❌

Normal view

There are new articles available, click to refresh the page.
Today β€” 18 May 2024Main stream

Data Virtualization: Optimising Access and Utilisation in Enterprise AI Systems

βœ‡Cybersecurity News and Magazine
By: Editorial
18 May 2024 at 03:21

Data Virtualization

By Puneet Gupta, Vice President and Managing Director, NetApp India/SAARC Propelled by the evolving trends in data, data virtualization is emerging as a new-age avenue, revolutionizing the way businesses leverage their data assets. The global market for this disruptive technology is poised to take a steep growth curve, with projections estimating a value of USD 12878.39 million by 2028, with a whopping CAGR of 24.88% during 2022–2028. This underscores the immense significance of data virtualization, particularly for India, where it presents a promising opportunity to maximize the efficiency of enterprise AI ecosystems. As outlined by NetApp’s 2024 Cloud Complexity report, 70% of surveyed companies in India already have AI projects up and running or in motion, which is commendably higher than the global average of 49%. Given this increasing readiness to adopt AI models and projects, data virtualization could be the ticket for Indian industries to optimize operations, making them more flexible and scalable than ever before. Essentially, this technology offers the abstraction of data from its physical confines, facilitating seamless access and utilization across the enterprise. Legacy IT infrastructure often grapples with the demands of modern-day business operations. The significance of this advancement lies in its ability to transcend the constraints of conventional data management approaches, offering agility, scalability, and efficiency in managing extensive and diverse datasets. Within AI ecosystems, it proves to be crucial in optimizing access to critical data and expediting the development and deployment of AI-driven solutions.

Advantages of Data Virtualization

In today's hyper-competitive business landscape, rapid modernization is the key to staying ahead of the curve. Virtualization empowers corporations to unlock a wealth of new opportunities and drive competitiveness through enhanced decision-making and accelerated time-to-market. By furnishing real-time access to actionable insights, it equips businesses to make informed decisions and capitalize on budding trends and emergent opportunities. Among the many advantages that data virtualization offers, a significant one is its ability to optimize resource utilization. By consolidating virtual environments, organizations can realize considerable cost savings whilst simultaneously enhancing operational efficiency. This not only mitigates the complexity of IT infrastructure but also augments scalability, enabling businesses to swiftly adapt to changing demands and market dynamics. In the world of enterprise AI, agility is crucial. By facilitating rapid deployment of such solutions, it allows businesses to capitalize on emerging opportunities and respond swiftly to evolving customer needs. Its inherent flexibility enables businesses to adapt their AI strategies in real-time, ensuring maximum impact and value creation. Centralized management and monitoring capabilities are also essential for effective data governance and control. Simplifying IT operations by providing a unified platform for managing and monitoring data assets is yet another benefit observed. This streamlined approach not only reduces administrative overhead but also enhances visibility and compliance, ensuring data integrity and security across the corporation. Access to timely and accurate data is the lifeblood of AI-driven decision-making. Through this innovation, access to critical data can be accelerated, enabling organizations to derive actionable insights with unmatched speed and accuracy. By breaking down data silos and facilitating seamless integration, it empowers businesses to make informed decisions that drive growth and improvement. It is well-founded that digital transformation thrives on experimentation and iteration. Data virtualization fosters a culture of innovation within AI ecosystems by providing a platform for rapid prototyping and testing. Its flexible architecture enables data scientists and AI developers to explore new ideas and concepts, leading to the development of ground-breaking solutions that drive business value and competitive advantage.

The Future of Data

As we embrace the future facilitated by the adoption of enterprise AI, the strategic importance of data virtualization cannot be overstated. By leveraging this technology, businesses can streamline operations, drive efficiency, and unlock new opportunities for growth and competitiveness. Looking ahead, the evolving role of this innovation will continue to shape the future of AI, providing companies with the tools they need to stay ahead of the curve and thrive in the digital age. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.Β 
Yesterday β€” 17 May 2024Main stream

How I upgraded my water heater and discovered how bad smart home security can be

βœ‡Ars Technica
By: Kevin Purdy
17 May 2024 at 07:00
The bottom half of a tankless water heater, with lots of pipes connected, in a tight space

Enlarge / This is essentially the kind of water heater the author has hooked up, minus the Wi-Fi module that led him down a rabbit hole. Also, not 140-degrees Fβ€”yikes. (credit: Getty Images)

The hot water took too long to come out of the tap. That is what I was trying to solve. I did not intend to discover that, for a while there, water heaters like mine may have been open to anybody. That, with some API tinkering and an email address, a bad actor could possibly set its temperature or make it run constantly. That’s just how it happened.

Let’s take a step back. My wife and I moved into a new home last year. It had a Rinnai tankless water heater tucked into a utility closet in the garage. The builder and home inspector didn't say much about it, just to run a yearly cleaning cycle on it.

Because it doesn’t keep a big tank of water heated and ready to be delivered to any house tap, tankless water heaters save energyβ€”up to 34 percent, according to the Department of Energy. But they're also, by default, slower. Opening a tap triggers the exchanger, heats up the water (with natural gas, in my case), and the device has to push it through the line to where it's needed.

Read 38 remaining paragraphs | Comments

Before yesterdayMain stream

The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024

βœ‡Cybersecurity News and Magazine
By: Ashish Khaitan
15 May 2024 at 10:04

cybersecurity influencer

The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and tireless efforts, have left a significant mark on the industry.Β  From seasoned security leaders steering the helm of major companies, to passionate bloggers, journalists, podcasters, and authors, this diverse group offers a wealth of perspectives on the ever-present fight against cybercrime.Β  Veterans with decades of experience share the stage with innovative minds constantly pushing boundaries. Whether it's investigative journalists uncovering cybercrime rings, ethical hackers forging new defensive strategies, or company founders shaping the future of online safety, these influencers are united in a common cause.Β Β  They leverage social media to not only stay updated on the latest threats but also advocate for increased awareness and education. This list compiles the top 30 most influential cybersecurity influencers who actively share their expertise online. If you're interested in cybersecurity, following and engaging with these influential figures is a surefire way to stay informed and inspired.

Top 30 Cybersecurity Influencers of 2024

30. Alexandre Blanc - President and Owner at Alexandre Blanc Cyber

[caption id="attachment_68576" align="alignnone" width="541"]Cybersecurity-Influencers-of-2024 Source: LinkedIn[/caption] Alexandre Blanc is a renowned Cybersecurity dvisor, ISO/IEC 27001 and 27701 Lead Implementer, and a recognised security expert. With a track record of holding successful cybersecurity events, Blanc serves as an Independent Strategic and Security Advisor, providing invaluable counsel to various organisations. His expertise spans incident response management, digital transformations, and dark web investigations. Recognised as a LinkedIn Top Voice in Technology and named among the top security experts with over 75k followers on LinkedIn, Blanc's insights are highly sought-after in the cybersecurity community. Through publications, speaking engagements, and advisory roles, he continues uplift the IT and security industry.Β 

29. Alissa Abdullah - Deputy CSO at Mastercard

[caption id="attachment_68502" align="alignnone" width="541"]Alissa Abdullah - Deputy CSO at Mastercard Cybersecurity Influencer Source: LinkedIn[/caption] Alissa Abdullah, PhD, is a distinguished senior information technology and cybersecurity executive with a rich background spanning Fortune 100 companies, the White House, and the government intelligence community. Currently serving as Deputy Chief Security Officer for Mastercard, she brings over 20 years of experience in IT strategy, fiscal management, and leading large government programmes. Abdullah's strategic leadership extends beyond her corporate role; she serves as a board member for organisations like Girls in Tech, Inc. and Smartsheet, while also lecturing at the University of California, Berkeley. With a PhD in Information Technology Management, and over 17k followers on LinkedIn, she is a recognised authority in cybersecurity and IT leadership.

29. Jane Frankland - CEO at KnewStart

[caption id="attachment_68503" align="alignnone" width="541"]Jane Frankland - CEO at KnewStart Cybersecurity Influencer Source: LinkedIn[/caption] Jane Frankland is a prominent figure in cybersecurity with a career spanning over two decades of experience in the field. As a cybersecurity influencer and LinkedIn Top Voice, she has established herself as an award-winning leader, coach, board advisor, author, and speaker. Frankland's expertise lies in bridging the gap between business strategy and technical cybersecurity needs, enabling smoother and more effective engagements. With a portfolio career, she works with major brands as an influencer, leadership coach, and board advisor. Additionally, Frankland is deeply involved in initiatives promoting diversity and inclusion in cybersecurity, aligning her work with the UN Sustainable Development Goals.

27. Mark Lynd - Head of Executive Advisory & Corporate Strategy at NETSYNC

[caption id="attachment_68504" align="alignnone" width="541"]Mark Lynd - Head of Executive Advisory & Corporate Strategy at NETSYNC Cybersecurity Influencer Source: LinkedIn[/caption] Mark Lynd is a globally recognised cybersecurity strategist, and keynote speaker in cybersecurity and AI. With over 25 years of experience, including four stints as a CIO & CISO for global companies, he excels in technology, cybersecurity, and AI. Currently, he serves as the Head of Executive Advisory & Corporate Strategy at Netsync, a global technology reseller, where he concentrates on cybersecurity, AI, data center, IoT, and digital transformation. Lynd's accolades include being ranked globally for security and AI thought leadership, and he's authored acclaimed books and eBooks. He holds a Bachelor of Science from the University of Tulsa and is a proud military veteran.

26. Naomi Buckwalter - Director of Product Security at Contrast Security

[caption id="attachment_68505" align="alignnone" width="541"]Naomi Buckwalter - Director of Product Security at Contrast Cybersecurity Influencer Source: LinkedIn[/caption] Naomi Buckwalter is an accomplished Information Security Leader, Nonprofit Director, Keynote Speaker, and LinkedIn Learning Instructor. With extensive experience in directing information security programmes, she has notably served as Director of Product Security at Contrast Security and Director of Information Security & IT at Beam Dental. Buckwalter's expertise encompasses compliance, risk management, and security operations. She is also the Founder & Executive Director of the Cybersecurity Gatebreakers Foundation, aiming to revolutionise cybersecurity hiring practices. With a background in computer science and over 99K followers on LinkedIn, she is recognised for her contributions as a cybersecurity thought leader and advocate for diversity in tech.

