Cybersecurity

Future Hosting Warns Server Admins To Keep SSH Keys Safe

Grazed from Future Hosting

Future Hosting, a global managed server hosting provider, has warned server hosting clients not to upload private SSH keys to production servers. The warning was prompted by a rapid increase in the number of malicious scans that attempt to discover accidentally uploaded SSH keys (as reported by WordFence on October 18, 2017).

If SSH private keys fall into the hands of malicious third parties, they can be used to compromise servers and the data stored on them. Private keys can be accidentally uploaded to the publicly accessible directories of web servers, and it is trivially easy for a malicious third-party to scan for private keys in those directories.

Future Hosting advises server hosting clients to use passphrases with their SSH key pairs. Using passphrases may be inconvenient, but a key pair with a passphrase is useless to an attacker even if the private key is made public.

AT&T Expands Strategic Relationship with Amazon Web Services

Grazed from AT&T

AT&T is expanding business cloud networking solutions with Amazon Web Services (AWS). AWS customers using AT&T connectivity can now have highly secure, flexible connectivity options to serve their cloud, cybersecurity and mobility needs. These solutions can help customers mobilize their workforce to support the digital age.

“Many of our customers are on their journey to the cloud with AWS,” said Roman Pacewicz, chief product officer, AT&T Business. “We can offer customers a highly secure, cloud optimized networking environment. No matter where they are in that transition or how they want to get there, AT&T has it covered.”

“Business customers rely on AT&T for proven network connectivity, cybersecurity and IoT solutions. These new enhancements provide our customers with the performance, security and connection options they need to grow their businesses on AWS,” said David Wright, general manager, Worldwide Strategic Technology Partners, Amazon Web Services, Inc.
 

Thales announces new security-as-a-service for centralized control of encryption keys used for Microsoft Azure and AWS

Grazed from Thales

Thales, a leader in critical information systems, cybersecurity and data security, announces CipherTrust Cloud Key Manager for support of Microsoft Azure Key Vault and Amazon Web Services (AWS) Key Management Service (KMS) bring your own key (BYOK) capabilities. The solution allows users of these dominant public cloud solutions to meet compliance mandates and further protect their most sensitive data by creating and managing encryption keys separate from their cloud provider's infrastructure.

To help save time and money, a growing number of enterprises are eschewing legacy technologies in favor of cloud and SaaS environments. While these technologies are digitally transforming businesses, they present challenges: enterprise data is fair game for cybercriminals regardless of operating environments, and meeting compliance and best practices requirements isn't always straightforward. In response, enterprises are developing encryption strategies to better protect and control their data. While effective, this presents a new hurdle; when considering that many enterprises utilize multiple cloud providers, the management of encryption keys can prove difficult.

Thales CipherTrust Cloud Key Manager offers a number of benefits to help enterprises control and secure encryption keys in multi-cloud environments, including:

McAfee Integrates Advanced Analytics to Increase Security Operations Center Efficiency and Protect Endpoints and Cloud

Grazed from McAfee

McAfee, one of the world's leading cybersecurity companies, today announced new endpoint and cloud solutions that go beyond machine learning to take advantage of the speed and accuracy of advanced analytics, deep learning and artificial intelligence, and increase efficiency of security operations. Cyber threats and the data needed to defend against them continue to increase, overwhelming security teams and driving the need for open, efficient security operations. McAfee's new solutions make use of the automation, reasoning and data curation uniquely provided by advanced analytics technologies, allowing security teams to easily discover and assess data and root out threats. Through human-machine teaming and an open and interoperable cybersecurity platform, McAfee proves ‘Together is power,' with collaborative security that defends against shared adversaries.

"Security teams are increasingly overwhelmed by the complexity they face in their environments which hinders their ability to defend against the growing number of threats," said Chris Young, CEO of McAfee. "McAfee is acting on our ‘Together is power' principle with collaborative security that combines the unique advantages of people, machines and partners enabling teams to be situationally aware of security events and take swift action to thwart assaults, from the endpoint to the cloud."

FileCloud Unveils 'Breach Intercept' to Safeguard Organizations Against Dramatic Increase in Cyber Attacks

Grazed from FileCloud

FileCloud, the cloud-agnostic EFSS platform, today announced FileCloud Breach Intercept. The newest version of FileCloud offers advanced ransomware protection to help customers handle every phase of a cyberattack: prevention, detection and recovery.

FileCloud is deployed across 90 countries and has more than 100 VARs and Managed Service Providers across the world. Deployed by Fortune 500 and Global 2000 firms, including the world's leading law firms, government organizations, science and research organizations and world-class universities, FileCloud offers a set of unique features that help organizations build effective anti-ransomware strategies.

Global ransomware damage costs are expected to total more than $5 billion dollars in 2017, compared to $325 million dollars in 2015. Ransomware is growing at an estimated yearly rate of 350 percent with business enterprises becoming the priority target for hackers. Enterprise File Sharing and Sync (EFSS) solutions have seen an increase in ransomware attacks with 40 percent of spam emails containing links to ransomware. Whereas public cloud EFSS solutions such as Box and Dropbox offer centralized targets for ransomware attacks, FileCloud's decentralized private cloud reduces your company's exposure to potential attacks.

