Turbotodd

Ruminations on IT, the digital media, and some golf thrown in for good measure.

Archive for the ‘cybersecurity’ Category

New IBM Mainframe Users in New Era of Data Protection

leave a comment »

IBM today unveiled IBM Z, the next generation of the IBM mainframe, capable of running more than 12 billion encrypted transactions per day.

The new system also introduces a breakthrough encryption engine that, for the first time, makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time.

IBM Z’s new data encryption capabilities are designed to address the global epidemic of data breaches, a major factor in the $8 trillion cybercrime impact on the global economy by 2022.

Of the more than nine billion data records lost or stolen since 2013, only four percent were encrypted, making the vast majority of such data vulnerable to organized cybercrime rings, state actors and employees misuing access to sensitive information.

You can learn more about the new IBM Z system here.

Written by turbotodd

July 17, 2017 at 2:31 pm

The Petya Attack

leave a comment »

Another big ransomware attack is coming…has already arrived??

From The Verge: A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month’s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport. Systems were also compromised at Ukraine’s Ukrenego electricity supplier, although a spokesperson said the power supply was unaffected by the attack.

From Krebs on Security: A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain….Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker group calling itself the Shadow Brokers….Organizations and individuals who have not yet applied the Windows update for the Eternal Blue exploit should patch now. However, there are indications that Petya may have other tricks up its sleeve to spread inside of large networks.

The Guardian is reporting that “Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom.”

The New York Times on what we know and what we don’t.

And from IBM’s X-Force Exchange: Petya Ransomware Campaign.

Written by turbotodd

June 27, 2017 at 4:14 pm

IBM Opens European X-Force Command Center In Poland

leave a comment »

IBM Security today announced the official opening of its modernized European IBM X-Force Command Center based in Poland.

The center has new cognitive capabilities, including IBM Watson for Cybersecurity, and expanded data localization services designed to help address clients’ preferences and GDPR requirements.

Located in Wrocław, Poland, the center joins the global network of IBM X-Force Command Centers, which process upwards of one trillion cyber incidents each month, helping to protect 4,500 clients across 133 countries.

This global network is staffed by over 1,400 security professionals who provide around the clock service to clients. The IBM X-Force Command Center in Poland builds upon IBM’s $200 million investment in incident response capabilities announced last year.

The key areas of focus for the IBM X-Force Command Center in Poland are supporting clients in responding to cybersecurity incidents and serving as the hub in the company’s global network for GDPR expertise and specialized services.

Through the center, IBM will be able to offer clients the option of managing their security data via IBM staff and infrastructure in Europe. IBM X-Force analysts and experts will also help clients with expedited incident response reporting, which could aid clients with the data breach notification requirement of the GDPR.

According to the 2017 IBM X-Force Threat Intelligence Index, which surveys cyber security trends, 2016 saw a dramatic increase in records compromised, from 600 million to more than 4 billion incidents of illegally acquired records, climbing 566% from 2015. 

Analysts warn that the problem will be exacerbated, as the number of incidents within the next 5 years is expected to double. These statistics expose the companies to hefty potential losses, with the average total cost of a data breach amounting to $4 million.

The newly-launched IBM X-Force Command Center in Wrocław is staffed by world-class security professionals who will use cognitive technologies like Watson for client services, including chat sessions and data delivery, as well as Watson for Cyber Security to quickly address cyber security events.

The new center has expanded its space by nearly three times, while client engagement spaces have also been modernized to include telepresence systems. IBM analysts will be working in a modern space designed to promote an agile work environment, including new workstations which enable better communication between employees.

Wroclaw Center’s services can now be provided under the EU delivery model, which implies that the client’s data will not be moved outside of the European Union.

For more information on or to arrange a visit to the IBM X-Force Command Center visit http://www.ibm.com/security/xforcecommand.

Written by turbotodd

June 19, 2017 at 9:09 am

One Login, One Hack

with 2 comments

Here’s a wake-up call for your Friday morning: Password manager OneLogin has been compromised.

ZDNet’s reporting that hackers now have the ability to decryp encrypted data and that all users served by US data centers are affected.

In a later update, OneLogin posted this:

“Our review has shown that a threat actor obtained access to a set of [Amazon Web Services, or AWS] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US.”
– via ZDNet

ZDNet goes on to indicate that OneLogin “has advised customers to change their passwords, generate new API keys for their services, and create new OAuth tokens — use for logging into accounts — as well as to create new security certificates.”

If you’d like to follow recent cyberattacks by month, visit the IBM X-Force tracker here.