25. Raj Samani- Chief Scientist for Cybersecurity

[caption id="attachment_68506" align="alignnone" width="541"]Raj Samani- Chief Scientist for Cybersecurity Source: Australian Cyber Conference 2024[/caption] Raj Samani is currently a Chief Scientist at Rapid7 and has experience in this industry spanning 20 years. He has worked with law enforcement and is also advisor to the European Cybercrime Centre. Samani is a sought-after speaker at industry conferences, a published author, and continues to make appearances in podcasts where he discusses his expertise surrounding threat intelligence, cyber defence strategies, and emerging threats. With his following of over 15.2k followers on LinkedIn and 14.4k on Twitter, Samani is influential to his followers due to the cybersecurity related articles, updates and insights he shares, often engaging not only cybersecurity enthusiasts but also professionals.

24. Tyler Cohen Wood- Co- Founder of Dark Cryptonite

[caption id="attachment_68507" align="alignnone" width="541"]Tyler Cohen Wood- Co- Founder of Dark Cryptonite Source: BankInfoSecurity[/caption] Tyler Cohen Wood is a prominent and respected figure in the cybersecurity field. Currently the co-founder of Dark Cryptonite, a Special Comms method of cybersecurity, Woods has over 20 years of experience in the intelligence community. Woods previously served as Senior Intelligence Officer at the Defence Intelligence Agency (DIA) and Cyber Branch Chief at the DIA's Science and Technology Directorate. Woods is also a keynote speaker and provides insight into global cyber threats and national security due to her knowledge on digital privacy and national security.Β  Woods has a following of over 27k on LinkedIn, attention she’s garnered due to her ability to share insightful commentary on cybersecurity issues which explains complex technical concepts easily for all types of audiences.

23. Theresa Payton- CEO of Fortalice Solutions

[caption id="attachment_68509" align="alignnone" width="541"]Theresa Payton- CEO of Fortalice Solutions Source: Experience McIntire[/caption] Theresa Payton was the first ever female Chief Information Officer for the White House from 2006-2008, serving under George W. Bush, and is now the CEO of her company Fortalice Solutions which she founded in 2008. Payton is best known for consulting as that is the purpose of her company, providing services like risk assessments, incident response, and digital forensics to government agencies and different industries and businesses about cybersecurity strategy and best IT practices. Payton has over 25k followers on LinkedIn and this is due to her continuous and avid blogging exposing cybercrimes and tackling cybersecurity on her companies page.

22. Bill Brenner-Vice President, Custom and Research Content Strategy, CyberRisk AllianceΒ 

[caption id="attachment_68510" align="alignnone" width="541"]Bill Brenner-Vice President, Custom and Research Content Strategy, CyberRisk Alliance Source: SC Magazine[/caption] Bill Brenner is an experienced professional in the cybersecurity field and has ventured into many areas including journalist, editor, and community manager. His work has focused on cybersecurity education and awareness. Brenner is currently the Vice President of Custom and Research Content Strategy at CyberRisk Alliance. Brenners 15.7k followers on Twitter come from his influence surrounding articles posted on CS Media and Techtarget which are informative and relevant to cybersecurity professionals.

21. Brian Honan- CEO of BH Consulting

[caption id="attachment_68511" align="alignnone" width="541"]Brian Honan- CEO of BH Consulting Source: BH Consulting[/caption] Brian Honan is the CEO of BH Consulting and has over 30 years of experience inΒ  cybersecurity. He was formerly a special advisor on cyber security to Europol’s Cyber Crime Centre, along with being an advisor to the European Union Agency for Network and Information Security. Honan’s work in consultancy is not just aimed at government agencies but also multinational corporations, and small businesses. Honan advocates highly for education in the field and is a founding member of the Irish Reporting and Information Security Service (IRISS-CERT). His following of 36.2k on Twitter can be attested to the articles and blogs he’s written and posted along with presentations at industry conferences worldwide.

20. Magda Chelly- Senior Cybersecurity Expert

[caption id="attachment_68513" align="alignnone" width="541"]Magda Chelly- Senior Cybersecurity Expert Source: LinkedIn[/caption] Magda Chelly is the first Tunisian woman to be on the advisory board of Blackhat. She has over 10 years of experience in security architecture, risk management, and incident response. Chelly is also a published author and is also known to be a keynote speaker who can deliver her talks in five different languages. She is currently the Managing Director at Responsible Cyber where she helps organisations implement effective cybersecurity strategies, while also being the founder of Women of Security (WoSEC) Singapore which aims to encourage women to join the field of cybersecurity. Chelly has over 57k followers on LinkedIn due to her posts on cybersecurity, but also her diversity initiatives which make her an advocate in the field.Β 

19. Marcus J. Carey- Principal Research Scientist at ReliaQuest, CEO of ThreatCare

[caption id="attachment_68514" align="alignnone" width="541"]Marcus J. Carey- Principal Research Scientist at ReliaQuest, CEO of ThreatCare Source: Facebook[/caption] Marcus J Carey is a former Navy Cryptologist who is now in cybersecurity innovation. He has worked many roles including penetration tester, security researcher, and security engineer, all of which helped to gain new and revolutionary insights into offensive and defensive cybersecurity techniques. Carey is famous for the books he has written surrounding hackers and cybersecurity and is an established CEO of Threatcare, a cybersecurity company focused on providing proactive threat detection and risk assessment solutions. His 52.4k Twitter followers stem from the expertise he shares on social media and his importance in educating future professionals in the field. He is also sought after for speaking in industry conferences.Β 

18. Andy Greenberg- Senior Writer at WIRED

[caption id="attachment_68515" align="alignnone" width="541"]Andy Greenberg- Senior Writer at WIRED Source: Penguin Random House[/caption] Andy Greenberg is currently a senior writer at Wired magazine, and has written many articles investigating high-profile cyber incidents, hacking groups, and emerging cybersecurity threats. Greenberg's reports often focus on the details of cyberattacks and looks at the broader implications for people, the government, and the industry as a whole. His 70.4k followers on Twitter are influenced by his updates and in-depth articles exploring the world of cybersecurity, not only informing the general public but also professionals about the hazards.

17. Paul Asadoorian- IT Security Engineer

[caption id="attachment_68516" align="alignnone" width="541"]Paul Asadoorian- IT Security Engineer Source: SC Magazine[/caption] Paul Asadoorian is a professional in the cybersecurity field for over 20 years, but his following comes from his blogs and podcasts. He’s best known as the founder and host of Security Weekly where Asadoorian brings together experts and practitioners from the cybersecurity field to discuss latest news and research in the field such as network security, application security, incident response, etc. Additionally, he is also the founder and CEO of Offensive Countermeasures, a company that helps cybersecurity professionals enhance their skills and stay ahead of evolving threats. His 77.3k followers on Twitter are mostly due to his large social media presence as a podcaster and his posts surrounding resources , opinions, and promotion of Security Weekly.

16. Nicole Perlroth- New York Times

[caption id="attachment_68518" align="alignnone" width="541"]Nicole Perlroth- New York Times Source:[/caption] Nicole Perlroth is a Pulitzer Prize-winning journalist who covers cybersecurity and digital espionage for The New York Times. She is regarded for her intensive reporting on cyber threats, hacking incidents, and the intersection of technology and national security. Perlroth has also written a book on the cyberweapons arms race. With 91.5k followers on Twitter, Perlroth shares her own articles, as well as insights and updates related to cybersecurity and technology which creates engagement for her from both cybersecurity professionals and general readers interested in security.

15. Graham Cluley- Smashing Security

[caption id="attachment_67630" align="alignnone" width="523"]Graham Cluley- Smashing Security Source: Smashing Security[/caption] Graham Cluley is an author and blogger who has written books on cybersecurity and continues to be avid in sharing news and stories on cybersecurity through the written word and speech. Currently, Graham Cluley is an independent cybersecurity analyst, writer, and public speaker. He also runs a podcast where he discusses internet threats and safety in an entertaining, engaging and informative way. Cluley’s 112.9k Twitter followers are updated with his podcast, tweets and YouTube videos which explain cybersecurity topics and how to tackle them in a way patented to the general users of the internet.Β 

14. Rachel Tobac- Hacker and CEO of SocialProof SecurityΒ 

[caption id="attachment_68522" align="alignnone" width="541"]Rachel Tobac- Hacker and CEO of SocialProof SecurityΒ  Source: LinkedIn[/caption] Rachel Tobac is an ethical hacker who helps companies keep safe through her work as CEO of SocialProof Security, which she co-founded. The company focuses on educating employees to recognize and deal with cyberattacks. She has a background in behavioural psychology and uses it to improve cybersecurity awareness and defences in the general public. Tobac also works with the non-profit Women in Security and Privacy (WISP) where she helps women advance in the security field and often speaks for underrepresented groups to pursue a career in cybersecurity. Tobac’s 106k strong following on Twitter is due to her activism and due to the tips and updates she shares related to the industry, with some posts being popular for starting debates amongst professionals.

13. Katie Moussouris- Founder of Luta Security

[caption id="attachment_68523" align="alignnone" width="541"]Katie Moussouris- Founder of Luta Security Source: SANS Cyber Security Certifications & Research[/caption] Katie Moussouris is the Founder of Luta Security which encompasses her aims surrounding vulnerability disclosure and safer and responsible research in security. She is a leading figure in both the aspects and has 20 years of experience on the field. Some of Moussouris’s leading work is the Microsoft's bug bounty programme, which she developed and was one of the first-of-its-kind in the industry. She also advocates for vulnerability disclosure, which merits more transparency between security researchers and organisations. Moussouris’s 115.5k followers come from her revolutionary developments. She is a frequent speaker at cybersecurity conferences and events. She often posts and talks about her advocacy for ethical hacking and responsible security practices along with her expertise on vulnerability disclosure and bug bounty programmes.

12. Chuck Brooks- President of Brooks Consulting InternationalΒ 

[caption id="attachment_68524" align="alignnone" width="541"]Chuck Brooks- President of Brooks Consulting InternationalΒ  Source: The Official Cybersecurity Summit[/caption] Brooks is the president of his consulting company where he advises clients on cybersecurity strategy, risk assessment, and business development. Along with that, he is a featured author in many technology and cybersecurity blogs. Brooks has previously worked in advisory roles with corporations and also at government agencies, including the Department of Homeland Security and the Defence Intelligence Agency. Brooks’ 116k LinkedIn followers are due to his regular contributions to industry research and news, media articles. Along with that, he is a popular keynote speaker who shares his expertise on a wide range of cybersecurity topics.

