Cisco to showcase Security Everywhere strategy at GISEC 2016

Cisco announced its participation in the Gulf Information Security Expo & Conference (GISEC 2016) which will be held at Dubai World Trade Centre from 29th to 31st March 2016.

The company aims to showcase and deliver its strategy of Security Everywhere – from the cloud, network and endpoints with new security products and features and a threat awareness service as organisations execute on their digital transformation.

According to Cisco, they will be extending Security Everywhere with new capabilities and services that deliver greater visibility, context and control from the cloud to the network to the endpoint, for organisations of all sizes. At GISEC 2016, the company will demonstrate and showcase how its products and solutions can support its customers safely and securely through digital transformation and how they can weave in the security techniques and deployment as part of it. The value of Cisco architecture is its emphasis on embedding security spanning the extended network – including routers, switches and the data center – closing gaps across the attack continuum – before, during and after – and significantly reducing time to detection and remediation.

5 things you should know about cyber insurance

Credit: Shutterstock

The right coverage can help soften the blow of a data breach. But don't expect to be bailed out if your security plan is flawed. Security

When Sony Pictures disclosed last November that hackers had plundered its networks and accessed virtually all of its data assets, loss estimates for the company ran from the tens of millions of dollars to the hundreds of millions. Similar data breaches at TJX andHeartland had cost each company well over $100 million, and there was little to indicate that Sony would fare any better.

So when CEO Michael Lynton disclosed in a media interview earlier this year that Sony's intrusion-related costs would be almost entirely paid for by insurers, the news renewed attention on the topic of cyber insurancein a major way.

5 tips for better enterprise security

Do your security policies and procedures actually promote better security, or is your company only looking for known malware and ignoring the human factor? It’s a tricky balancing act that trips up many organizations.

The recent spate of data breaches at major U.S. organizations has raised questions about how effective current security tools and approaches are when it comes to dealing with emerging threats.

Private and public enterprises have spent tens of billions of dollars to bolster security over the past decade, yet malicious attackers consistently succeed in evading whatever roadblocks are thrown their way.

The trend has led many organizations to embrace a back-to-basics approach focused equally on people, processes and technology. Rather than viewing the security function as a bothersome cost of doing business, a growing number of organizations see it as a strategic enabler of new initiatives.

"Security and product development are not mutually exclusive," says Ron Green, MasterCard's chief information security officer. "We don't look at security as being a siloed responsibility."

Qatar: Google, Facebook, Vodafone hacked by Syrian Electronic Army

Instead of attacking websites from the front, hackers generally use DNS Hijacking to cut the root of any website. Syrian Electronic Army-a group of Syrian hackers, shows a latest example of this.

SEA compromised the Qatar domain registrar “registry.qa” and defaced major websites include Google, Vodafone, Facebook, Qatar govt. website and many others.

All of the websites were defaced with a same page, which shows pic of Syrian president bashar al-assad and SEA official Logo, below is the screenshot we took from google.com.qa:

Apple Developer website outage was due to intruder access attempt

Foreign VPNs raise the bar against US government spying

 Foreign providers of virtual private networks trying to cash in on recently uncovered U.S. government surveillance can increase the level of secrecy of Web activity, experts say.

However, no VPN vendor, foreign or domestic, sells a bulletproof defense against government snooping, given the resources and sophistication of spy agencies. However, using a service outside the U.S. does make the task of tracking and logging someone's Web activity more difficult.

Privacy jitters reached new heights last month following reports that the U.S. National Security Agency is collecting massive amounts of private data on citizens from telephone and Internet companies, such as Verizon, Google, Facebook and Microsoft. The court-approved data gathering is legal under the post-9/11 Patriot Act.

A VPN is essentially an encrypted tunnel between a computer and the service provider, which effectively hides the customer's IP address and Web activity.

Hackers claim attack on global phone directory firm Truecaller

The Syrian Electronic Army (SEA), known for their pro-Assad stance when it comes to Syria's turmoil and their previous attacks in support of it, claimed this week to have taken databases from Truecaller. Truecaller is a company based in Sweden that operates one of the world's largest phone directories - that relies on users sharing their mobile address books to operate. They boast more than 20 million users worldwide, most of them in the Asian, Middle Eastern, European, and American markets.

The SEA's claim was made on Twitter, where the group disclosed the database name, database username, as well as password. In all, they claimed to have downloaded seven databases containing more than 500GB of data, including the main database on the company's website, which is more than 450GB in size. Access to the data, the group said, was due largely in part to Truecaller's outdated WordPress installation.

Black Hat: Top 20 hack-attack tools

pcoming Black Hat conference is a goldmine of tips for hacking just about anything.

Network World - Turn someone else’s phone into an audio/video bug. Check.

Use Dropbox as a backdoor into corporate networks. Check.

Suck information out of pacemakers. Check.

The Black Hat conference convening in Las Vegas next week offers hacker tools for all of those plus more.

[LOOKING BACK: 10 scariest hacks from Black Hat and Defcon

QUIZ: Black Hat's most notorious incidents 

MUST SEE: 10 more of the world’s coolest data centers] 

Intended to provide good-guy researchers with tools to test the security of networks and devices, the free tools distributed at the conference can also be used by the bad guys to break into networks, steal data and thwart defenses designed to expose malware halt attacks.

Network heavy hitters to pool SDN efforts in OpenDaylight project

Cisco, VMware, HP and most other major vendors will contribute to the open-source software-defined networking group

Software-defined networking, a set of technologies to help networks better adapt to user needs with less manual effort, may at last be getting the common foundation it has needed for interoperability and efficient development.