TrapX Security Expands Cloud Data Center Support for Amazon AWS and KVM OpenStack

Grazed from TrapX Security

TrapX Security, a global leader in deception-based advanced cybersecurity defense, today announced fully integrated cloud data support for DeceptionGrid for both Amazon AWS EC2 and KVM OpenStack. This enhancement addresses the growing challenges associated with visibility and lateral movement within the hybrid environments of cloud and internal networks.

Widespread private and public cloud adoption presents significant security challenges. Security teams must extend their operations across internal networks who support a large number of cloud based applications. There are several key elements to success in securing the cloud:

Cavirin Adds the NIST Cybersecurity Framework to its Hybrid Cloud Security Assessment and Remediation Platform

Grazed from Cavirin Systems

Cavirin Systems, Inc. offers continuous security assessment and remediation for hybrid clouds, containers, and data centers, via the most comprehensive curated library of industry guidelines, control frameworks, and best practices.

Cavirin today announced support for the NIST Cybersecurity Framework on its Hybrid Cloud Security Platform. The Framework outlines the best risk management practices and principles that organizations should apply to improve the security and resilience of their critical infrastructures. It helps organizations avoid the failures in processes and policies that are the source of many of today's breaches. To create this guidance, the NIST Framework leverages current standards and guidelines, such as ISO, COBIT, CIS, and other NIST documents.

Cavirin unifies and automates continuous cybersecurity risk management for hybrid infrastructures prevalent in the enterprise. Cavirin's customers can select the NIST Cybersecurity Framework as one of the Platform's many control frameworks for assessing their infrastructure against the framework requirements, prioritizing and remediating any open issues found, thereby enhancing their security and risk posture. Cavirin's security team has analyzed this draft NIST document and translated the guidance into a set of technical controls that help organizations automatically align to the document's recommendations. A detailed description of Cavirin's NIST support is available on the NIST Industry Resources page. Cavirin's NIST Framework primer is here.

FireEye Expands Cybersecurity Threat Detection with Major New Releases

Grazed from FireEye

FireEye, Inc., the intelligence-led security company, today announced major new software releases and next-generation hardware, adding new and expanded capabilities to extend FireEye's cybersecurity threat detection while reducing costs and increasing flexibility.

To address the issue of post-breach attacks and insider threats, FireEye unveiled FireEye Network SmartVision - a new capability that leverages a machine-learning framework to detect suspicious lateral threat movements (East-West traffic) and data exfiltration. This capability is designed to provide customers with greater detection and expanded visibility across their perimeter and now network core and servers.

FireEye Network (NX) deployments can now burst network traffic to FireEye's MVX Smart Grid during periods of high-content scanning activity, to address overload and gaps in protection that might otherwise occur. Other new software capabilities include significant updates to alert handling, event change visualization, expanded logging, and overall usability improvements.

These new software releases complement the launch of fifth-generation FireEye hardware, expanding customer capability to address increasingly sophisticated threats, while reducing costs and increasing deployment flexibility. FireEye also introduced FireEye File Content Security (FX), a new virtual offering that extends FireEye protection further into hybrid IT environments.

CloudCheckr Offers Enhanced Cybersecurity Solutions Through AWS Marketplace for AWS GovCloud (US)

Grazed from CloudCheckr

CloudCheckr, the enterprise cloud management platform, today announced the availability of its software products on Amazon Web Services (AWS) Marketplace for AWS GovCloud (US), the platform for public sector software and compliance-focused solutions for regulated IT workloads. AWS GovCloud (US) bolsters the ability of government and government-related organizations to transform and modernize their digital operations using the cloud. The availability of AWS Marketplace in the region allows customers to streamline processes and discover reliable cloud management vendors with advanced security and compliance capabilities. With the announcement of AWS Marketplace for AWS GovCloud (US), customers may access CloudCheckr services in AWS Marketplace.

"Public sector organizations are increasingly gaining operational advantages when moving to the cloud," said Barry Russell, General Manager of Global Business Development, AWS Marketplace and Service Catalog, Amazon Web Services, Inc. "Our customers want easy-to-deploy solutions to drive data-driven operational efficiencies and speed innovation. CloudCheckr has demonstrated deep experience in cybersecurity and cloud management and we look forward to having their solutions on AWS GovCloud Marketplace."

Major factors impacting cloud security

Grazed from InformationAge. Author: Nick Ismail.

Companies that adopt cloud within their organisation can release products quicker, protect their customer data from security threats, and achieve economies of scale at a faster rate than companies with traditional IT environments. However, the shared nature of cloud computing also means that there is a real possibility that organisations could face security threats after they move to the cloud. This article will cover a few of the most common cloud security threats and explain what steps you can take to protect your business online.

Data breaches

Recent data breaches such as WannaCry and Petya have shown that the cloud isn’t completely immune to threats that traditional company networks face. Data breaches that involve sensitive company information is especially problematic for businesses, and can even lead to significant fines and lawsuits...

Read more from the source @ http://www.information-age.com/major-factors-impacting-cloud-security-123468244/