11. Daniel Miessler- Founder of Unsupervised Learning

[caption id="attachment_68525" align="alignnone" width="541"]Daniel Miessler- Founder of Unsupervised Learning Source: The Official Cybersecurity Summit[/caption] Miessler is the founder and CEO of Unsupervised Learning where he writes informative articles and tackles relevant issues surrounding cybersecurity and what the world after AI means for human beings.Β  Miesslers following of 139.4k on Twitter comes from professionals in the field and novice enthusiasts engaging with his content and discussions due to his experience in the field. He also avidly shares articles, podcasts, bringing his audience up to speed with cybersecurity.

10. Kevin Beaumont- Internet Cyber Personality

[caption id="attachment_68526" align="alignnone" width="541"]Kevin Beaumont- Internet Cyber Personality Source: iTWire[/caption] Kevin Beaumont is an experienced professional who has worked in various cybersecurity roles, including security engineer and consultant. He also specialises in threat detection and incident response. Kevin is now the Head of Cybersecurity Operations at Arcadia Ltd. along with being a cybersecurity researcher who runs his own platform where he discusses cybersecurity. Beaumont appeals to newer, younger cybersecurity enthusiasts with around 150.9k followers on Twitter due to his engagement with trolling on the internet. Additionally, he writes articles for Medium where he informs about cybercrime issues such as Microsoft Windows vulnerability.Β 

9. Lesley Carhart- hacks4pancakes

[caption id="attachment_68527" align="alignnone" width="541"]Lesley Carhart- hacks4pancakes Source: hacks4pancakes[/caption] Lesley Carhart is currently a threat analyst and principal responder at Dragos, a company which works to protect industrial control systems from cyber threats, and has experience as a security analyst, incident responder and threat hunter. Her work in both the public and private sectors allowed her to gain valuable insights into cybersecurity issues across different industries. Her following of 168k comes from her works such as blogger and speaker who offers career advice in the field of cybersecurity. She also speaks about topics such as industrial control, ransomware attacks and more.Β  Β 

8. Bruce Schneier- Schneier on Security

[caption id="attachment_68528" align="alignnone" width="541"]Bruce Schneier- Schneier on Security Source: Wikipedia[/caption] Schneier is a specialist in computer security and privacy along with being a cryptographer. Schneier is regarded as one of the most influential people in his field of cryptography and has written numerous books on cybersecurity, some of which are considered seminal works in the field. He has also written articles about security and privacy for magazines such as Wired. Schneier’s following of 147.1k comes from being acknowledged as impactful in his field but also due to his blog where he addresses the prevalence of hacking and other cyber dangers intersecting with our everyday lives.

7. Eugene Kaspersky- CEO of Kaspersky Lab

[caption id="attachment_68530" align="alignnone" width="541"]Eugene Kaspersky- CEO of Kaspersky Lab Source: LinkedIn[/caption] Eugene Kaspersky is an individual most impactful in the cybersecurity, best known as the CEO of Kaspersky Lab, a company he co-founded in 1997 which identified government-sponsored cyberwarfare. Kaspersky’s following of 187.5k comes from how Kaspersky Lab has grown into a global cybersecurity powerhouse, offering a wide range of products and services, along with his advocacy for cybersecurity education. Kaspersky is also a keynote speaker on emerging threats, and the importance of cybersecurity awareness at industry conferences and events. Furthermore, he writes a blog where he regularly posts updates about his life in the industry.Β 

6. Eric Geller - Cybersecurity Journalist

[caption id="attachment_68532" align="alignnone" width="541"]Eric Geller - Cybersecurity Journalist Source: LinkedIn[/caption] Eric Geller is a freelance cybersecurity journalist recognised for his insightful coverage of digital security. With a comprehensive portfolio including esteemed publications like WIRED, Politico, and The Daily Dot, Geller offers in-depth analysis on cyber policy, encryption, and data breaches. His investigative reporting touches the intricate intersections of cybersecurity and everyday life, from election security to critical infrastructure protection. Geller's expertise extends to interviews with top officials and breaking news on government initiatives. With a Bachelor of Arts in Political Science from Kenyon College, Geller's accolades include induction into the Pi Sigma Alpha national political science Honors society.

5. Shira Rubinoff- The Futurum GroupΒ 

[caption id="attachment_68533" align="alignnone" width="541"]Shira Rubinoff- The Futurum GroupΒ  Source: The Futurum Group[/caption] Shira Rubinoff is a cybersecurity and blockchain advisor as well as being a popular keynote speaker and author. She is the President of SecureMySocial, a cybersecurity company that focuses on protecting organizations from social media risks such as data leakage, reputational damage, and insider threats. Her videos are many and impactful, consisting of interviews and conversations with other professionals. She is known to be one of the top businesswomen in the field and currently runs a cybersecurity consulting firm and serves as the Chair of the Women in Cybersecurity Council (WCI), aiming to influence more women to join the field. Her follower count of 190.4k isn’t only due to her experience as a businesswoman, but also her constant interaction on social media as she posts talks, videos, podcasts, written work and more about many topics in cybersecurity.

4. Mikko HyppΓΆnen- Chief Research Officer at WithSecureΒ 

[caption id="attachment_68535" align="alignnone" width="541"]Mikko HyppΓΆnen- Chief Research Officer at WithSecureΒ  Source: WithSecure[/caption] Miko HyppΓΆnen has been in the world of cybersecurity since the late 1980s. Since then he has led researchers in identifying and eliminating emerging cyber threats, while providing insights and solutions to protect individuals, businesses, and governments from cybercrime. HyppΓΆnen has written for many famous newspapers like the New York Times and has also appeared on international TV and lectured at universities like Oxford and Cambridge. His 230.5k followers is due to his engaging and informative presentations, which help raise awareness about cybersecurity threats. He also has a following for his blog posts and research papers detailing his expertise.Β 

3. Kim Zetter - Investigative Journalist and Book Author

[caption id="attachment_68536" align="alignnone" width="541"]Kim Zetter - Investigative Journalist and Book Author Source: IMDb[/caption] Kim Zetter is an award-winning investigative journalist renowned for her expertise in cybersecurity and national security. With a distinguished career spanning publications like WIRED, Politico, and The New York Times Magazine, Zetter is a respected authority on topics ranging from election security to cyber warfare. Her book, "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon," offers a gripping narrative of covert cyber operations. As a sought-after speaker and social media personality with over 7K followers on LinkedIn, she shares insights at conferences worldwide. Zetter's relentless pursuit of truth has earned her acclaim and established her as a leading voice in the cybersecurity journalism.

2. Brian Krebs- Krebs on Security

[caption id="attachment_68537" align="alignnone" width="541"]Brian Krebs- Krebs on Security Source: Keppler Speakers[/caption] Brian Krebs is an investigative journalist who wrote for The Washington post from 1995 to 2009 for the security fix blog. He now runs his own blog, Krebs on Security. In it, he provides in-depth analysis and reports, along with promptly posted breaking news on cybercrime, hacking, data breaches, etc. Krebs has received many awards for his investigative journalism, including the Pulitzer Prize finalist for his coverage of cybersecurity problems. Krebs’ 347.9k are due to the reputation his blog widely holds for being a first choice when looking for accurate, fast information, as well as the truth as he’s known to hold individuals and organisations accountable for in his work.

1. Robert Herjavec- CEO of Global Cybersecurity Firm - Cyderes

[caption id="attachment_68538" align="alignnone" width="541"]Robert Herjavec- CEO of Global Cybersecurity Firm - Cyderes Source: Cyderes[/caption] Herjavec is the CEO of the Herjavec Group and the Global Cybersecurity Firm, Cyderes, which leads cybersecurity options and supports many security services including threat detection and response, identity and access management, and compliance solutions. Along with that, he features on BBC’s Shark Tank and also provides motivational business advice through his books and videos. His following of 2.2 million may be due to his appearance on the show, but he continues to actively post insights and gives commentary on cybersecurity trends and ever-changing threats. Most of his followers are there to witness what he shares on business and entrepreneurship. Herjavec frequently shares cybersecurity related articles and updates.Β  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Virtual Boy: The bizarre rise and quick fall of Nintendo’s enigmatic red console

βœ‡Ars Technica
By: Benj Edwards
15 May 2024 at 07:00
A young kid using a Virtual Boy on a swing.

Enlarge (credit: Benj Edwards)

Ars Technica AI Reporter and tech historian Benj Edwards has co-written a book on the Virtual Boy with Dr. Jose Zagal. In this exclusive excerpt, Benj and Jose take you back to Nintendo of the early '90s, where a unique 3D display technology captured the imagination of legendary designer Gunpei Yokoi and set the stage for a daring, if ultimately ill-fated, foray into the world of stereoscopic gaming.

Seeing Red: Nintendo's Virtual Boy is now available for purchase in print and ebook formats.

A full list of references can be found in the book.

Nearly 30 years after the launch of the Virtual Boy, not much is publicly known about how, exactly, Nintendo came to be interested in developing what would ultimately become its ill-fated console. Was Nintendo committed to VR as a future for video games and looking for technological solutions that made business sense? Or was the Virtual Boy primarily the result of Nintendo going β€œoff script” and seizing a unique, and possibly risky, opportunity that presented itself? The answer is probably a little bit of both.

As it turns out, the Virtual Boy was not an anomaly in Nintendo’s history with video game platforms. Rather, it was the result of a deliberate strategy that was consistent with Nintendo’s way of doing things and informed by its lead creator Gunpei Yokoi’s design philosophy.

Read 47 remaining paragraphs | Comments

M4 iPad Pro review: Well, now you’re just showing off

βœ‡Ars Technica
By: Samuel Axon
13 May 2024 at 17:00
The back of an iPad with its Apple logo centered

Enlarge / The 2024, M4-equipped 13-inch iPad Pro. (credit: Samuel Axon)

The new iPad Pro is a technical marvel, with one of the best screens I’ve ever seen, performance that few other machines can touch, and a new, thinner design that no one expected.

