• New state-of-the-art cybersecurity resource available to software developers

    Cybercrime is booming; it is an estimated $100 billion industry in the United States and shows no signs of slowing down. Attackers have an arsenal of weapons at their disposal, including social engineering — or phishing — penetrating weak security protocols and exploiting software vulnerabilities that can serve as an “open window” into an organization’s IT environment. Closing those windows requires effective and accessible tools to identify and root out software vulnerabilities. Supported by a $23.4 million grant from DHS’s Science and Technology Directorate (S&T), the Software Assurance Marketplace, or SWAMP, provides a state-of-the-art facility that serves as an open resource for software developers, software assurance tool developers, and software researchers who wish to collaborate and improve software assurance activities in a safe, secure environment.

  • Pace of acquisitions of cybersecurity startups quickens

    With the number and scope of cybersecurity breaches on the rise, cybersecurity startups offering innovative security solutions have become a sought-after target in the merger and acquisition market. These innovative companies are eagerly sought not only for their technologies, but also as an investment vehicle, with the average valuation acquiring companies willing to pay approaching ten times revenue. “To pay ten times on services in the normal world is crazy, in the security world it’s normal,” says an industry insider.

  • Chemical, defense companies subject to Chinese Nitro attacks

    More and more chemical and defense companies around the world are victims of Nitro attacks. These attacks, launched by government-backed Chinese hackers, install PoisonIvy, a Remote Access Tool (RAT) stealthily placed on computer systems to steal information. The majority of the computers infected belong to firms in the United States, Bangladesh, and the United Kingdom.

  • Two Israeli startups with innovative cybersecurity solutions raise combined $25 million

    Two Israeli cybersecurity startups, launched by veterans of the IDF technology units, announced that, separately, they had raised a combined $25 million from investors. Adallom’s solution accumulates users’ behavioral data in order to protect databases. It monitors how software applications like the customer relationship management program Salesforce, Google apps, and Microsoft Office 360 are used, and protects data security. Aorato’s solution watches for suspicious usage of employee credentials – for example, multiple guessing attempts. “2013 showed the world the risks of advanced threats in parallel to the implications of insiders’ access to sensitive corporate data,” Aorato’s CEO Idan Plotnik noted, referring to the Edward Snowden’s leaks of secret government information.

    • view counter

  • Botwall: New Web security solution uses real-time polymorphism to ward off attacks

    Malware has long used polymorphism — that is, rewriting its code — every time a new machine was infected in order easily to evade antivirus detection systems. Shape Security says its new product, the ShapeShifter, is reversing this advantage which malware has so far enjoyed: the new product uses polymorphic code as a new foundational tool for Web site defense. The patent-pending technology implements real-time polymorphism, or dynamically changing code, on any Web site, to remove the static elements that botnets and malware depend on for their attacks.

  • Estimating the best time to launch a cyberattack

    Of the many tricks used by the world’s greatest military strategists, one usually works well — taking the enemy by surprise. It is an approach that goes back to the horse that brought down Troy. But surprise can only be achieved if you get the timing right. Timing which, researchers at the University of Michigan argue, can be calculated using a mathematical model — at least in the case of cyber-wars. “The question of timing is analogous to the question of when to use a double agent to mislead the enemy, where it may be worth waiting for an important event but waiting too long may mean the double agent has been discovered,” the researchers say.

    • view counter

  • Palo Alto Networks acquires Morta Security

    Palo Alto Networks has acquired Morta Security, a Silicon Valley-based cybersecurity company operating in stealth mode since 2012. Financial terms of the acquisition were not disclosed. Palo Alto Networks says that the acquisition of Morta Security further strengthens its position as a provider of next-generation enterprise security.Palo Alto Network says that most organizations still rely on legacy point technologies that address only specific types of attacks, or phases of the attack. Because of the singular nature of these technologies, they are ill-equipped to detect and prevent today’s advanced cyberattacks.The company says that to address these challenges, a new approach is required.

