Archive for the ‘Internet Security’ Category

Digital Shadows – the UK security startup helping firms know their worst enemies

On any day of the year, cyberattacks beyond counting are directed against an alarmingly large number of targets, be they individuals, large enterprises, or nation states. It’s a world we know almost nothing about unless a successful attack is detected after the event by which time response becomes a matter of damage limitation.

The popular way to get a handle on these ‘unknowns’ is to put up defences that are periodically stressed using penetration testing to approximate the way an attacker looks at a company’s systems from the outside. The limitation of this approach is that it is at best a snapshot in time and offers insight on little more than abstract vulnerabilities.

But what if the ‘intelligence gap’ between attacker and defender could be bridged using real-time data before an attack unfolds?

It sounds too good to be true on first hearing but that is precisely the concept small British startup Digital Shadows has pioneered since its founding by CEO Alastair Paterson and CTO James Chappell in 2011. The firm’s platform, SearchLight, is a database-driven ‘awareness’ system that searches 100 million Internet sources in 27 languages including social media, crime forums, GitHub, and even encrypted ‘dark’ nets such as Tor and I2P.

 

This chatter is gathered in an automated way and fine turned with the help of analysts into reports that build a picture of possible targeting at any point in time, be that hours, days or weeks in the future. It can also be used to uncover evidence of undetected past attacks when breached data is passed around within criminals circles.

The idea of trawling around the Internet and dark web looking for scraps of data isn’t new. Many security professionals will undertake this sort of research on their own initiative from time to time. However, SearchLight is a platform that removes both the effort and risks of such a task and does so in a way that will be more methodical and comprehensive than a manual search.

More typically, this sort of data is ignored by large enterprises that might be targeted because it’s too time-consuming to find and process assuming you even know where to look.

It’s a platform that could help re-define how organisations understand security intelligence gathering. When you reduce the concept to its bare essentials it sounds pretty extraordinary. Where digital forensics is a method for understanding an event after the fact in order to fine-tune future response or for compliance, the hunt for a ‘digital shadow’ is about looking for actionable intel.

In a sense, Digital Shadows is about getting ahead of the game. It stands or falls on a simple formula – if someone out there wants to attack a firm it is possible to get some pre-warning of that event before it happens and then understand what happened in more detail afterwards.

In the world of mathematics, differential equations fed enough variables will predict the future, up to a point. A digital shadow is something more analogue than that, more a hint or a connection that a particular type of attack is being undertaken against a sector, a country or, occasionally, a specific organisation or its executives.

Digital Shadows – IG Group

“It gives me visibility on hit words that I’m interested in. It sends alerts to my team in real time,” confirms Stefan Treloar, head of Information Security at spread betting company, IG Group, a Digital Shadows customer.

After using the system at his previous job at National Lottery firm Camelot, Treolar saw the relevance for IG Group, where he uses it to monitor groups or threat types he’s interested in. Every morning he and his team can study the dashboards they have set up, receiving an immediate alert if a particular type of threat against the company or the sector is detected.

This is a hugely complex task at some levels and includes the need to translate from languages other than English so that Treolar can make sense of what he is being told.

“It is giving me visibility into a world that is outside of my control. These types of solutions help you make informed decisions. There is quite a lot of chatter about financial institutions,” he says.

Treolar had been able to keep tabs on specific threat actors, fulfilling his belief in the importance to “know your enemy.”

“If someone was talking about us we are now in the best position we could be without us finding out about it through the Daily Telegraph.”

Five Tips To Keep Your Kids Safe Online

While the internet can be a place of entertainment, learning and fun for kids, it also has a dark side. So how do you make sure your kids stay safe online?

Cyber safety consultant Brett Lee has travelled to some of far north Queensland’s most remote communities to teach parents and relatives how to make sure kids stay safe on the internet.

Mr Lee pulls no punches in his approach to internet safety and said adults who claim they know too little about computers to monitor their children’s online habits are kidding themselves.

“When I talk to adults and carers, particularly grandparents, I encourage them to draw on the skills and the knowledge they already have,” he said.