It’s a prime example of Apple flexing its engineering and design muscles for all to see. Since it marks the company’s first foray into OLED beyond the iPhone or Watch, and the first time a new M-series chip has debuted on something other than a Mac, it comes across as a tech demo for where the company is headed beyond just tablets.

Still, it remains unclear why most people would spend one, two, or even three thousand dollars on a tablet that, despite its amazing hardware, does less than a comparably priced laptopβ€”or at least does it a little more awkwardly, even if it's impressively quick and has a gorgeous screen.

Read 53 remaining paragraphs | Comments

M2 iPad Air review: The everything iPad

βœ‡Ars Technica
By: Andrew Cunningham
13 May 2024 at 17:00

  • The new 13-inch iPad Air with the Apple M2 processor inside. [credit: Andrew Cunningham ]

The iPad Air has been a lot of things in the last decade-plus. In 2013 and 2014, the first iPad Airs were just The iPad, and the β€œAir” label simply denoted how much lighter and more streamlined they were than the initial 2010 iPad and 2011’s long-lived iPad 2. After that, the iPad Air 2 survived for years as an entry-level model, as Apple focused on introducing and building out the iPad Pro.

The Air disappeared for a while after that, but it returned in 2019 as an in-betweener model to bridge the gap between the $329 iPad (no longer called β€œAir,” despite reusing the first-gen Air design) and more-expensive and increasingly powerful iPad Pros. It definitely made sense to have a hardware offering to span the gap between the basic no-frills iPad and the iPad Pro, but pricing and specs could make things complicated. The main issue for the last couple of years has been the base Air's 64GB of storageβ€”scanty enough that memory swapping doesn't even work on itβ€” and the fact that stepping up to 256GB brought the Air too close to the price of the 11-inch iPad Pro.

Which brings us to the 2024 M2 iPad Air, now available in 11-inch and 13-inch models for $599 and $799, respectively. Apple solved the overlap problem this year partly by bumping the Air's base storage to a more usable 128GB and partly by making the 11-inch iPad Pro so much more expensive that it almost entirely eliminates any pricing overlap (only the 1TB 11-inch Air, at $1,099, is more expensive than the cheapest 11-inch iPad Pro).

Read 20 remaining paragraphs | Comments

Forget aerobars: Ars tries out an entire aerobike

βœ‡Ars Technica
By: John Timmer
12 May 2024 at 06:30
Image of a aerodynamic recumbent bicycle parked in front of a pickup truck.

Enlarge / The Velomobile BΓΌlk, with its hood in place. Note the hood has an anti-fog covering on the visor (which is flipped up). The two bumps near the front of the hood are there to improve clearance for the cyclist's knees. (credit: JOHN TIMMER)

My brain registered that I was clearly cycling. My feet were clipped in to pedals, my legs were turning crank arms, and the arms were linked via a chain to one of the wheels. But pretty much everything else about the experience felt wrong on a fundamental, almost disturbing level.

I could produce a long list of everything my mind was struggling to deal with, but two things stand out as I think back on the experience. The first is that, with the exception of my face, I didn't feel the air flow over me as the machine surged forward down a slight slope. The second, related to the first, is that there was no indication that the surge would ever tail off if I didn't hit the brakes.

Living the dream

My visit with a velomobile was, in some ways, a chance to reconnect with a childhood dream. I've always had a fascination with vehicles that don't require fuel, like bicycles and sailboats. And during my childhood, the popular press was filled with stories about people setting human-powered speed records by putting aerodynamic fiberglass shells on recumbent bicycles. In the wake of the 1970s oil crises, I imagined a time when the roads might be filled with people cycling these pods for their commutes or covering long distances thanks to a cooler filled with drinks and snacks tucked in the back of the shell.

Read 23 remaining paragraphs | Comments

The Top 10 Cybersecurity Unicorns in The World

βœ‡Cybersecurity News and Magazine
By: krishnamurthyb9442d6436
11 May 2024 at 06:25

Cybersecurity Companies

The ever-evolving digital landscape presents a constant challenge for businesses and individuals alike: staying secure in the face of increasingly sophisticated cyber threats. With the exponential growth of data, online transactions, and interconnected devices, the need for robust cybersecurity solutions has become paramount. Over the last decade-and-a-half companies established themselves by pioneering firewalls and cloud-native innovators to redefine modern defense strategies. This article delves into the top 10 cybersecurity companies with a revenue exceeding $1 billion, offering a glimpse into the industry's leading players.

Top 10 Cybersecurity Companies with Revenue over $1B

Understanding the strengths and specializations of these leading cybersecurity companies empowers stakeholders to make informed decisions when selecting solutions to safeguard their valuable digital assets.

1) Palo Alto Networks

  • Revenue: US $7.52 billion
  • Founded: 2005 by Nir Zuk (former Check Point engineer)
  • Headquarters: Santa Clara, California
  • Key Products/Services: Advanced firewalls, cloud-based security solutions
Palo Alto Networks gained significant traction in the cybersecurity industry in 2011 when Gartner listed them as an emerging leader in its Magic Quadrant for Network Firewalls. The following year, Palo Alto Networks debuted on the New York Stock Exchange, raising over $260 million through their initial public offering (IPO) – the fourth-largest tech IPO of that year. Nikesh Arora assumed the role of Chairman and CEO in 2018. The Palo Alto Networks platform offers advanced firewalls and cloud-based security solutions, extending protection across various security domains. Since its inception, the company claims to have thwarted over 8 billion cyberattacks. Analysts predict strong future growth for the 19-year-old company, projecting an 18% annual revenue increase over the next five years.

2) Fortinet

  • Revenue: US $5.3 billion
  • Founded: 2000 by Ken Xie and Michael Xie
  • Headquarters: Sunnyvale, California
  • Key Products/Services: Network security platform, firewalls, endpoint security
Fortinet built a reputation for offering a rigorous testing platform for their network security solutions, including firewalls and endpoint security. The company went public in 2009 and is known for high customer satisfaction ratings in product capabilities, value, ease of use, and support. This focus has helped Fortinet gain traction in even small business markets. Analysts project a solid 14.6% annual growth rate for the next five years.

3) Leidos

  • Revenue: US $3.98 billion
  • Founded: 1969
  • Headquarters: Reston, Virginia
  • Key Products/Services: IT security services, government contracting
Leidos was formerly known as Science Applications International Corporation (SAIC). They are a leading provider of scientific, engineering, systems integration, and technical services. Following their merger with Lockheed Martin's Information Systems & Global Solutions in 2016, Leidos emerged as the defense industry's largest IT services provider. They maintain extensive partnerships with the Department of Defense, the Department of Homeland Security, the Intelligence Community, and various other U.S. government agencies, along with select commercial markets.

4) CrowdStrike

  • Revenue: US $3.4 billion
  • Founded: 2011
  • Headquarters: Sunnyvale, California
  • Key Products/Services: Endpoint security platform, XDR, MDR, vulnerability management
CrowdStrike have redefined modern security with their cloud-native platform designed to protect critical areas of enterprise risk, including endpoints, cloud workloads, identity, and data. The CrowdStrike Security Cloud leverages advanced AI, real-time indicators of attack, threat intelligence, and enriched telemetry to deliver highly accurate detections, automated protection and remediation, elite threat hunting, and prioritised observability of vulnerabilities. CrowdStrike's solutions extend beyond endpoint protection to include XDR (Extended Detection and Response), MDR (Managed Detection and Response), vulnerability management as a service (VMaaS), and cloud security posture management (CSPM). Analysts predict a strong future for CrowdStrike, with a projected 31.8% annual revenue growth rate over the next five years. They consistently receive high marks in both MITRE’s technical evaluations and MSSP (Managed Security Service Provider) assessments.

5) F5 Networks

  • Revenue: US $2.81 billion (2023)
  • Founded: 1996
  • Headquarters: Seattle, Washington, USA
  • Key Products/Services: Application security, multi-cloud management, application delivery networking (ADN) solutions
F5 Networks is a prominent player in application security and delivery. Offers solutions for security, performance, and availability of network applications and storage systems. Products include application security, DDoS protection, and the cloud-based Silverline platform. It focuses on automation, security, performance, and insight technology to optimize app and API security for a better customer experience. Recent partnership with Telefonica expands Web Application Defense services for multi-cloud environments.

6) Check Point

  • Revenue: US $2.4 billion
  • Founded: 1993
  • Headquarters: Tel Aviv, Israel, and San Carlos, California
  • Key Products/Services: Firewalls, network security solutions
A pioneer in firewalls with a 30-year history, Check Point offers a comprehensive security portfolio consistently ranking highly in independent tests (MITRE, etc.). Provides strong security and value through traditional solutions like firewalls, gateways, UTM (Unified Threat Management), DLP (Data Loss Prevention), and encryption. It continues to invest in its service portfolio and SaaS security solutions through acquisitions like Atmosec and Perimeter81.

7) Okta

  • Revenue: US $2.3 billion
  • Founded: 2009
  • Headquarters: San Francisco
  • Key Products/Services: Identity and access management (IAM), zero-trust security solutions
Okta is a leading provider of IAM and zero-trust solutions, known for user-friendly products and attracting security buyers. Analysts project a long-term growth rate of 25% despite some publicized security breaches. It continues to focus on user-friendly and secure access management solutions with potential for significant growth.

8) Zscaler

  • Revenue: US $1.9 billion
  • Founded: 2007
  • Headquarters: San Jose, California
  • Key Products/Services: Cloud security platform, zero-trust security solutions
Zscaler offers a cloud-native platform that transforms IT infrastructure from traditional castle-and-moat networks to distributed, zero-trust environments. Zscaler's security platform encompasses Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and the Zscaler Platform, delivering cloud security and edge security solutions. This cloud-focused approach is promising, with analysts forecasting a significant 38.2% growth rate for Zscaler over the next five years.

9) Trend Micro

  • Revenue: US $1.3 billion
  • Founded: 1988
  • Headquarters: Tokyo, Japan
  • Key Products/Services: Cloud and enterprise cybersecurity solutions, antivirus, endpoint security
Trend Micro, a leader in cloud and enterprise cybersecurity, offers a comprehensive security platform encompassing cloud security, XDR (Extended Detection and Response), and solutions for businesses, data centers, and cloud environments. Trend Micro's global reach extends to over 500,000 organisations and 250 million individuals protected by their platform. Customers praise Trend Micro for the high value and ease of use of their security tools, including antivirus, full disk encryption, cloud workload protection platforms (CWPP), and intrusion detection and prevention systems (IDPSs). With a strong foundation beyond just antivirus solutions, Trend Micro is poised for continued growth.