  • Bringing anthropological insights to bear on cybersecurity

    Michael Polanyi (1891-1976), in his book Personal Knowledge, rejected the British Empiricists’ notion that experience can be reduced to sense data, and Alan Turing’s assertion that human minds are reducible to collections of rules. Rather, Polanyi said, it is tacit awareness — he later called it the “structure of tacit knowing”— which connects us, albeit fallibly, with reality. It provides us with the context within which our words and actions have meaning. Princeton’s anthropologist Clifford Geertz (1926-2006), in his The Interpretation of Cultures, built on Polanyi’s argument to say that the task of ethnography is thus to discover and interpret the secondary, or underlying (Polnayi would say “tacit”) meanings of social behavior — the “deep structure” of culture and social life. Cybersecurity experts at Kansas State University, in a 3-year, $700,000 project, take an anthropological approach to cybersecurity: they are examining the unspoken knowledge shared by cybersecurity analysts as a way to develop new automated tools that help analysts strengthen their cyberdefenses.

  • FireEye acquires Mandiant in a deal worth about $1 billion

    The combination of the two companies creates one of the cybersecurity industry leading vendor. The combined competencies of the two companies would allow them to find and stop attacks at every stage of the attack life cycle. “The reason for this deal is that we now live in a world of constant compromise. When you know you will be compromised, you can’t just continue trying to keep the bad guys out; you also need to investigate every compromise, figure out what happened, prevent it from ever happening again and clean up the mess,” says one analyst.

  • 2014 Cybersecurity Forum to focus on Trusted Computing

    The 2014 Cybersecurity Innovation Forum, to be held 28-30 January 2014, at the Baltimore Convention Center in Baltimore, Maryland, will focus on the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards to protect the nation’s infrastructure, citizens and economic interests from cyberattack.

  • Cybersecurity giants adapt to changing cyberthreat landscape

    McAfee and Symantec, the two technology giants of traditional firewall and antivirus protection software, are shifting their attention to focus more on cybersecurity challenges. A rapidly changing landscape for computer networks, in which data is transmitted and stored via mobile devices and cloud computing, has created demand for products and services that can secure information against state-sponsored or organized cyber terrorism.

  • Cybersecurity isn’t all about doom and gloom

    Much is made in the press of the devastating effects that weak cybersecurity is having on the economy in the United Kingdom and globally. The threat is compounded by a significant skills shortage. The U.K. government thinks the problem is so severe that it has identified cybersecurity as a Tier 1 national security threat and invested 860 million pounds to defend the country’s digital shores. What all this means is that there is money to be made from cybersecurity and small businesses should not fear it but embrace it. The business opportunities are boundless in cybersecurity. One area that is promising in this sense is the move towards smart cities. As the infrastructure around us, such as traffic lights and utilities becomes more regularly controlled via computers, market opportunities emerge

  • New Silicon Valley focus on cybersecurity

    The last time Silicon Valley focused on cybersecurity was in the 1990s. That focus saw the emergence of two giants: McAfee and Symantec. The two companies remain the most recognizable household names, thanks to their traditional firewall and anti-virus products. Now they find the arena which they thought was their own encroached from two sides. On one side there are tech giants like Hewlett-Packard and Cisco Systems, which see new revenue opportunity in cybersecurity. On the other side there is a rush of start-ups backed by large investments of venture capital.

  • Cybersecurity Manhattan Project needed

    On a daily basis, cyberattacks successfully steal U.S. intellectual property and military weapons plans, disrupt banking systems operations, and gain access to personal information which is supposed to be secure. The question: What it will take to harness America’s resources to push the country into developing effective national cyberdefense capabilities? Should it take another 9/11? Experts say that the whole must be greater than the sum of its parts. Power grid cyberattack exercises, increased cyberwarrior staffing at U.S. Cybercom, and the authorization of preemptive cyberattacks by Presidential Policy Directive 20 are individually good steps. But where is the whole? The unifying call to action? The United States may not be able to have another Manhattan Project, but it should be able to develop a Manhattan Project mentality, one which is orchestrated and executed by the U.S. cybersecurity czar or perhaps the DHS.

  • Digital privacy services enjoying a surge in demand

    Digital privacy services such as encrypted e-mail, secure instant messaging, and services that provide hard-to-track IP addresses are enjoying a surge in demand as individuals and businesses seek to protect information from spies and hackers in the wake of the National Security Agency’s (NSA) surveillance program revelations. These services promise security, but may also slow down computer performance. Moreover, they are not likely to deter those who are determined to hack into a particular computer network.