“We can make incredible inroads and reduce [online] risks to nearly zero just by employing a few strategies and mindsets that we already posses.”

Five tips for online safety

    • 1. Talk to children

Mr Lee said first and foremost parents, grandparents and carers need to keep the lines of communication open with the children in their care.

“Never underestimate the value of knowing how kids are going just by having a simple face-to-face conversation,” he said.

“The internet can instil the belief that it is a private environment but we can change that by talking to our kids by talking to our kids about what’s happening online.”

    • 2. Clear rules and boundaries

Although they may not like it, children need to be set clear rules and boundaries about what sites or programs they are allowed to access, when they are allowed online and who they can talk to.

“Kids are used to rules and boundaries because they have them in every other aspect of their life,” Mr Lee said.

“Whether they feel it or not, it helps them. It helps take away the responsibility for them to have to have to make the decision on their own when it comes to technology.

“We shouldn’t step back or feel guilty about putting [rules] in place when it comes to technology. Kids are ready for it; we just need to put it in place.”

    • 3. Stay up to date

Mr Lee admits staying up to date with applications and programs is not the most popular of tips with many adults, but it is not as difficult as some people make out.

“This is not about staying up to date with technology because we can’t do that – some of us don’t have an interest, a lot of us don’t have time,” he said.

“It’s more about staying up to date with the technology that applies to our family.

“Staying up to date is about talking to the kids, talking to other adults and talking to the school because they know the trends with programs and can give us some advice.”

    • 4. Consider parental controls

By installing software, programs or applications on a device parents or guardians can monitor online activity, block access to certain sites, set time limits on the device’s connection to the internet and be alerted to concerning usage or conversations happening on the device.

“This is great for young children,” Mr Lee said.

“Some parents and grandparents say to me ‘it’s like I’m spying on my children, they’re going to say I don’t trust them’ but this isn’t about spying on our children. This is about being comfortable in ourselves knowing that everything is going okay.

“We’re spying on other people and we’re spying on activity that may come into our home through that device.”

    • 5. You make the final decision

No matter what level of computer literacy or technological understanding an adult has, it is up to an adult to have the final say about a child’s access to the internet.

“It does not matter who owns the device and it does not matter who knows the most about technology,” Mr Lee said.

“If we feel something needs to be put in place or said, we do it.

“We are the ones who make the final choice.”

London’s top 10 cyber-security companies – SaaS, encryption, mobile security and beyond

BT

A surprise to those who still associate the company with old-world telecoms but BT is now a major player in the security services space, offering BT Assure Managed Cloud, DDoS mitigation, managed firewalling, and SIEM threat monitoring. Earlier this year, BT integrated cyber threat security system from startup Darktrace (see slide 6) while further back in time it acquired Bruce Schneier’s security startup, Counterpane, in 2006.

PwC

Better known for its global business accountancy services, PwC (or PricewaterhouseCoopers) is a privately-owned network of affiliated firms that has built a commanding presence in security consultancy. The firm has partnerships with a range of companies in the space including, recently, security ‘unicorn’ Tanium. Provides research for the annual Information Security breaches survey in conjunction with the UK Department of Business Innovation and Skills (BIS).

Silobreaker

Founded in 2005, Silobreaker has made its name in business and network analytics. In cybersecurity, the firm’s software can automate the process of trawling through large numbers of data feeds – social media, websites and news – to deliver reports on any security topic from specific attack types to known groups that might be of interest to a business.

Becrypt

A specialist in endpoint encryption for Window and Android, Becrypt also offers port/USB control, iOS mobile device management, and thin client technology such as the innovative tVolution secure client on a USB stick Techworld wrote about in April.

Acuity Risk Management

Sells software risk management system called STREAM used by large enterprises to assess governance, risk and compliance (GRC). The latest version V4 allows admins to build detailed custom reports.