10) Proofpoint

  • Revenue: US $1.1 billion (pre-acquisition)
  • Founded: 2002
  • Headquarters: Sunnyvale, California
  • Acquired by: Thoma Bravo in 2021 (Acquisition price: $12.3 billion)
  • Key Products/Services: Email Security, Advanced Threat Protection, Security Awareness Training, Archiving and Compliance, Digital Risk Protection
Headquartered in Sunnyvale, California, Proofpoint is a leading enterprise cybersecurity company that offers software-as-a-service (SaaS) products focusing on email security, identity threat defense, data loss prevention, and more. Acquired by private equity firm Thoma Bravo for $12.3 billion in 2021, the company provides comprehensive solutions against advanced cybersecurity threats, regulatory compliance issues, and brand-impostor fraud, also termed as "digital risk." Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Outdoing the dinosaurs: What we can do if we spot a threatening asteroid

βœ‡Ars Technica
By: Paul Sutter
10 May 2024 at 07:00
We'd like to avoid this.

Enlarge / We'd like to avoid this. (credit: Science Photo Library/Andrzej Wojcicki/Getty Images)

In 2005, the United States Congress laid out a clear mandate: To protect our civilization and perhaps our very species, by 2020, the nation should be able to detect, track, catalog, and characterize no less than 90 percent of all near-Earth objects at least 140 meters across.

As of today, four years after that deadline, we have identified less than half and characterized only a small percentage of those possible threats. Even if we did have a full census of all threatening space rocks, we do not have the capabilities to rapidly respond to an Earth-intersecting asteroid (despite the success of NASA’s Double-Asteroid Redirection Test (DART) mission).

Some day in the finite future, an object will pose a threat to usβ€”it’s an inevitability of life in our Solar System. The good news is that it’s not too late to do something about it. But it will take some work.

Read 35 remaining paragraphs | Comments

Professor sues Meta to allow release of feed-killing tool for Facebook

βœ‡Ars Technica
By: Ashley Belanger
9 May 2024 at 07:00
Professor sues Meta to allow release of feed-killing tool for Facebook

Enlarge (credit: themotioncloud/Getty Images)

Ethan Zuckerman wants to release a tool that would allow Facebook users to control what appears in their newsfeeds. His privacy-friendly browser extension, Unfollow Everything 2.0, is designed to essentially give users a switch to turn the newsfeed on and off whenever they want, providing a way to eliminate or curate the feed.

Ethan Zuckerman, a professor at University of Massachusetts Amherst, is suing Meta to release a tool allowing Facebook users to "unfollow everything." (Photo by Lorrie LeJeune)

Ethan Zuckerman, a professor at University of Massachusetts Amherst, is suing Meta to release a tool allowing Facebook users to "unfollow everything." (Photo by Lorrie LeJeune)

The tool is nearly ready to be released, Zuckerman told Ars, but the University of Massachusetts Amherst associate professor is afraid that Facebook owner Meta might threaten legal action if he goes ahead. And his fears appear well-founded. In 2021, Meta sent a cease-and-desist letter to the creator of the original Unfollow Everything, Louis Barclay, leading that developer to shut down his tool after thousands of Facebook users had eagerly downloaded it.

Zuckerman is suing Meta, asking a US district court in California to invalidate Meta's past arguments against developers like Barclay and rule that Meta would have no grounds to sue if he released his tool.

Read 42 remaining paragraphs | Comments

Hands-on with the new iPad Pros and Airs: A surprisingly refreshing refresh

βœ‡Ars Technica
By: Andrew Cunningham
7 May 2024 at 16:06
Apple's latest iPad Air, now in two sizes. The Magic Keyboard accessory is the same one that you use with older iPad Airs and Pros, though they can use the new Apple Pencil Pro.

Enlarge / Apple's latest iPad Air, now in two sizes. The Magic Keyboard accessory is the same one that you use with older iPad Airs and Pros, though they can use the new Apple Pencil Pro. (credit: Andrew Cunningham)

Apple has a new lineup of iPad Pro and Air models for the first time in well over a year. Most people would probably be hard-pressed to tell the new ones from the old ones just by looking at them, but after hands-on sessions with both sizes of both tablets, the small details (especially for the Pros) all add up to a noticeably refined iPad experience.

iPad Airs: Bigger is better

But let's begin with the new Airs since there's a bit less to talk about. The 11-inch iPad Air (technically the sixth-generation model) is mostly the same as the previous-generation A14 and M1 models, design-wise, with identical physical dimensions and weight. It's still the same slim-bezel design Apple introduced with the 2018 iPad Pro, just with a 60 Hz LCD display panel and Touch ID on the power button rather than Face ID.

So when Apple says the device has been "redesigned," the company is mainly referring to the fact that the webcam is now mounted on the long edge of the tablet rather than the short edge. This makes its positioning more laptop-y when it's docked to the Magic Keyboard or some other keyboard.

Read 15 remaining paragraphs | Comments

Top 5 Cybersecurity Companies Making Waves at RSAC 2024

βœ‡Cybersecurity News and Magazine
By: krishnamurthyb9442d6436
7 May 2024 at 06:11

RSAC 2024

The RSA Conference 2024, the world's biggest cybersecurity event, is currently underway at the Moscone Center in San Francisco. Over 640 vendors are showcasing their latest offerings at the expo, which began on Monday, May 6, 2024 and runs until Thursday, May 9th. For the second consecutive year, generative AI (GenAI) appears to be a major focus for cybersecurity products unveiled at the event. Here's a look at the top 5 companies making a splash at RSAC 2024:

1. Cyble with Vision X

Cyble, a prominent force in AI-powered cybersecurity, has launched Cyble Vision X, the successor to its award-winning Cyble Vision 2.0 threat intelligence platform. Vision X aims to elevate the user experience by granting decision-makers immediate access to critical information. The first phase of Vision X is poised to introduce a series of impactful enhancements, including a revamped "Executive Insights" dashboard that consolidates the most significant intelligence in a user-friendly interface.Β  Additionally, an improved filter allows users to effortlessly navigate through their data, and a sleeker, more modern, and intuitive design ensures an optimized user experience. Cyble Vision X also boasts several other improvements, such as:Β 
  • A new "Alerts Insights" interface, previously known as "Executive Insights" and rebranded to reflect a more granular level of data analysis.Β 
  • A revamped header and collapsible left pane for a cleaner, more efficient workspace.Β 
  • A redesigned authentication screen that maintains the same API functionality while incorporating aesthetic enhancements.Β 
For more information, visit Cyble's booth N-2353 at RSA to explore VisionX and their other services.

2. Theori with Xint

Taking a unified approach, Theori unveiled Xint, a comprehensive Security Posture Management (SPM) solution. Xint streamlines security operations by consolidating data from various sources, enabling organisations to gain a holistic view of their security posture and proactively identify vulnerabilities.Β  Highlights of Xint include:Β 
  • Cloud Security: Continuous monitoring and enhanced visibility into cloud configurations, resource utilization, and access controls to swiftly respond to potential security risks.Β 
  • External Threat Detection: Security tools designed to defend against unauthorized access for externally facing applications, including web applications, APIs, mobile apps, and third-party integrations.Β 
  • Offensive Security AI Engine: A revolutionary approach to penetration testing that combines the expertise of award-winning offensive cybersecurity veterans with cutting-edge artificial intelligence technology that precisely pinpoints vulnerabilities.Β 
For more information, visit Theori's Booth: 634.

3. New SEI Tool

The Software Engineering Institute (SEI) introduced a novel tool designed to provide much-needed visibility into DevSecOps pipelines. This tool empowers developers to identify and address security issues early in the development process, preventing them from becoming exploitable vulnerabilities in the final product.Β  The tool, called Polar, is an observability framework that provides a comprehensive picture of a software system's deployment platform. Polar unlocks data captured by disparate tools within an organization, helping to answer complex questions about performance and security that are crucial for real-time decision-making and agility in the face of threats. For more information, visit SEI's Booth: 1743.

4. Cranium with First-of-its-Kind GenAI Exposure Management Solution

Cranium, a leading enterprise AI security and trust software firm, introduced the industry's first exposure management solution specifically designed for GenAI at RSAC 2024. The Cranium platform features an AI-augmented workflow with a secure LLM architecture paired with proprietary threat intelligence to provide visibility into an AI system, characterize attack surfaces, and assess vulnerabilities within an organization.Β  As the use of GenAI tools like Microsoft's Copilot for Microsoft 365 grows, concerns around potential misuse and exploitation also rise. Cranium's solution offers a critical layer of protection against such attacks. Their exposure management solution can help organizations identify and mitigate potential security risks associated with GenAI tools, ensuring these powerful AI-driven applications are used securely.

5. Vectra AI Expands Platform to Combat GenAI Attacks

Vectra AI, a leader in hybrid attack detection, investigation, and response, has recognized the evolving threat landscape with the rise of GenAI and has expanded its AI platform to combat GenAI attacks. Vectra's enhanced solution leverages advanced AI and machine learning to detect and neutralize sophisticated attacks that may exploit the capabilities of GenAI tools. Traditional security solutions might struggle to identify these novel attack methods, so Vectra's AI-powered platform offers a vital line of defense.Β  Catch up with our team at our open house, Attack Labs Live, at the Nasdaq Entrepreneurial Center

The surprise is not that Boeing lost commercial crew but that it finished at all

βœ‡Ars Technica
By: Eric Berger
6 May 2024 at 07:00
Boeing's Starliner spacecraft is lifted to be placed atop an Atlas V rocket for its first crewed launch.

Enlarge / Boeing's Starliner spacecraft is lifted to be placed atop an Atlas V rocket for its first crewed launch. (credit: United Launch Alliance)

NASA's senior leaders in human spaceflight gathered for a momentous meeting at the agency's headquarters in Washington, DC, almost exactly 10 years ago.

These were the people who, for decades, had developed and flown the Space Shuttle. They oversaw the construction of the International Space Station. Now, with the shuttle's retirement, these princely figures in the human spaceflight community were tasked with selecting a replacement vehicle to send astronauts to the orbiting laboratory.

