Security Briefs

By TMC  |  July 27, 2016

A10 Offers Top Motives for DDoS Attacks

New data from A10 Networks (News - Alert) lays out the five most popular motives for distributed denial of service attacks. This information, according to Chris Gale of A10 Networks, can assist companies in more effectively preventing this kind of thing. Atop the list are hit-and-run attacks, political attacks, and fiscal attacks. Some hackers leverage DDoS attacks to divert IT attention from other things; this is referred to as a smokescreen attack, and comes in at No. 4 on the A10 Networks list. And coming in at No. 5 is ransom, an area that’s seen a lot of action and coverage lately.

Flashpoint Unearths Ransomware Details

A five-month investigation from Flashpoint has uncovered such interesting details as the average monthly ransom payments, average salaries for various members of ransomware schemes, and ransom amounts per U.S. victim.

Wandera Uncovers CBS Sports App, Website Leaks

Mobile data management and security firm Wandera this spring found a leak in the CBS Sports app and mobile website, it says. According to the company, both the Android and iOS versions of the app failed to protect personally identifiable information including first and last names, dates of birth, email addresses, passwords in clear text, and zip codes during the registration process, and the mobile website failed to encrypt similar data. The Wandera team reached out to CBS Sports to address this issue and the vulnerability has now been remediated, according to the company.

Osterman Researches Database Visibility

Only 19 percent of organizations have what they consider excellent visibility into their data and database assets, according to a new report by Osterman Research, which says that level of visibility is necessary to rapidly identify a data breach. The report goes on to say that 47 percent of those surveyed don’t have an assigned team or even an individual to oversee the security of their databases. “This study reveals there’s a clear shift beginning to occur in information security away from total reliance on perimeter security toward a greater emphasis on database security,” said Michael Osterman, president of Osterman Research. “Identifying compromised database credentials and insider threats will likely receive far more investment in the future. And, the actual rate of successful infiltrations or other leakage events is likely greater than discussed in this report due to inadequate organizational systems for tracking successful threats.”

New Report Discusses Smart Home Market Trends

The smart home market is fragmented, but security companies frequently offer self-contained panels offering open functionality, as well as peripheral devices that can be managed locally via voice control or as part of a larger ecosystem. The report goes on to say that security companies will be challenged next year when UL-compliant Z-wave sensors become available. “UL has approved the latest Z-Wave protocol for UL 1023 compliance, which means Z-Wave detectors can soon be used for professional alarm installations,” explains principal analyst Blake Kozak. “This milestone is significant, because most existing intruder alarms use one-way radios operating at 300/400MHz. In order to remain competitive in 2016 and 2017, dealers and service providers need to consider flexible billing models as well as DIY installation with professional monitoring.”

Netwrix Auditor 8.0 Detects Threats

Netwrix Corp.’s new Netwrix Auditor 8.0 promises to simplify the detection of security threats and enable organizations to gain rigorous control over critical data across all levels of IT environment, including hybrid cloud and storage appliances. The company says that hybrid cloud is the most widely used deployment model, although most companies believe the cloud is insecure because it lacks visibility into user activities, increasing the risk of unauthorized access and account hijacking.

CenturyLink (News - Alert) Buys netAura

Communication services provider CenturyLink has purchased netAura LLC. The acquired is a security services company specializing in consulting, development, and engineering related to managed security technologies. The CSP in February launced its Managed Security Service Suite.

Security Firm Introduces New Platform, Ecosystem

Blue Coat (News - Alert) has come out with a security platform that provides control, data-level security, and visibility across cloud, on-premises, and hybrid cloud environments. The company recently acquired Elastica, whose technology is leveraged in this solution. The company also launched a partner program through which a select set of security vendors and SaaS companies, including Box (News - Alert), HP, IBM, Splunk and Symantec, have certified and integrated their solutions with the Blue Coat Security Platform.

Report Sizes Managed Security Services Market

Managed security service global revenue totaled $17.4 billion in 2015, up 9 percent from 2014, according to IHS. It is expected to grow by one-third over the next five years. More than half of that 2015 revenue is attributed to CPE-based services while cloud-based offerings contributed 46 percent.

AdaptiveMobile (News - Alert): IoT Devices at Risk

Mobile network security outfit AdaptiveMobile predicts up to 80 percent of connected devices out there today lack adequate security measures. And, it says, four in five devices on the market are vulnerable to malicious or inadvertent attacks and data breaches. AdaptiveMobile’s CTO, Ciaran Bradley, commented: “A new security architecture is required to deal with the increasing connectivity of devices belonging to the Internet of Things. There will be billions of devices connected through IoT – many unable to run traditional endpoint security – and there is no definitive ruling on who has responsibility to enforce this security and who is liable when a vulnerability is exploited.” 

Edited by Alicia Young