Darktrace

Despite being founded in Cambridge with money from Mike Lynch’s Invoke Capital, Darktrace now boasts a London HQ to back up its offices in the famous University town – these days the firm might accurately be seen as being half way between the two cities. Building a stellar reputation for its Enterprise Immune System, a fully-fledged cyber-defence system technology for spotting anomalies on networks. In March formed an important partnership with BT.

Wandera

Founded in 2013 by the founders of ScanSafe (sold to Cisco in 2009), Wandera specialises in mobile security, offering customers its Secure Mobile Gateway as a security service. Based on a mobile app directing traffic through a proxy, Wandera is an innovative combination of cloud and mobile security in one system more often pioneered by US security firms.

SentryBay

Founded in 2007, SentryBay has assembled a wide range of security products for different business sectors – Data Protection Suite (DPS), Armoured Browser (banking), Anti-Keylogging, E-Vault, mobile security and even Internet of Things. Works closely with a range of partners, including Barclays, Geico, Check Point, and American Express.

Citicus

Privately held and founded during the dot.com boom, Citicus sells risk and compliance management software in the form of its Citicus One platform. Noted for its ability to visualise risk, can be used on premises or as a service. Mature and with an extensive list of customers, Citicus has established itself in its field in an unflashy, under-stated British way.

Protectimus

A London-based startup with a strong Russian presence among its founders, Protectimus sells two-factor authentication technology using one-time passwords (OTPs) and tokens for integration into larger IT systems as a service. Once an expensive security niche, two-factor hardware tokens are becoming a standard technology across a growing number of enterprises.

How Hackers Can Crash Your Phone Via Wifi

Among the many tools at the disposal of hackers is the ubiquitous “denial of service” attack (DoS), which is basically the sending of endless traffic to a specific site until it crashes from the overload.

Many people believe that hackers direct this kind of attack only at corporate websites and servers – that’s incorrect.

Online security experts have now researched and proven that it’s possible to attack iOS devices in a similar way, causing both individual applications or an entire mobile phone to malfunction.

Mobile security firm Skycure released the results of its research on the subject at a recent industry conference, showing exactly how hackers can potentially target any device using the iOS operating system.

For hackers, the process is as simple as setting up a wireless network for phones to connect to. Once linked, a hacker can launch a script aimed at any particular device, which will cause it to crash.

Skycure’s latest finding go hand in hand with previous studies it conducted, which revealed attackers could similarly create a Wifi network and cause devices to automatically connect. With all of these findings combined into a larger picture, it becomes clear that large targeted attacks could happen in highly populated areas. A determined hacker could set up shop in Times Square and  crash thousands of mobile devices in a short amount of time.

Unfortunately, there is nothing one can do to avoid this type of attack, except stay away from all unknown, unsecured Wifi networks.

A Hacker Explains Phishing and Malicious Links

Hackers are the cowboys of today’s online world. They are hired by large corporations and consulting firms to figure out how to break into people’s and companies’ websites and then build protective walls for those same victims. When figuring out how to find a hole in a secure system, hackers usually begin with the most obvious, low-hanging fruit.

The newspaper headlines have been full of reports of high-profile hacks by foreign agents to the systems of major companies like Sony, Wal-Mart and even the US government itself. Hackers admit that the easiest way to infiltrate a corporation’s secure system, as was done in these cases, is to somehow convince an employee to click on a malicious link in a seemingly benign e-mail.

This technique, called “phishing,” allows a hacker to then obtain the duped user’s username, passwords and other private information that will give them further, deeper access to a company’s secured systems. Sophisticated hackers will spend significant amounts of time planning how to best design a convincing phishing scheme, including trustworthy-looking e-mail messages.

One hacker described his own method: he would scour the professional profile website, LinkedIn, for a particular company’s “weakest links” – its least computer-savvy employees, who would be unlikely to differentiate between a fake or real e-mail message. He would then try and guess the employee’s e-mail address from a set of common formulas, testing potential addresses until he hit the right one. He would then customize a virus-laden email that would be pertinent to the recipient (based on any info. gleaned from social media about his or her hobbies).

After attaining the victim’s email address, the hacker looks to social media to learn as much as possible about his target’s professional background, friends, and general interests.