Written by turbotodd

June 2, 2017 at 9:23 am

Cisco and IBM Partner to Improve Cyber Security

leave a comment »

Cisco and IBM Security today announced they are working together to address the growing global threat of cybercrime.

In a new collaboration, Cisco and IBM Security will work closely together across products, services and threat intelligence for the benefit of customers.

Cisco security solutions will integrate with IBM’s QRadar to protect organizations across networks, endpoints and cloud. Customers will also benefit from the scale of IBM Global Services support of Cisco products in their Managed Security Service Provider (MSSP) offerings.

The collaboration also establishes a new relationship between the IBM X-Force and Cisco Talos security research teams, who will begin collaborating on threat intelligence research and coordinating on major cybersecurity incidents.

One of the core issues impacting security teams is the proliferation of security tools that do not communicate or integrate. A recent Cisco survey of 3,000 chief security officers found that 65 percent of their organizations use between six and 50 different security products.

Managing such complexity is challenging over-stretched security teams and can lead to potential gaps in security. The Cisco and IBM Security relationship is focused on helping organizations reduce the time required to detect and mitigate threats, offering organizations integrated tools to help them automate a threat response with greater speed and accuracy.

“In cybersecurity, taking a data-driven approach is the only way to stay ahead of the threats impacting your business,” said Bill Heinrich, Chief Information Security Director, BNSF Railway. “Cisco and IBM working together greatly increases our team’s ability to focus on stopping threats versus making disconnected systems work with each other. This more open and collaborative approach is an important step for the industry and our ability to defend ourselves against cybercrime.”

Integrating Threat Defenses Across Networks and Cloud

The cost of data breaches to enterprises continues to rise. In 2016, the Ponemon Institute found for companies surveyed the cost was at its highest ever at $4 million – up 29 percent over the past three years.

A slow response can also impact the cost of a breach – incidents that took longer than 30 days to contain cost $1 million more than those contained within 30 days. These rising costs make visibility into threats, and blocking them quickly, central to an integrated threat defense approach. 

The combination of Cisco’s best-of-breed security offerings and its architectural approach, integrated with IBM’s Cognitive Security Operations Platform, will help customers secure their organizations more effectively from the network to the endpoint to the cloud.

As part of the collaboration, Cisco will build new applications for IBM’s QRadar security analytics platform. The first two new applications will be designed to help security teams understand and respond to advanced threats and will be available on the IBM Security App Exchange.

These will enhance user experience, and help clients identify and remediate incidents more effectively when working with Cisco’s Next-Generation Firewall (NGFW), Next-Generation Intrusion Protection System (NGIPS) and Advanced Malware Protection (AMP) and Threat Grid.

In addition, IBM’s Resilient Incident Response Platform (IRP) will integrate with Cisco’s Threat Grid to provide security teams with insights needed to respond to incidents faster. For example, analysts in the IRP can look up indicators of compromise with Cisco Threat Grid’s threat intelligence, or detonate suspected malware with its sandbox technology. This enables security teams to gain valuable incident data in the moment of response.

“Cybercrime is expected to cost the world $6 trillion annually by 2021. This is why IBM has been a proponent of open collaboration and threat sharing in cybersecurity to change the economics for criminals,” said Marc van Zadelhoff, general manager, IBM Security. “With Cisco joining our immune system of defense, joint customers will greatly expand their ability to enhance their use of cognitive technologies like IBM Watson for Cyber Security. Also, having our IBM X-Force and Cisco Talos teams collaborating is a tremendous advantage for the good guys in the fight against cybercrime.”

You can learn more about IBM Security solutions here.

Written by turbotodd

May 31, 2017 at 8:56 am

IBM Launches Cybersecurity Skills Initiative

leave a comment »

IBM Security today announced an initiative to help address the projected 1.8 million-person cybersecurity worker shortage.

As part of this initiative, IBM is sponsoring alternative education models such as Hacker Highschool and Pathways in Technology Early College High School (P-TECH), while defining new workforce approaches to reach a broader pipeline of employees based on skills, experience and aptitudes as opposed to traditional hiring models which focus on degrees alone.

To help overcome the cybersecurity talent shortage and build the skills needed for the modern security workforce, IBM Security is investing in several initiatives including:

  • New collaboration with the Hacker Highschool project, an open cybersecurity training program for teens and young adults.
  • Continued investment in skills-based education, training & recruitment, including vocational training, coding camps, professional certification programs and innovative public/private education models like P-TECH (which IBM pioneered in 2011).  
  • Outlining a  strategic workforce approach for the security industry with practical steps that all organizations can take to rethink their own cybersecurity talent models, via a new industry whitepaper from IBM Institute for Business Value.

