Microsoft’s endpoint security acquisitions and release of an agent for MacOS clearly signal Microsoft’s intent to be regarded as a full-fledged enterprise endpoint protection platform (EPP). Let’s look at what enterprise anti-malware solution seekers should know about Microsoft’s capabilities.
Patch management is a growing problem for IT/Sec-Ops teams. Surveyed cybersecurity professionals reported that attack volumes were up 15 percent and attack severity had increased 24 percent. But in 57 percent of breaches, hackers exploited vulnerabilities for which a patch was available but not applied.
It’s important to protect all of your devices, but with servers, the stakes can be stratospheric. Hackers who compromise a server can potentially harvest data for years and gain access to devices, processes and information throughout an organization — a nightmare scenario. A panel of experts discussed the threat to servers in a recent webinar hosted by AppGuard & Carahsoft.
If you want better and easier server protection than what you have now or have read about elsewhere, then you need something very different. You’ve come to the right place for a brief introduction to the application of zero-trust principles WITHIN the endpoint. If you’re not receptive to change and different paradigms, read no further.
Panelists worthy of any CISO’s attention, discussed and prioritized the methods China is using to compromise enterprises via their supply chain, including the currently rare, covert placement of spy chips into computing hardware. China’s ‘2025’ strategy to steal and degrade western economic power affects any enterprise that generates high-margin value and/or is in the same supply chain with those that do. The world has not seen such intense and pervasive nation-state aggression since the Cold War.
Reports of covertly adding chips to motherboards for industrial espionage require CISO’s to ask their peers and teams ‘what are the Chinese actually doing to steal data from organizations like ours’ and ‘what should we be doing to counter their efforts’? Enterprises targeted by China can get the answers and insights they seek from the panel Carahsoft and AppGuard have assembled. Hosted by Mike Lyons of CBS News, it features experts from the intelligence community, cybersecurity policy, and cybersecurity technology.
Donald J. Welch, Penn State, CISO
Anthony Cruz, Federal Energy Regulatory Commission, Cyber Thought Leader
Moderator: Neal Conlon, AppGuard Inc, VP Business Development
The CISO panel explored the challenges of 2018 and what remedies and priorities they consider important for 2019. Many enterprise cyber symptoms stem from inattention to basic blocking and tackling as well as under-utilization of existing tools. Flawed risk alignment contributes to these and other even greater issues. The panel also explored how the human factor affects cyber programs. They prescribed remedies to these matters that can be pursued in 2019 as well as shared what they expect to see next year.
Google recently stated that none of its 80,000 employee accounts using their Titan Security Key has been compromised since deployment. This is because this hardware authentication device is a possession factor that cyber criminals cannot electronically steal as they do passwords. But, as great as this and like tools are, they are susceptible when the endpoints using them are compromised. Read on to learn more about how your different authentication mechanisms depend on endpoint protection as well as the one capability you need for this but may have never heard about.
About a year ago I took on the role of CEO of one of the hottest emerging cybersecurity companies in the world. We were already embedded in critical infrastructure, large enterprises and organizations around the globe.
About 2 minutes after my 79 year old mom told me how proud she was, she said “What about my computer?”
There’s a pervasive, false perception in contemporary politics. The candidate that advocates spending the most on something cares most about solving the problem. Today’s endpoint protection suites are similarly ranked. Those with the longer list of features are ranked higher. Similarly, like features are seldom compared one-to-one but are presumed little different among different suites. The breadth and price of the package carries too much weight. Actual results bear too little, including level of effort. And ultimately, the features checklists have usurped the overarching mission of endpoint protection suites, preventing compromises.
One of today’s most widespread cybersecurity principles seems prudent on the surface but has made the enterprise cyber program a bloated, lumbering beast of burden. Defense in depth is simple to intuit; it is as obvious as two heads are better than one. Reality demands, however, that the enterprise optimize. How many are too many? What combination is best, and so on? Clearly, finding that sweet spot depends more on just what mitigates the spectrum of prioritized risks. The following anonymous customer story exposes at least two other major dimensions that matter. These other two are the difference between excellence and mediocrity.
If ever in a freezing cold room with IT/Sec-Ops people, raising the topic of patch management can heat it up fast. Patching applications on an organization’s client and server endpoints is far more challenging than most people realize. The uncertainty over what applications need to be patched in the next cycle makes it seem a never ending game of whack-a-mole.
Fortunately for the weary, there is an astonishingly simple, effortless, and effective way to snuff out those moles for good (figuratively speaking of course), including those invisible ones otherwise known as zero-day attacks.
Soldiers in combat over the last century rapidly grow accustomed to the distant cacophony of artillery and bombs. Some even get desensitized to nearby explosions. How many of us react with shock and horror at a data breach headline? Few do. We all hear them rumbling in the distance all the time.
Look at all of the familiar names in this list of recent casualties: Sears, Kmart, Best Buy, Saks Fifth Ave, Lord & Taylor, Whole Foods, JC Penny, Walmart, Panera Bread, Sonic, Arby’s, AppleBees, Coca-Cola, Delta Airlines, Under Armour, Orbitz, Atlantic City, Equifax, Yahoo, SunTrust Banks, Blue Shield of California, Western Union, Boeing, CareFirst BlueCross BlueShield, and Bed Bath & Beyond.