You have been warned by the experts – do not click on any links in e-mails which you are not certain are legitimate,

Digital Shadows – the UK security startup helping firms know their worst enemies

On any day of the year, cyberattacks beyond counting are directed against an alarmingly large number of targets, be they individuals, large enterprises, or nation states. It’s a world we know almost nothing about unless a successful attack is detected after the event by which time response becomes a matter of damage limitation.

The popular way to get a handle on these ‘unknowns’ is to put up defences that are periodically stressed using penetration testing to approximate the way an attacker looks at a company’s systems from the outside. The limitation of this approach is that it is at best a snapshot in time and offers insight on little more than abstract vulnerabilities.

But what if the ‘intelligence gap’ between attacker and defender could be bridged using real-time data before an attack unfolds?

It sounds too good to be true on first hearing but that is precisely the concept small British startup Digital Shadows has pioneered since its founding by CEO Alastair Paterson and CTO James Chappell in 2011. The firm’s platform, SearchLight, is a database-driven ‘awareness’ system that searches 100 million Internet sources in 27 languages including social media, crime forums, GitHub, and even encrypted ‘dark’ nets such as Tor and I2P.

 

This chatter is gathered in an automated way and fine turned with the help of analysts into reports that build a picture of possible targeting at any point in time, be that hours, days or weeks in the future. It can also be used to uncover evidence of undetected past attacks when breached data is passed around within criminals circles.

The idea of trawling around the Internet and dark web looking for scraps of data isn’t new. Many security professionals will undertake this sort of research on their own initiative from time to time. However, SearchLight is a platform that removes both the effort and risks of such a task and does so in a way that will be more methodical and comprehensive than a manual search.

More typically, this sort of data is ignored by large enterprises that might be targeted because it’s too time-consuming to find and process assuming you even know where to look.

It’s a platform that could help re-define how organisations understand security intelligence gathering. When you reduce the concept to its bare essentials it sounds pretty extraordinary. Where digital forensics is a method for understanding an event after the fact in order to fine-tune future response or for compliance, the hunt for a ‘digital shadow’ is about looking for actionable intel.

In a sense, Digital Shadows is about getting ahead of the game. It stands or falls on a simple formula – if someone out there wants to attack a firm it is possible to get some pre-warning of that event before it happens and then understand what happened in more detail afterwards.

In the world of mathematics, differential equations fed enough variables will predict the future, up to a point. A digital shadow is something more analogue than that, more a hint or a connection that a particular type of attack is being undertaken against a sector, a country or, occasionally, a specific organisation or its executives.

Digital Shadows – IG Group

“It gives me visibility on hit words that I’m interested in. It sends alerts to my team in real time,” confirms Stefan Treloar, head of Information Security at spread betting company, IG Group, a Digital Shadows customer.

After using the system at his previous job at National Lottery firm Camelot, Treolar saw the relevance for IG Group, where he uses it to monitor groups or threat types he’s interested in. Every morning he and his team can study the dashboards they have set up, receiving an immediate alert if a particular type of threat against the company or the sector is detected.

This is a hugely complex task at some levels and includes the need to translate from languages other than English so that Treolar can make sense of what he is being told.

“It is giving me visibility into a world that is outside of my control. These types of solutions help you make informed decisions. There is quite a lot of chatter about financial institutions,” he says.

Treolar had been able to keep tabs on specific threat actors, fulfilling his belief in the importance to “know your enemy.”

“If someone was talking about us we are now in the best position we could be without us finding out about it through the Daily Telegraph.”

Five Tips To Keep Your Kids Safe Online

While the internet can be a place of entertainment, learning and fun for kids, it also has a dark side. So how do you make sure your kids stay safe online?

Cyber safety consultant Brett Lee has travelled to some of far north Queensland’s most remote communities to teach parents and relatives how to make sure kids stay safe on the internet.

Mr Lee pulls no punches in his approach to internet safety and said adults who claim they know too little about computers to monitor their children’s online habits are kidding themselves.