Boeing was the easy favorite. The majority of engineers and other participants in the meeting argued that Boeing alone should win a contract worth billions of dollars to develop a crew capsule. Only toward the end did a few voices speak up in favor of a second contender, SpaceX. At the meeting's conclusion, NASA's chief of human spaceflight at the time, William Gerstenmaier, decided to hold off on making a final decision.

Read 47 remaining paragraphs | Comments

The Era of Web DDoS Tsunamis and Strategies for Defense

βœ‡Cybersecurity News and Magazine
By: Editorial
6 May 2024 at 00:25

Web DDoS Tsunamis

By Eyal Arazi, senior security solutions lead for Radware The cybersecurity landscape evolved rapidly in 2023. In particular, there was a significant shift in Distributed Denial of Service (DDoS) attack patterns. Malicious actors are turning to a new form of DDoS attack, moving up the network stack from layers 3 and 4 to layer 7 with their sights set on compromising online applications and APIs as well as essential infrastructure such as the Domain Name System (DNS). Unlike traditional DDoS attacks, which often involve overwhelming network traffic, this new wave of HTTP Floodsβ€”also known as Web DDoS Tsunami Attacksβ€”focus on the application layer, where they can go undetected by traditional defense systems, famously taking down websites or networks. These attacks know no boundaries, and strike without regard for company size, industry or geography. Some of the best intelligence for how to deal with Tsunamis comes from studying real-world attacks.

What is a Web DDoS Tsunami?

While HTTP Floods have been common for many years, they have been re-imagined by hackers combining network and application layer attacks to create new, more aggressive Web DDoS Tsunamis. The malicious actors claiming responsibility for many of these attacks are state-sponsored groups or cyber hacktivists. The real-world Tsunamis we’ve seen are characterized by multiple attack waves that often top several million requests per second (RPS) and last for hours and span days. In contrast to years past, today’s HTTP Floods ramp faster than their predecessors. To further confound security teams, they cleverly defy detection by appearing as legitimate traffic and using evasion techniques, such as randomized headers and IP spoofing, and more. Radware’s recent Global Threat Analysis Report underscores the alarming rise in malicious web applications and API transactions in 2023. The total number of these transactions surged by 171% in 2023 compared to 2022, representing a substantial escalation over the 128% increase observed in 2022 compared to 2021. A significant portion of the surge can be attributed to the rise in layer 7 encrypted web application attacks like the Web DDoS Tsunami.

Real World Case Studies

Large National Bank
According to Radware’s Global Threat Analysis Report, finance institutions saw the highest share of cyber attacks in 2023, shouldering nearly 30% of attacks globally. One prominent banking institution found itself the center of a relentless barrage of Web DDoS Tsunami Attacks. During a span of several days, it experienced 12 separate attack waves, typically 2-3 per day. Multiple waves exceeded 1 million RPS, with one wave peaking at nearly 3 million RPS, significantly more than the bank’s typical traffic level of less than 1000 RPS. Simultaneously, attackers launched multiple network-layer volumetric attacks exceeding 100 gigabits per second (Gbps). The attacks used a variety of attack vectors, including HTTP/S Floods, UDP Fragmentation Attacks, TCP Handshake Violations, SYN Floods, and more. Figure 1 below shows one of the attacks, with a peak wave of nearly 3 million RPS. [caption id="attachment_66323" align="aligncenter" width="412"]Web DDoS Tsunami A Web DDoS Tsunami at a large bank[/caption]
Major Insurance Company
The volumetric and persistent nature of Web DDoS Attacks was also on display during a recent attack at a major insurance company. The company experienced several large-scale attack waves, reaching hundreds of thousands of RPS, with multiple waves peaking at more than 1 million RPS. The largest assault reached 2.5 million RPS. The attacks far surpassed the company's typical traffic rate of several hundred RPS, overwhelming its application infrastructure and disrupting operations. To make the situation even more complicated, attackers combined some of the attack waves with network-layer volumetric attacks, exceeding 100 Gbps in data volume. The attack vectors included Web DDoS Tsunamis (HTTP/S Floods), DNS Floods, DNS Amplification Attacks, UDP Floods, UDP Fragmentation Attacks, NTP Floods, ICMP Floods, and more. One of the attacks, represented in Figure 2, consisted of multiple waves during a three-hour period with several peaks reaching one million RPS and multiple spikes topping 2.5 million RPS. Figure 2:Β  [caption id="attachment_66324" align="aligncenter" width="335"]Web DDoS Tsunami A Web DDoS Tsunami at a major insurance company[/caption]
Telecommunications Company
Like financial institutions, telecommunication organizations continue to be a high-value target among malicious actors because of the lucrative data they store and the widespread disruption and publicity they generate when breached. Case in point: A European telecommunications company was the repeated target of state-backed attack groups. It battled a persistent Web DDoS Tsunami Attack of approximately 1 million RPS almost continuously for nearly two hours. Traffic peaked at 1.6 million RPS. See Figure 3. Figure 3:Β  [caption id="attachment_66325" align="aligncenter" width="323"]Web DDoS Tsunami A Web DDoS Tsunami at a telecommunications company[/caption] These are just a few examples of the profile of the modern Web DDoS Tsunami Attack. What we know is that they are relentless. Rates and volumes exceed the capacity of on-prem solutions. They are deceptive and sophisticated, appearing as legitimate traffic and morphing over time. And they can cause considerable disruption and damage to an organization.

How to Defend Against Web DDoS Tsunamis

To combat Web DDoS Tsunamis, there needs to be a fundamental shift in how organizations think about their defense strategies. Detecting these attacks requires decryption and deep inspection into the L7 traffic headers, which network-based DDoS protection solutions weren’t built to do. Standard on-prem or cloud-based WAFs fail to keep up with the scale and randomization. And rate-limiting techniques have a major negative effect on legitimate traffic. Instead, what organizations need are solutions that leverage adaptive, AI-driven algorithms designed to distinguish between legitimate traffic surges and malicious attack traffic. These algorithms can quickly detect and generate new signatures for unknown malicious requests on the fly, ensuring robust protection without impeding legitimate traffic flow. A new era of Web DDoS Tsunamis has arrived, and it requires companies to take a new proactive and adaptive approach to cybersecurity if they don’t want to be the next to be caught off guard. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.Β 

What’s happening at Tesla? Here’s what experts think.

βœ‡Ars Technica
By: Jonathan M. Gitlin
3 May 2024 at 09:33
A coin with Elon Musk's face on it, being held next to a Tesla logo

Enlarge (credit: Aurich Lawson | Getty Images | Beata Zawrzel)

No car company in recent years has been able to generate more news headlines than Tesla. Its original founders were among the very first to realize that lithium-ion laptop cells were just about good enough to power a car, assuming you put enough of them in a pack, and with critical funding from current CEO Elon Musk, the company was able to kick-start an electric vehicle revolution. But those headlines of late have been painting a picture of a company in chaos. Sales are down, the cars are barely profitable, and now the CEO is culling vast swaths of the company. Just what is going on?

Tesla had some good times

Always erratic, Musk's leadership has nevertheless seen the company sell electric cars in volume, profitably. What's more, Musk has at times been able to inspire faith in and devotion to his company's products in a way that makes the late Steve Jobs look like a neophyteβ€”after the Model 3 debuted in 2016, 450,000 people gave $1,000 deposits to Tesla for a product that wouldn't go into production for at least 18 months.

Of course, that example also illustrates a long-running concern with the company and Musk's investment-attracting pitches: overhyping and underdelivering. By 2018, more than one in five reservation holders wanted a refund after cheaper models were delayed and delayed.

Read 35 remaining paragraphs | Comments

World Password Day: Top 10 Password Managers for Ultimate Digital Safety

βœ‡Cybersecurity News and Magazine
By: Samiksha Jain
2 May 2024 at 07:37

Password Managers

In today's digital age, the necessity of strong and unique passwords has never been more critical. With cyber threats looming large, the importance of securing online accounts against unauthorized access cannot be overstated. According to Google Cloud’s 2023 Threat Horizons Report, a staggering 86% of breaches involve stolen credentials, making robust password management crucial in today's landscape. The 2023 Verizon Data Breach Investigations Report further emphasizes this point, revealing that 74% of all breaches involve human error or misuse, including the use of stolen credentials. Web application attacks, which account for a significant 25% of breaches, often exploit vulnerabilities and stolen credentials to gain unauthorized access to valuable assets. In a high-profile incident in 2023, the American Bar Association disclosed a hack affecting 1.5 million members, highlighting the widespread risk of compromised login credentials. As we observe World Password Day, it's imperative to explore solutions that enhance our digital security. One such solution is password managers. These tools offer a secure and convenient way to manage passwords, safeguarding accounts against unauthorized access and simplifying the login process.

Simplify & Secure Your Logins with Top Password Managers

This World Password Day, we present your ultimate defense – the top 10 best password managers to simplify logins and fortify your online safety.

1. Google Password Manager

Google Password Manager simplifies the process of managing passwords by enabling users to create and store strong, unique passwords for their online accounts. Passwords can be saved in the user's Google Account or on their device. An important feature of Google Password Manager is its ability to suggest strong passwords when saving them to the Google Account, enhancing overall security. Additionally, users can benefit from the following features:
Pros
  • Free: Google Password Manager is completely free, making it accessible to all Google Chrome users.
  • Integrated into Chrome: Chrome users have access to Google's password manager without needing to install additional software.
  • Consistent support: Given Chrome's popularity, Google Password Manager is likely to receive regular updates and support.
Cons
  • Uncertain security: Google doesn't provide detailed information about the encryption standards used to protect user data, leaving some uncertainty about its security measures.
  • Limited to Chrome: Google Password Manager is only available in the Chrome browser, excluding users of other browsers from accessing its features.
Who Should Use Google Password Manager?
Google Password Manager is suitable for individual users, especially those who already use Chrome and prefer not to install third-party password management software. However, it may not be suitable for businesses or groups due to the lack of group password management options. Despite being free, Google Password Manager lacks certain features and flexibility offered by standalone services, which may make it less appealing to users seeking advanced functionality. This limitation prevents it from being considered one of the best free password managers on the market.

