BrandPost: The Future of Network Detection and Response

Read Time:39 Second

Network Detection and Response, or NDR, has morphed from its original role as a traffic monitoring and statistics analysis tool. Today’s NDR solutions offer behavior-based analytics through artificial intelligence, machine learning tools and automated incident response. But how will NDR evolve in the future?

Integration will become the norm

In the near future, we will see far more integration with other security technologies. From one point of view, increasing numbers of data sources will be ingested by the NDR analytical platform, ranging across NGFWs, IDS/IPS, EDR (endpoint detection and response), sandboxes and others. Useful metadata from these devices will be extracted and sent to the NDR analytical center, adding to the depth, breadth and accuracy of NDR threat detection.

To read this article in full, please click here

Read More

BrandPost: XDR: Contextualizing the Value of Cybersecurity

Read Time:24 Second

Extended Detection and Response, or XDR, is a hot topic in the cybersecurity world. Enterprises are adopting it for its ability to mitigate security-alert fatigue, modernize security efforts, and adapt to the evolving threat landscape. Here, we’ll look at how XDR can maximize the efficiency of existing cybersecurity products while reducing TCO. XDR can also help transform the perception of cybersecurity on the whole.

Asset vs. liability: Cybersecurity perceptions

To read this article in full, please click here

Read More

USN-5179-2: BusyBox vulnerability

Read Time:22 Second

USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-28831)

Read More

Microsoft expands managed security services offerings with new program

Read Time:38 Second

Microsoft announced Monday that it’s getting into the managed security services business. The company’s Microsoft Security Experts program includes three new managed services.

Microsoft Defender Experts for Hunting is for its customers who have robust security operations centers but would like Microsoft to hunt for threats in data from endpoints, Office 365, cloud applications, and identity sources. Microsoft’s experts will hand off any actionable alerts they discover to security operations center (SOC) personnel, along with remediation recommendations. Microsoft experts are also available on-demand to answer security questions about anything from incidents to action by nation-state actors to updates on the latest attack vectors. The projected launch window for the service is in the summer of 2022.

To read this article in full, please click here

Read More

What to look for in a vCISO as a service

Read Time:3 Minute, 4 Second

 “Approximately 64% of global CISOs were hired from another company” according to the 2021 MH Global CISO Research Report. The reasons are because of talent shortages, the role is still new to some companies, and companies have not created a succession plan to support internal promotions.

To overcome these challenges, companies can look to Virtual Chief Information Security Officer (vCISO) or a vCISO as a service provider. Companies should consider both the vCISO candidate and the additional “as a service” capabilities that the Provider brings to support the security program. This article covers what to look for when selecting a vCISO and vCISO as a service provider.

What to look for with the candidate

Businesses will want to align their CISO requirements with the skillset and background of the candidate vCISO. For example, the business may want a vCISO with security architecture experience when they are deploying a managed firewall service. Alternatively, if the business has a need to build a Security Operations Center (SOC) then a vCISO with SOC deployment experience might be preferred. While experience in a focused area is beneficial, a vCISO will have the following fundamental skills that align and preferably expand past the business security needs.

Provide executive-level advisory and presentations.
Create and track a risk register with identified cybersecurity gaps.
Ability to develop, implement, and manage cybersecurity roadmap.
Run tabletop exercises to identify business unit priorities and create alignment.
Respond to third-party due diligence requests.
Hardware and software assets as well as data identification and risk analysis.
Reporting on metrics and key performance indicators (KPIs).
Deliver and report on vulnerability and penetration testing.
Oversee reporting, steering, and committee meetings.
Review and update incident response plans.
Identification, mitigation, and remediation activities for security related events.
Policy and procedure development, updating and creation.
Budget and planning development.
Develop and run security awareness training.

What to look for in a vCISO as a service provider

vCISO as a service expands the vCISO from an individual contributor into a team that is engaged to lead a program or initiative. For example, instead of having a vCISO with SOC building experience, the entire team is brought in to create the program and build the SOC. Building a relationship with the Provider helps businesses quickly engage resources to support these larger types of initiatives. As the relationship grows, the business builds trust and expands into a valuable partnership. Below are items to consider when trying to find the right trusted partner.

Access to a team of experts for a specific topic or concern through collaboration and sharing between the provider’s internal vCISO committee.
Provide a diverse group of professionals that allow the customer to get a vCISO who can quickly engage within the customer’s timeline and budget.
Leverage the diverse experience gained by the provider because of their engagements in different industries and business sizes from small business to global enterprise.
Strategy frameworks and resources to build a security program and help create a succession plan.
Meet the customer timelines and budgets through different levels of retainers and engagement models.
Addressing security topics and strategy objectively while providing unbiased recommendations to security challenges.
Coverage area to support regional, national, and global footprints.

The vCISO role is a flexible model to help customers manage cost, enhance quality of their deliverables, and reduce the time it takes to deliver on security activities. Engagements can be for a specific project, to provide coverage while a permanent CISO is identified, or to take on the role full-time. These benefits strengthen the relationship between customers and service provider which in turn, create the trusted partnership that is needed for stronger security.

Read More

rubygem-nokogiri-1.11.7-3.fc34

Read Time:14 Second

FEDORA-2022-0e5d64ce65

Packages in this update:

rubygem-nokogiri-1.11.7-3.fc34

Update description:

This rpm backports the patch for the issue for improper handling of unexpected data types, related to untrusted inputs to the SAX parsers, which is assigned as CVE-2022-29181

Read More

rubygem-nokogiri-1.13.1-3.fc35

Read Time:14 Second

FEDORA-2022-e9b2e1c1ac

Packages in this update:

rubygem-nokogiri-1.13.1-3.fc35

Update description:

This rpm backports the patch for the issue for improper handling of unexpected data types, related to untrusted inputs to the SAX parsers, which is assigned as CVE-2022-29181

Read More