well-known on the national stage for being leaders in their respective disciplines. "I've known members of the ZeroEyes team for years,ZeroEyes' focus on gun detection and physical security complements our focus on being the 'sheepdogs,' protecting people in any way we can. In our case our focus is on data privacy and protecting businesses from hackers. I'm excited to leverage our shared goals as veterans helping veterans." Kevin Hyde, President and Co-Founder at Layer 8 Security "Layer 8 Security and ZeroEyes are both focused on security and building veteran-owned businesses," adds ZeroEyes' Chief of Staff, Kieran Carroll. "We're excited to support Layer 8 Security in their mission and appreciate their services in securing our own business." About ZeroEyes ZeroEyes is the industry's leading AI-based weapons detection solution. Our software integrates into existing security camera systems and sends out a series of alerts when a verified gun is detected via our best-in-class weapons detection algorithms. Founded by a team of Navy SEALs and military veterans with over 50 years of military experience with deep special operations and intelligence community expertise, ZeroEyes is the trusted weapons detection provider of numerous clients, including the US Department of Defense, leading public K-12 school districts, commercial property groups, Fortune 1000 corporate campuses, shopping malls, and big-box retail. About Layer 8 Security Layer 8 Security is a cybersecurity consulting, advisory, and technical services firm that arms organizations with practical security, compliance, and privacy strategies. Today's business environment requires seamless integration with third-party vendors, clients, and partners. Layer 8 Security ensures your information ecosystem is secure, compliant, and resilient to the severity and frequency of a disruption resulting from a cyber attack.

Read More

DATA SECURITY

Red Hat Unveils New Levels of Security from the Software Supply Chain to the Edge

Red Hat | May 11, 2022

Red Hat, Inc., the world's leading provider of open source solutions, today announced new security innovations and capabilities across its portfolio of open hybrid cloud technologies. Designed to help organizations mitigate risks and meet compliance requirements across increasingly complex IT environments that mix cloud services, traditional systems and edge devices, these enhancements are intended to minimize complexity, while helping customers improve their security posture and enable DevSecOps. According to Red Hat’s 2021 Global Tech Outlook report, 45% of respondents put IT Security as their top funding priority. IT security, however, is not a static demand - regulatory controls, compliance demands and threat actors shift on an almost daily basis, requiring almost constant vigilance from IT security teams. Red Hat has long been a leader in security for enterprise open source solutions, beginning with Red Hat Enterprise Linux, viewing security as a fundamental component and not an add-on. KuppingerCole Analysts recently recognized Red Hat as the Overall Leader in its Leadership Compass for Container Security. According to KuppingerCole’s evaluation, “With a massive market presence and proven expertise in container management, enhanced by the recent acquisition and integration of StackRox, a leading container security company, Red Hat is recognized as the Overall Leader in this Leadership Compass.” With today’s news, Red Hat continues a relentless march of innovation to advance security across hybrid cloud environments—from on-premises to multi-cloud to the edge—across the entire technology lifecycle and software stack. Enhancing software supply chain security Securing applications from development through the entire lifecycle can be complex and frequently requires multiple components to work together. To help simplify the process of implementing security features throughout the complete build, deploy and run process, Red Hat is introducing a software supply chain security pattern. Delivered via Red Hat OpenShift, patterns deliver complete stacks as code and define, build and test the necessary software configurations. Available as a preview, the software supply chain security pattern will bring together the necessary components to architect cloud-native applications from trusted components. The pattern uses a Kubernetes-native, continuously-integrated pipeline through Red Hat OpenShift Pipelines and Red Hat OpenShift GitOps for version control, helping to reduce complexity and save time. Additionally, through Tekton Chains, the pattern will incorporate Sigstore, an open source project aimed at making cryptographic signing of code more accessible. This addition makes it easier for artifacts to be signed in the pipeline itself rather than after application creation. In addition, in Red Hat Ansible Automation Platform 2.2, Red Hat is introducing a technical preview of Ansible content signing technology. The new capability helps with software supply chain security by enabling automation teams to validate that the automation content being executed in their enterprise is verified and trusted. Enhancing application security lifecycle from the datacenter to the edge As organizations adopt cloud-native architectures, the core enterprise needs for hardened environments, lowered attack surfaces and faster detection and response to threats remain. Applications running outside of traditional IT environments, including at the edge, introduce further security requirements that compound these already complex challenges. Beyond the physical security requirements of edge devices, CIOs and IT decision-makers are increasingly seeing a need to protect the container workloads running on these devices. An example could be implementing strategies and capabilities to prevent the lateral movement of potential attacks or breaches across edge deployments. Red Hat Advanced Cluster Security for Kubernetes brings a deployment-ready answer to these concerns, with key capabilities to protect edge workloads, including: Automated DevSecOps in the CI/CD pipeline to help protect the software supply chain for edge environments through vulnerability management, application configuration analysis and CI/CD integration Threat protection provides threat detection and incident response capabilities at runtime for common threats Network segmentation to enforce workload isolation, analyze container communication and detect risky network communication paths Integrated security starts with the operating system In the 2022 Gartner® Board of Directors Survey, 88% of board members classified cybersecurity as a business risk; just 12% called it a technology risk.1 The broad ramifications of a cyber attack or data breach have led to increased scrutiny across IT environments by investors and regulators alike. Fortifying IT environments against these potentially damaging incidents is critical, and Red Hat believes that this effort starts at the foundation, at the operating system level, with Red Hat Enterprise Linux. Red Hat Enterprise Linux 9 lays the foundation for runtime integrity verification of the operating system and application files by providing file digital signatures within RPM packages. The platform uses integrity measurement architecture (IMA) at the kernel level to verify individual files and their provenance. IMA file verification specifically helps to detect accidental and malicious modifications to systems, providing more remediation capabilities for security teams in addressing potential issues or breaches. Additional key security features in Red Hat Enterprise Linux 9 include: Enhanced security around root privileges by disabling root login via SSH by default. This helps to prevent the discovery of root passwords through brute force attacks and improving baseline security postures of an operating environment. Support for latest cryptographic frameworks with the integration of OpenSSL 3. This enables IT teams to enact new ciphers for encrypting and protecting sensitive information. Bolstered security best practices by disabling the cryptographically-broken SHA-1 hash function by default for digital signature, driving improved security hygiene. Additionally, Red Hat and IBM Research are collaborating around expanding the core security aspects of the Linux kernel, such as through support for signing and verifying elliptic curve digital signatures. This work expands the algorithms supported and reduces the size of digital signatures used throughout the Linux kernel. About Red Hat, Inc. Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Read More

Spotlight

Facing today's continuous changes and adjustments - how can companies avoid the risk of their IT architecture beginning to crumble around them? Which security modules might close gaps, replace critical elements and reestablish stability? msg Information Security offers consulting for each and every situation

Resources