2. 1Password

1Password provides robust security features, including end-to-end encryption, a secret key for enhanced protection, and biometric logins. Its Travel Mode feature ensures sensitive data is removed from devices when crossing borders, while the Watchtower service regularly scans for website breaches and vulnerable passwords, maintaining the security of user credentials.
Pros
  • 1Password offers a comprehensive tutorial, making it easy for new users to get started.
  • The Watchtower feature alerts users to potential password vulnerabilities, helping them maintain strong password hygiene.
  • The 1Password apps are well-designed and visually appealing, providing a seamless experience across mobile and desktop platforms.
  • Users can easily organize their passwords and other sensitive information, enhancing usability.
Cons
  • Unlike some competitors, 1Password doesn't offer a free tier for password management, which may deter budget-conscious users.
  • Users may find the import options limited, especially when migrating from other password managers.
  • 1Password lacks true password inheritance features, making it less convenient for sharing passwords among family or team members.
Who Should Use 1Password?
1Password is ideal for individuals and businesses seeking advanced security features and intuitive password management. Its comprehensive tutorial makes it suitable for users of all experience levels. However, the lack of a free tier may make it less appealing to users on a tight budget.
Pricing
1Password offers various pricing plans, including individual, family, Teams Starter Pack, and business options. Individual plans start at $2.99 per month when billed annually, while family plans start at $4.99 per month for up to five family members. Teams Starter Pack are available at $19.95 to protect upto 10 team members per month. Business plans are available starting at $7.99 per user per month.

3. Dashlane

Dashlane offers more than just password management, providing additional features like dark web monitoring and a VPN for secure browsing. Its one-click password changer can update passwords across numerous sites simultaneously, ensuring strong security with minimal effort. Dashlane's intuitive interface and strong security features make it suitable for both personal and organizational use.
Pros
  • Includes VPN and phishing alerts
  • Scans for compromised accounts
  • Retains full password history
  • Offers file storage
Cons
  • Limited free version
  • Expensive
Who Should Use Dashlane?
Dashlane is well-suited for individuals or organizations looking for comprehensive password management and additional security features. Its robust tools make it particularly appealing for those who prioritize security and are willing to invest in a premium solution.
Pricing
Dashlane offers various pricing tiers, including Personal and Professional plans. In the Personal Plan, options include Premium for individual protection plus VPN, starting at $4.99 per month billed annually, and Friends & Family for up to 10 accounts, starting at $7.49 per month for 10 members billed annually. For the Professional Plan, options include Business for advanced protection at $8 per seat per month billed annually, and Enterprise for large organizations, with pricing available upon request.

4. Bitwarden

Bitwarden stands out as an open-source password management tool, offering transparent, customizable, and secure solutions. It allows users to host their server, providing ultimate control over their data. Bitwarden's affordable plans, including a fully functional free version, make it a top choice for individuals and businesses seeking flexibility and transparency in their software.
Pros
Cons
  • Business tiers are relatively expensive compared to competitors
Who Should Use Bitwarden?
  • Individuals: Anyone who wants to securely manage passwords across devices.
  • Families: For secure password sharing and family organization.
  • Businesses: From startups to enterprises for secure team password management.
  • Tech Enthusiasts: Open-source platform for customization and contribution.
Pricing
Bitwarden offers various pricing tiers, including Teams and Enterprise plans. The Teams plan provides resilient protection for growing teams, starting at $4 per month per user billed annually. For larger organizations, the Enterprise plan offers advanced capabilities, priced at $6 per month per user billed annually.

5. Keeper

Keeper offers security features, including high-level encryption, zero-knowledge architecture, and two-factor authentication. Its comprehensive approach extends to secure file storage and a private messaging service, making it a versatile security tool. With the ability to securely manage multiple passwords and digital information, Keeper is suitable for both personal and business use.
Pros
  • Secure password-sharing, password hygiene, and emergency access options
  • Attractive apps and browser extensions for ease of use
  • Retains app access and credential history for reference
Cons
  • A very restrictive free tier with limited features
  • Some desirable features are only available as paid add-ons
  • Importing credentials could be smoother
Who Should Use Keeper?
Keeper is an ideal choice for individuals and businesses looking for strong security solutions. It is suitable for:
  • Individuals: Those who need a secure and user-friendly platform to manage their passwords and sensitive information.
  • Families: Families looking for a secure way to share passwords and sensitive data among members while ensuring privacy and security.
  • Businesses: Companies of all sizes seek a secure password management solution for their employees, with features like password sharing, team folders, and admin controls.
Pricing
Keeper's pricing varies depending on the plan chosen, which includes options for individuals, families, and businesses

6. NordPass

NordPass, developed by cybersecurity experts, provides a user-friendly interface and robust encryption technologies. Noteworthy features include an OCR scanner for digitizing information from physical documents and a built-in password health tool for maintaining strong passwords. With its zero-knowledge architecture, NordPass ensures that even it cannot access your stored data.
Pros
Cons
  • Inconsistent credential creation process.
  • Limited free tier.
Who Should Use NordPass?
NordPass is ideal for individuals and businesses seeking a secure and easy-to-use password management solution. It is best suited for:
  • Individuals: Those looking for a reliable tool to manage and secure their passwords and sensitive information.
  • Families: Families seeking a secure way to share passwords and ensure digital security among members.
  • Businesses: Companies require a secure password management solution for their employees, with features like team collaboration and admin controls.
Pricing
NordPass offers three plans: Teams, Business, and Enterprise. Teams plan costs $1.99 per user per month, Business plan costs $3.99 per user per month, and Enterprise plan costs $5.99 per user per month.

7. RoboForm

RoboForm specializes in web form filling and password management, making it invaluable for professionals who frequently fill out online forms. It offers secure sharing, folder organization, and emergency access, a feature allowing trusted contacts access in critical situations. RoboForm’s versatility extends to businesses with full support for employee onboarding and offboarding.
Pros
  • Good business-specific features.
  • Full feature 14-day free trial available for business users.
  • Great mobile apps.
Cons
  • Unintuitive interface.
  • Secured shared folder not available for free users.
Who Should Use RoboForm?
RoboForm is best suited for professionals, families, and businesses looking for an efficient solution for managing passwords and filling out online forms. It is particularly suitable for:
  • Professionals: Individuals who frequently deal with online forms and require secure password management.
  • Families: Families seeking a secure password management solution for multiple users.
  • Businesses: Companies require robust password management and form-filling capabilities for employees, with features like secure sharing and emergency access.
Pricing
RoboForm offers two plans: Personal & Family and Team & Business. Pricing options vary depending on the user's needs.

8. Zoho Vault

Zoho Vault seamlessly integrates with other Zoho products and offers extensive features designed for team collaboration. Its direct integration with popular business tools like Microsoft Office and Google Workspace enhances productivity while maintaining security. Features like user access and permissions management make it ideal for managing team passwords.
Pros
  • Offers MFA support and passkey logins.
  • Easy password sharing and credential inheritance system.
  • Password hygiene monitoring for all service tiers.
  • Users can designate application-specific passwords.
  • Robust free plan.
Cons
  • Stores unencrypted user information.
  • Awkward MFA adoption process.
  • Clunky browser extension functionality.
  • Cannot fill out web forms.
  • Few personal data storage options.
  • Confusing credential creation process on iOS.
Who Should Use Zoho Vault?
Zoho Vault is best suited for businesses and teams looking for a secure and collaborative password management solution. It is particularly suitable for:
  • Businesses: Companies require a robust password management solution with features like user access management and seamless integration with business tools.
  • Teams: Teams seeking an efficient way to manage passwords and securely share credentials among members.
  • Professionals: Individuals looking for a secure password management solution with features like multi-factor authentication and credential inheritance.
Pricing
Apart from offering a free plan, Zoho Vault has three paid plans: Standard, Professional, and Enterprise. The Standard plan costs US$0.90 per user per month billed annually. The Professional plan costs US$4.50 per user per month billed annually (minimum 5 users), and the Enterprise plan costs US$7.20 per user per month billed annually (minimum 5 users).

9. LogMeOnce

LogMeOnce stands out for its rich feature set, offering innovative functionalities such as photo login, allowing users to log in by taking a photo with their device, adding both convenience and security. It boasts a comprehensive dashboard for security management and supports various two-factor authentication methods, catering to both individual and enterprise needs.
Pros
  • Free version available.
  • Diverse multi-factor authentication (MFA) options.
  • Unique emergency access tool.
  • High-quality onboarding tutorial.
Cons
  • The credential filling didn't work with the Android app in testing.
  • Awkward password-importing process.
  • Cluttered web vault interface.
Who Should Use LogMeOnce?
LogMeOnce is suitable for individuals, families, and businesses seeking a feature-rich password management solution. It is particularly beneficial for:
  • Individuals: Those who want a secure and convenient way to manage their passwords and ensure strong online security.
  • Families: Families looking for a secure password management solution for multiple users with features like photo login and emergency access.
  • Businesses/Enterprises: Companies requiring advanced password management and security features for their employees, with options for team collaboration and secure sharing.
Pricing
LogMeOnce offers two plans: Personal & Family and Team & Business/Enterprise. Pricing options vary depending on the user's needs.

10. Enpass

Enpass stands out for its offline capabilities, allowing users to store their data locally and sync across devices via their preferred cloud service. Its one-time fee model appeals to those seeking a cost-effective solution without ongoing subscriptions. Enpass supports a wide range of customizations and file attachments for each entry.
Pros
  • Offline capabilities
  • One-time fee option
  • Extensive customization
Cons
  • Not user-friendly
  • No trial version for personal and family plans
Who Should Use Enpass?
Enpass is best suited for individuals and businesses looking for a secure and customizable password management solution. It is particularly suitable for:
  • Individuals: Users who prioritize offline access to their password data and prefer a one-time payment model.
  • Families: Families seeking a secure and cost-effective way to manage passwords across multiple devices.
  • Businesses: Companies require robust password management and customization options for employees, with features like team sharing and data backups.
Pricing
Enpass offers two plans: Personal & Family and Business. Pricing options vary depending on the user's needs.

To Wrap Up

With a plethora of options available, there's a perfect password manager for everyone. Consider your needs, budget, and desired features when making your choice. Remember, World Password Day is a great reminder to prioritize your online security throughout the year. Implement a strong password manager today and take control of your digital safety! Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Future-Proofing the Workforce: How Skilling is Cultivating Next-gen Tech Talent

βœ‡Cybersecurity News and Magazine
By: Editorial
27 April 2024 at 09:27

Next-gen Tech Talent

By Lakshmi Mittra, SVP and Head, Clover Academy In the rapidly changing and dynamic tech environment of today, future-proofing the workforce is more essential than ever. With industries constantly innovating and adapting to new technologies, the demand for next-gen tech talent professionals capable of leading change and driving innovation is on the rise. This is where skilling steps in, acting as a key player in nurturing the next generation of tech talent. The concept of future-proofing the workforce revolves around equipping employees with the necessary skills and knowledge to adapt to new technologies and industry trends. With rapid advancements in technology, traditional job roles are evolving, and new roles are emerging. Therefore, it is essential for organizations to invest in continuous learning and development to ensure their workforce remains relevant and competitive.

The Role of Skilling in Cultivating Next-gen Tech Talent

Skilling plays a pivotal role in nurturing the next-gen tech talent through its tailored learning paths and hands-on experience. It offers industry-relevant courses and collaborates with experts to ensure up-to-date and practical training. Here’s how skilling equips learners to meet the demands of the evolving tech landscape and drive innovation:

Tailored Learning Paths

One of the key strengths of skilling is its ability to offer tailored learning paths that cater to the unique needs and aspirations of each learner. Whether it's data science, artificial intelligence, cybersecurity, or software development, skilling provides a range of courses and programs designed to develop the specific skills required in today's tech-driven world.

Hands-on Experience:

Skilling emphasizes hands-on learning, allowing learners to gain practical experience and apply their skills in real-world scenarios. Through projects, case studies, and practical assignments, learners not only acquire theoretical knowledge but also develop problem-solving and critical thinking skills essential for success in the tech industry.

Industry Collaboration

Skilling collaborates with industry leaders and experts to develop up-to-date and relevant content that is aligned with industry standards and practices.

Fostering Innovation and Growth

By empowering learners with hands-on and industry-relevant training, skilling promotes a culture of continuous learning. It provides learners with the tools and resources to explore and develop creative solutions, cultivating a workforce capable of driving innovation and sustainable growth.

Enhanced Employability

Skilling enhances the employability of learners by equipping them with industry-relevant skillsets and knowledge. This increased employability not only benefits the learners by opening up new career opportunities but also provides organizations with access to a pool of skilled and qualified talent.

Conclusion

Future-proofing your workforce is essential in today's rapidly evolving tech landscape. It benefits not only the employees but also provides organizations with a competitive edge by ensuring they have a skilled and adaptable workforce capable of driving innovation and growth. In this digital age, skilling is not just about acquiring new skills, but fostering a culture of continuous learning, adaptability, and achieving sustainable growth. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.Β 

Beyond 24/7: How Smart CISOs are Rethinking Threat Hunting

βœ‡Cybersecurity News and Magazine
By: Editorial
21 April 2024 at 09:28

CISO Rethinking

By Andrew Hural, VP of Managed Detection and Response, UnderDefense Do you know how firefighters famously run to their stations and hop into their trucks every time an alarm rings? It’s quite the iconic scene and with that kind of response speed, the chances of saving the day are in their favor. But now imagine 100 fire alarms going off, and teams scrambling to manage their resources - just to find out there is no fire. This is how a lot of security teams feel. With a new high-profile security incident in the headlines every other day, it’s not surprising that these teams are trying to arm themselves with the best defenses, investing in tools that promise to make their lives easier and their assets more secure. However, we often see this having the opposite effect, with the growing number of tools resulting in increasingly complex configurations and an increasing amount of noise and alerts that are wearing down security teams.

Why CISOs Are Rethinking Their Approach?

To combat this phenomenon, CISOs are rethinking their approach as the model of 24/7 in-house threat hunting is no longer sustainable for many businesses. Β Instead, we see an increasing focus on value-driven security solutions that make their own tools work better, harder, and more harmoniously together. This means prioritizing tools that leverage telemetry, deliver actionable insights and integrate into existing stacks seamlessly - and don’t justΒ  create another source of noise.Β  This is where Managed Detection and Response (MDR) services come in. Managed Detection and Response (MDR) services offer a strategic solution to these challenges. MDR providers employ experienced security analysts who monitor your environment 24/7, leveraging advanced threat detection and analysis tools and techniques. This frees up your internal security team to focus on critical strategic tasks, such as incident response, vulnerability management, and active threat hunting.

Benefits of Managed Detection and Response

  • Access to a team of security experts: Gain the expertise of MDR providers' seasoned analysts, enabling continuous monitoring and threat detection.
  • Advanced threat detection and analysis: MDR services utilize sophisticated tools and techniques to identify and prioritize real threats, minimizing false positives.
  • Reduced workload for internal teams: By outsourcing threat hunting, your security team can focus on areas where their expertise is most valuable.
Of course, there are some downsides to consider when looking into MDR, which can include time and investment into finding the right solution and a potential vendor lock-in with the wrong provider. That being said, there are steps to mitigate these risks by selecting the right MDR provider for your business.

What to consider when selecting an MDR partner

Choosing the right MDR partner requires careful consideration. Here's a breakdown of key steps to ensure a successful selection process: Self-Assessment: Understanding Your Needs Start by evaluating your current security posture. Identify your organization's specific security needs and vulnerabilities. This helps you understand how MDR can benefit you and what features are most important. Beyond Brand Names: Explore All Options Don't be swayed by brand recognition alone. While established players offer strong solutions, smaller MDR providers can be equally adept, often with greater flexibility and potentially lower costs. Test Drive Before You Commit Many providers offer MDR solution trials lasting 1-3 months. This allows you to test the service and ensure it meets your specific requirements before committing to a full deployment. Defining Success: Setting Clear Goals and KPIs Develop clear goals (SMART goals are ideal) and Key Performance Indicators (KPIs) for your MDR provider. These will serve as benchmarks to measure success. Look for a provider who can collaborate with you to define these based on your unique security needs. Going Beyond the Standard SLA While an SLA outlines basic service expectations, explore additional factors that impact your security:
  • Communication and Availability: How easily can you reach the MDR team, and what are their response times?
  • Automation Levels: To what extent does the provider leverage automation for faster response and reduced human error?
  • MDR Provider Security: Evaluate the MDR provider's security controls to mitigate the risk of data breaches due to their internal practices. Look for relevant security certifications.
  • MDR Response Scope: What actions constitute an MDR response? Does it include just notifications, recommendations, or even taking action items without requiring intervention from your team?
  • Detection Testing: How does the MDR team validate the accuracy of their threat detections to minimize false positives and negatives?
  • Proactive Security Measures: What proactive security services are offered beyond basic threat hunting? Look for services like monitoring industry news, assisting with new vulnerability remediations, staying updated on CVEs (Common Vulnerabilities and Exposures), and promoting security hardening of your organization's tools.
By leveraging MDR, smart CISOs can move beyond the limitations of traditional threat hunting and empower their security teams to focus on strategic initiatives. The right MDR service provides the continuous vigilance, advanced threat detection, and expert analysis needed to effectively combat today's ever-evolving cyber threats. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.Β 

Enhancing Cybersecurity Resilience: A Guide for Safeguarding Enterprises

βœ‡Cybersecurity News and Magazine
By: Editorial
21 April 2024 at 03:25

Cybersecurity

by Neelesh Kripalani, Chief Technology Officer, Clover Infotech As businesses grapple with an ever-changing and increasingly hostile threat environment, the emergence of AI and machine learning technologies introduces fresh challenges to cybersecurity. While these technologies offer the potential to transform our security strategies, they also introduce new risks and vulnerabilities that need effective management. Here are some of the latest cyber threats that businesses need to be aware of:

Cyber Threats Businesses Need to be Aware of

Targeted Ransomware Attacks - This type of malware is designed to hold a victim’s information at ransom. The tactics involve denying users and system administrators access to individual files or even entire digital networks, followed by a β€œransom note” demanding payment to regain access. IoT Creates New Cybersecurity Threats - The Internet of Things (IoT) enables billions of physical devices around the globe to collect and share data over the Internet. This creates new cyber threats by expanding the attack surface with diverse and often inadequately secured devices. Common issues include default credentials, lack of regular updates, and data privacy concerns due to the extensive collection and transmission of sensitive information. Deepfake and Synthetic Media Attacks - Such cyberattacks use AI to manipulate content, such as pictures, videos, or audio recordings, to deceive individuals or influence public opinion. Credential Stuffing and Brute Force Attacks - Credential stuffing and brute force attacks involve automated attempts to gain unauthorized access to user accounts using stolen or guessed credentials.

Cybersecurity Best Practices

Here are some key strategies and best practices that businesses can implement to enhance their overall security posture: Risk Assessment and Management - Conduct a comprehensive risk assessment to identify vulnerabilities and prioritize them based on potential impact. Implement risk mitigation strategies to address identified vulnerabilities and reduce the overall risk level. Implement Strong Authentication and Access Control - Add an extra layer of security by mandating users to verify their identity through multiple factors, such as passwords, biometric data, and OTP. Additionally, role-based access control allows enterprises to restrict access to sensitive information and critical systems based on users’ roles and responsibilities. Regular Software Updates and Patch Management - Regularly update and patch all software, operating systems, and firmware to address known vulnerabilities and reduce the risk of exploitation. Implement Endpoint Security Measures - Deploy endpoint protection platforms and endpoint detection and response solutions to secure endpoints from malware attacks. Implement Data Encryption and Privacy Measures - Encrypt sensitive data at rest and in transit to protect it from unauthorized access and data breaches. Implement Security Awareness and Training Programs - Provide regular cybersecurity training and awareness programs to educate employees about cybersecurity best practices, phishing awareness, and the importance of strong passwords. Conduct periodic incident response training to prepare employees for potential security incidents and ensure a coordinated and effective response. In the face of evolving cybersecurity threats, businesses must adopt enhanced strategies, including comprehensive risk assessment, strong authentication, regular updates, and employee training, to safeguard their assets and critical systems. Proactive measures and a culture of cybersecurity awareness are essential to mitigate risks effectively, ensure compliance, and protect the organization's reputation and business continuity in an interconnected world. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.Β 
❌
❌