Top Press Hits in February: Uncovered vulnerabilities, insight to the Deep & Dark Web, and more
Cyber Security, High Technology, Innovation Posted Mar 2, 2018 by Kayla Krause
February’s a short month, but the amount of breaking news and innovative research being published was still plentiful. From finding a vulnerability in a single-sign-on protocol, to introducing Cybercrime as a Service and creating a new cybersecurity term, CHEN PR’s clients have certainly been busy. To that point, we’ve compiled some top coverage appearing during the last 28 days.
Automation World, New Cybersecurity Term: Security Posture Assessment
Claroty just introduced the company’s most recent product enhancement, Security Posture Assessment, to its Continuous Threat Detection product. This new feature captures the details of an industrial network and generates a detailed report on network configuration hygiene and vulnerabilities. With added attack vector analysis, Claroty’s product enables industrial asset owners to fully protect expensive, revenue-generating industrial systems from rapidly growing threats.
Duo Security found a significant vulnerability in an open standard used by a range of vendors that provide, or rely on, the single-sign-on protocol – SAML – used to access cloud apps and services. If exploited, moderately technical attackers could trick systems into authenticating them as though they were other users – without legitimate credentials – effectively giving them the keys to all those users’ apps and data. Before publicly disclosing the vulnerability, Duo worked closely with CERT to assist with a multiple-vendor responsible disclosure process due to the breadth of impact.
DataBreachToday, Cybercrime as a Service: Tools + Knowledge = Profit
Peering into the Deep & Dark Web (DDW), there is no lack of supply when it comes to cybercrime products and services. On these darknet marketplaces, it’s not the range of tools to which it’s difficult to gain access; rather, it’s employing these services and data to make an actual profit. Flashpoint cybercrime intelligence analyst. Olivia Rowley, joins DataBreachToday’s Mat Schwartz for a podcast on cybercrime and the evolution of its services on the DDW.
There’s a common debate in the cybersecurity world: all-in-one cyber security platform – or – best of breed solutions? Terena Bell at CSO Online outlines why best of breed solutions are really the only answer. Specialized solutions each bring something different, solving individual security problems with the best tool possible. That’s the case with Forum Systems and its API security gateway. Importantly, the article digs into what to look for when buying multiple security programs and what to consider within your own system.
Network World, Getting the most out of your next generation firewall
SafeBreach security strategist Chris Webber spoke with freelancer Michael Cooney on some of the primary issues of so-called next-generation firewalls (NGFWs.) Given SafeBreach customer test results, NGFWs don’t seem to be getting the full benefit of what they bring to the table due to bad configurations, legacy security methods and policy gaps. NGFWs have many useful features – when they’re used by IT pros, configured properly and kept up-to-date.