“The cybercrime landscape is evolving rapidly, yet many organizations are still approaching their cybersecurity education and hiring in the same way they were 20 years ago,” said Marc van Zadelhoff, General Manager of IBM Security. “The truth is that many of the critical cybersecurity roles we need to fill don’t require a traditional four-year technical degree. Industry leaders need to take an active part in resolving the talent issues we’re facing, by investing in new models and extending the pipeline to focus on hands-on skills and experience over degrees alone.” 

Rethinking Cybersecurity Training & Education

More than half of security hiring managers say that practical, hands-on experience is the most important qualification for a cybersecurity candidate.

Yet the majority of students are not given the opportunity to learn these security skills in a traditional classroom setting, particularly at a high school level. In fact, two out of three high schoolers say the idea of a career in cybersecurity had never been mentioned to them by a teacher, guidance or career counselor.

IBM Security is investing in alternative education models that focus on bringing cybersecurity exposure and skills to students at a younger age.

This includes a new initiative with ISECOM, a non-profit organization which provides Hacker Highschool, open cybersecurity courses designed specifically for teenagers to develop the critical thinking and hands-on, technical skills needed for today’s security professionals.

As part of this collaboration, IBM will provide sponsorship, expert guidance and IBM Security tools for a new Hacker Highschool lesson focused on the skills needed for an entry-level security operation center (SOC) analyst – a position that is in particular demand.

Students completing the Hacker Highschool curriculum will also have the opportunity for hands-on practice with IBM Security QRadar software, a deep security analytics technology used in thousands of security operation centers around the globe to help monitor malicious activity and detect attacks.

With the wide variety of cybersecurity roles that exist today, many of the core attributes and skills needed to succeed in this industry can be developed outside traditional four-year, university degree programs.

Vocational schools, associate degree programs, military veterans programs, coding camps and skills-based certifications are all great sources of cybersecurity talent which are often overlooked in traditional hiring and recruitment programs.

To get the latest insights on how IBM is helping security leaders tackle tough risk and security challenges, visit ibm.com/security/ciso.

Written by turbotodd

May 30, 2017 at 9:32 am

IBM Watson for Cyber Security Powers Smarttech Security Ops

leave a comment »

IBM Security today announced Smarttech, a security services provider based in Ireland, is leveraging IBM Watson for Cyber Security in their Security Operations Center (SOC).

The new tool is enabling the company’s analysts to investigate and respond to three times as many security incidents with greater speed and accuracy. Smarttech was one of 40 companies around the world to participate in the IBM Watson for Cyber Security Beta Program, and is now a customer.

Powered by IBM QRadar Advisor with Watson, Smarttech’s SOC now takes advantage of the cognitive capabilities of Watson along with industry leading IBM Security QRadar Security Analytics Platform to uncover hidden threats and automate insights.

IBM has trained Watson on the language of cyber security, with the system ingesting over one million security documents, and can now help security analysts with insights from hundreds of thousands of natural language research sources that have never before been accessible to modern security tools.

Smarttech was looking for an intuitive solution to better manage an industry-wide workforce shortage of security analysts, and sought to augment the skills of its security team to stay ahead of ever evolving cyber threats targeting customers.

As part of its roll out of IBM QRadar Advisor with Watson, Smarttech found that the tool provided valuable additional perspective beyond what their analysts had initially discovered, highlighting new observations that the analysts had overlooked in about 20 percent of incidents.

“It’s not man versus machine—they very much work hand and hand,” said Ronan Murphy, CEO, Smarttech. “Our analysts continue to play a critical role in evaluating a cyber security incident, while Watson for Cyber Security enforces their decisions and validates what they are sharing with the customer at risk. It enables security analysts to deliver faster and more accurate details on a breach, so we may better protect our customers.”

IBM QRadar Advisor with Watson can help security teams respond to threats through the following:

  • Visibility into elements of a security incident – while investigating an incident, QRadar Advisor first gathers greater context about that incident by mining local data available in QRadar.​
  • Formulate a threat research strategy – QRadar Advisor formulates a threat query to send to Watson for Cyber Security, to perform external knowledge and threat discovery on discrete observations from the incident.
  • Threat research – Watson for Cyber Security taps its knowledge base of unstructured data and uses cognitive reasoning to discover additional insights and other threat entities related to the original incident.
  • Apply intelligence to understand the threat – QRadar Advisor refines information it receives from Watson, to zero in on the key insights relevant to the current incident. It validates the source of the offense and provides additional context to identify and understand the threat.

For more information on Watson for Cyber Security and the IBM Cognitive SOC, visit: http://www-03.ibm.com/security/cognitive/

Written by turbotodd

May 11, 2017 at 8:31 am

%d bloggers like this: