Categories
News

NSA’s Anne Neuberger to talk cybersecurity at Disrupt 2020

We are thrilled to announce that Anne Neuberger, director of cybersecurity at the National Security Agency, will join us at Disrupt 2020 from September 14-18.

The headlines are not always kind to the government agencies that work in secret, and the NSA is no exception. Leaks have exposed some of the agency’s most clandestine intelligence-gathering operations. But the important role of the spy agency in securing the nation’s cybersecurity defenses can go overlooked.

Neuberger took the helm at the NSA’s newly created Cybersecurity Directorate a year ago as part of the agency’s renewed effort to disrupt foreign adversaries and help Americans stay secure. She previously served as the NSA’s first chief risk officer.

As much of the NSA works in secret by collecting intelligence on foreign adversaries and disrupting threats to the U.S. homeland, Neuberger’s division works on the defensive side. It’s there that the NSA has unique insight into some of the biggest threats that the public and private sectors face, and uses that information to help protect the nation’s most critical infrastructure and systems from disruption.

In the past year since the directorate was launched, the NSA called out nation-state hackers, warned of new strains of disruptive malware and advised on how to patch or mitigate major vulnerabilities. Or, in other words, getting unclassified but actionable information to the network defenders who need it.

At Disrupt 2020 (September 14-18), we’ll hear from Neuberger how the agency is balancing spycraft and intelligence gathering with defensive cybersecurity. Get a front-row seat with your Digital Pro Pass for just $245 during our Labor Day Flash Sale or with a Digital Startup Alley Exhibitor Package. Prices increase next week, so grab your tickets today!

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-bc5e644f85a11b970469253c6a947a65’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-bc5e644f85a11b970469253c6a947a65’
}, “https:\/\/tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();


Read more: feedproxy.google.com

Categories
Software

Open Cybersecurity Alliance announces new language for connecting cybersecurity tools

The Open Cybersecurity Alliance (OCA) announced the availability of OpenDXL Ontology, its open-source language for connecting cybersecurity tools through a common messaging framework. 

“With open source code freely available to the security community, OpenDXL Ontology enables any tool to automatically gain the ability to communicate and interoperate with all other technologies using this language,” the OCA explained in a post.

RELATED CONTENT: ‘Security debt’ focus of 2019 State of Software Security report

OpenDXL Ontology is based on the Open Data Exchange Layer (OpenDXL), an open messaging framework to develop and share integrations with other tools. With the release of the language, the alliance can provide a single, common solution for notifications, information, actions and communicating with other tools. In addition, it  provides companies with a set of tooling that can be applied once and automatically reused everywhere across all product categories, while also eliminating the need to update integrations as product versions and functionalities change

“For example, if a certain tool detects a compromised device, it could automatically notify all other tools and even quarantine that device using a standard message format readable by all. While previously this was only possible with custom integrations between individual products, it will now be automatically enabled between all tools that adopt OpenDXL Ontology,” according to the alliance.

The OCA community said it is currently collaborating on GitHub and Slack to further new open-source code and use-cases for cybersecurity industry interoperability. The OCA will continue development for both STIX Shifter, an out-of-the-box search capability for security products of all types, and OpenDXL Ontology.

“The adoption of OpenDXL Ontology will help create a stronger, united front to defend and protect across all types of security tools, while reducing the burden of point integrations between individual products,” the OCA wrote. 

The alliance also announced the formation of a technical steering committee to help drive the technical direction and development of the organization. Members of the committee include leaders from AT&T, IBM Security, McAfee, Packet Clearinghouse and Tripwire.

The post Open Cybersecurity Alliance announces new language for connecting cybersecurity tools appeared first on SD Times.

Read more: sdtimes.com

Categories
Software

Microsoft releases Threat Protection with support for iOS and Android

Microsoft has announced the general availability of its cybersecurity solution. Microsoft Threat Protection (MTP) is designed to provide security checks across users, emails, applications, and endpoints. The solution alerts users and takes action using AI so that security professionals can automatically detect, investigate, and stop coordinated multi-point attacks, Microsoft explained

In addition, it weeds out the unimportant and amplifies signals that might have been missed, freeing defenders to work on the incidents that need their attention, according to Microsoft. 

The company explained that previous security solutions are designed to protect against threats for each domain separately, but now threat detection with built-in intelligence can understand how an attack got in, prevent its spread across domains, and automatically heal compromised assets. 

“The world is indeed getting more complicated, but the public cloud combined with human expertise and industry collaboration are delivering innovation that gives the advantage back to the defenders of cyberspace. We have never been more optimistic about the potential for technology to support and scale your most precious cybersecurity assets – your people,” Microsoft wrote in a blog post.

The AI capabilities built into Microsoft Security solutions are trained on 8 trillion daily threat signals and the insights of 3,500 security experts. Custom algorithms and machine learning models make, and learn from, billions of queries every day, according to Microsoft.

“The Threat Analytics report in MTP provides an exposure view and recommends the customer apply the appropriate Outlook security patch that will prevent this attack from recurring,” Microsoft wrote. 

MTP currently supports Linux, with plans to support iOS and Android.

The post Microsoft releases Threat Protection with support for iOS and Android appeared first on SD Times.

Read more: sdtimes.com

Categories
Software

SD Times news digest: ActiveState adds Python packages, Apache Software Foundation on .org registry, and Coralogix joins the cybersecurity market

ActiveState announced that it added more than 50,000 package versions covering the most popular Python 2 and 3 packages to its ActiveState platform. 

“In order to ensure our customers can automatically build all Python packages, even those that contain C code, we’re designing systems to vet the code and metadata for every package in PyPI. Today’s release is a significant first step toward that goal,” said Jeff Rouse, the vice president of product management at ActiveState.

Developers can automatically build open source language runtimes from source, automatically resolve all dependencies, and then certify it against compliance and security criteria within a few minutes. 

Apache Software Foundation speaks out against .org registry
The Apache Software Foundation objected to the for-profit sale of the .org registry, because it believes that a for-profit registry is unlikely to protect the interests of non-profit foundations. 

“This principle of enabling the open exchange of information to and among those we serve lies at the heart of what we do at The Apache Software Foundation,” the Apache Software Foundation wrote in a post.

Coralogix raises $10 million and enters cybersecurity market
Coralogix, provider of an ML-powered log analytics solution announced that it raised $10 million in a Series A funding round, bringing its total to $16.2 million. 

“This new capital will help complete our vision to empower DevOps to control operations and security data from collection through to insights and decisions — with the ultimate goal to make raw log data obsolete,” said Ariel Assaraf, the CEO and co-founder of Coralogix.

The company also announced that it is officially entering the cybersecurity market with the launch of an integrated security information and event management solution (SIEM) and intrusion detection system (IDS) designed for DevOps teams. 

ArcBlock announces 2.0 of its decentralized identity wallet
ArcBlock announced that it is releasing a new version of its decentralized identity wallet that is dynamic and supports users’ daily life. 

ABT Wallet 2.0 now includes a new user-experience for managing accounts and digital properties, easier connectivity and interaction with applications, services and connections and a streamlined way to check activities and transactions. 

The full list of details on the new release are available here. 

The post SD Times news digest: ActiveState adds Python packages, Apache Software Foundation on .org registry, and Coralogix joins the cybersecurity market appeared first on SD Times.

Read more: sdtimes.com