Most of the major vendors working on SDN have joined in on OpenDaylight, a project being announced on Monday that will develop an open-source SDN framework. The vendors, which include Cisco Systems, VMware, Juniper Networks and Ericsson, will contribute software and engineers to the effort, according to Jim Zemlin, executive director of the Linux Foundation, which is hosting the project.

[ FOLLOW-UP: Skeptcism follows Cisco-IBM led OpenDaylight SDN consortium

BACKGROUND: Network administrators look to SDN with hope, concern 

OPINION: OpenDaylight: the next Penguin? ]

With OpenDaylight, the networking industry will take the same approach to developing its next generation of technology as the big-data sector did with Hadoop or Web browsers with WebKit, Zemlin said. It will be a vendor-neutral group that no single member can dominate and in which "the best code can win," he said. By pooling code and engineering effort to build core infrastructure software, vendors will free up their own research and development resources to build value-added products on top of it.

How the world's largest cyberattack slows down your Internet use

A fight between anti-spam group Spamhaus and a Dutch web-hosting company has escalated into a large-scale DDoS attack

Websites take longer to load. Netflix cuts out. Normally you can blame those annoyances on a slow Internet connection speed, but this week, it's the result of the largest global cyberattack in history.

[BACKGROUND: DDoS attack against Spamhaus was reportedly the largest in history]

The European nonprofit spam filtering company Spamhaus reportedly is fending off DDoS, or distributed denial-of-service attacks, that briefly took the site offline (it is now back up) and is causing widespread congestion on the Web.

Spamhaus creates blacklists of servers that spammers use to send messages for e-mail providers, so providers can then filter spam for their users. The company had recently added the Dutch website hosting company CyberBunker and its ISP, A2B Internet, to its list.

The attack began March 18. Spamhaus was overwhelmed with traffic in a clear DDoS attack, and turned to the security team at CloudFlare to get the site back up and running. CloudFlare disclosed the technical details of the attack on March 20.

Authorities bust global credit card fraud network targeting POS terminals and ATMs in Europe

The criminal group rigged POS devices in European shopping centers with rogue card readers and malware, Europol said

A global credit card fraud network was shut down on Thursday as the result of an international police operation called "Pandora-Storm" that saw the participation of 20 law enforcement agencies from Europe, America and Australia, Europol announced,

The organized crime group stole credit and debit card details and PIN codes by manipulating point-of-sale (POS) terminals in big shopping centers across Europe using sophisticated methods, the European law enforcement agency said Thursday in a press release.

[ IN THE NEWS: Researchers uncover vSkimmer malware targeting point-of-sale systems]

Members of the group used the stolen data to create counterfeit payment cards that were then used for illegal transactions outside of Europe, in countries like the U.S., Argentina, Colombia, the Dominican Republic, Japan, Mexico, South Korea, Sri Lanka and Thailand.

DDoS attack against Spamhaus overhyped, says website watcher Keynote

While agreeing DDoS speed was high, Keynote Systems says news media went too far in saying there was a 'slowdown' on entire Internet

 Much of the news reporting about the massive denial-of-service attack against anti-spam service Spamhaus over the past week or so went way too far in describing it as creating a slowdown on the Internet itself, says one company monitoring website performance.

The massive distributed denial-of-service (DDoS) attack on Spamhaus -- which has many enemies as it seeks to stop Internet spam -- was a stunning event in that at some point the DDoS attack reached 300 billion bits per second, which likely does make it the most intense DDoS attack in history in terms of sheer speed. But when many in the media somehow ended up reporting that this DDoS attack last week caused a global slowdown, that was simply wrong, says Keynote Systems, which does global monitoring of websites for performance.

[ BACKGROUND: DDoS attack against Spamhaus was reportedly the largest in history ]

The hundreds of websites that Keynote monitors showed no performance changes that were out of the ordinary at all, says Aaron Rudger, senior market manager at Keynote, which went back and closely compared U.S. Web performance to European performance to see if it could find evidence to support all these Internet slowdown assertions heard in both the European and U.S. the media.

Several news stories from the United Kingdom suggested that the whole Internet was ready to collapse. That idea was widely echoed in the U.S. news media as well.

VCs Jumping Back Into Security Investments

FireEye, Imperva, Palo Alto Networks and SilverTail success stories driving more interest in funding security startups.

It’s a herd mentality out on Sand Hill Rd. Over the past few years, VCs shied away from many infrastructure and security companies, preferring to bet on cloud computing, mobile computing, and social networking startups.

Now that these markets are saturated and somewhat stagnant, VCs have returned to the information security market like the swallows of Capistrano. According to PWC and the National Venture Capital Association, security funding in 2012 was up 60% over dollars committed in 2010. Judging by the crowds at the RSA Conference in February, I’m sure that VC investment will grow precipitously in 2013 as well.

Yup, security-focused VCs are busier than a Sommelier at Madera in Menlo Park. Why the change of heart? Money. The Sand Hill Road phat cats are willing to bet on security because they see:

• IPO success stories. Imperva, PAN, and Qualys have all gone public over the last few years while FireEye is warming up in the on-deck circle. Few, if any, other technology sectors share this kind of success.

Network Security Trumps Server Security in the Enterprise

Purchasing behavior and security organization focus has broad market implications

There is a historical conundrum in cybersecurity about where to concentrate security skills, controls, and oversight. Hackers penetrate networks in order to compromise hosts and steal data. Given this obvious workflow, should CISOs focus security resources on networks, hosts, or a balanced combination of both?

ESG recently posed this question to 395 security professionals working at mid-market (i.e. 100 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations. The results are extremely interesting:

• 58% said that network security processes, skills, and technical controls are “much more thorough” or “somewhat more thorough” than server security processes, skills, and technical controls.

• 37% said that network security processes, skills, and technical controls are no more or less thorough than server security processes, skills, and technical controls.