“When I talk to adults and carers, particularly grandparents, I encourage them to draw on the skills and the knowledge they already have,” he said.

“We can make incredible inroads and reduce [online] risks to nearly zero just by employing a few strategies and mindsets that we already posses.”

Five tips for online safety

    • 1. Talk to children

Mr Lee said first and foremost parents, grandparents and carers need to keep the lines of communication open with the children in their care.

“Never underestimate the value of knowing how kids are going just by having a simple face-to-face conversation,” he said.

“The internet can instil the belief that it is a private environment but we can change that by talking to our kids by talking to our kids about what’s happening online.”

    • 2. Clear rules and boundaries

Although they may not like it, children need to be set clear rules and boundaries about what sites or programs they are allowed to access, when they are allowed online and who they can talk to.

“Kids are used to rules and boundaries because they have them in every other aspect of their life,” Mr Lee said.

“Whether they feel it or not, it helps them. It helps take away the responsibility for them to have to have to make the decision on their own when it comes to technology.

“We shouldn’t step back or feel guilty about putting [rules] in place when it comes to technology. Kids are ready for it; we just need to put it in place.”

    • 3. Stay up to date

Mr Lee admits staying up to date with applications and programs is not the most popular of tips with many adults, but it is not as difficult as some people make out.

“This is not about staying up to date with technology because we can’t do that – some of us don’t have an interest, a lot of us don’t have time,” he said.

“It’s more about staying up to date with the technology that applies to our family.

“Staying up to date is about talking to the kids, talking to other adults and talking to the school because they know the trends with programs and can give us some advice.”

    • 4. Consider parental controls

By installing software, programs or applications on a device parents or guardians can monitor online activity, block access to certain sites, set time limits on the device’s connection to the internet and be alerted to concerning usage or conversations happening on the device.

“This is great for young children,” Mr Lee said.

“Some parents and grandparents say to me ‘it’s like I’m spying on my children, they’re going to say I don’t trust them’ but this isn’t about spying on our children. This is about being comfortable in ourselves knowing that everything is going okay.

“We’re spying on other people and we’re spying on activity that may come into our home through that device.”

    • 5. You make the final decision

No matter what level of computer literacy or technological understanding an adult has, it is up to an adult to have the final say about a child’s access to the internet.

“It does not matter who owns the device and it does not matter who knows the most about technology,” Mr Lee said.

“If we feel something needs to be put in place or said, we do it.

“We are the ones who make the final choice.”

Products
August 2017
M T W T F S S
« Jun    
 123456
78910111213
14151617181920
21222324252627
28293031  
  • America's Best Colleges
    Forbes' list of public and private colleges and universities ranks the best schools--from the students' point of view.
  • Twelve Nasty Work-From-Home Scams
    Does the offer of making a mint in your pajamas sound too good to be true? It surely is.
  • The World's Most Powerful Celebrities
    Oprah Winfrey takes back her crown while pop chart phenomenon Lady Gaga catapults to No. 4 on this year's Celebrity 100.
  • The World's Leading Companies
    This comprehensive report analyzes the world's biggest companies and the best performing of these titans.
  • The World's Billionaires
    Carlos Slim Helu takes the No. 1 spot on Forbes' annual list of the world's richest as a record 164 billionaires return to the ranking amid the global economic recovery.
  • Email Marketing Basics
    Confused about how to best use email to reach your customers? Get the most out of email marketing for your business with this back-to-basics guide.
  • 13 Ways to Make Your Sales Brochures Effective
    Make your sales brochures more effective. Use these 13 copywriting and design tips to make your brochures and flyers get attention and bring in sales.
  • How to Manage Social Media Complaints
    No one likes to find negative reviews or complaints about their business on social media. Use these steps for social media complaints management to help your business thrive.
  • How to Make the Perfect Slogan
    A slogan makes your brand more recognizable and memorable, but writing a catchy slogan isn't easy. Follow these steps to make a slogan for your business.
  • Brand Strategy for Your New Business
    Creating your business' brand is one of the most important steps in starting a business. Put these brand strategies to work when crafting your brand.
NY Business