Cisco is coming out with four next-generation firewall appliances aimed at smaller organizations that compete against midrange devices made by Check Point, Fortinet and Palo Alto Networks. The appliances can automate security tasks including assessment, tuning and remediation. Management for the new devices can be handled by the onboard Cisco Device Manager, Management Center appliances for managing multiple devices, and Cisco Defense Orchestrator, its cloud-based policy management tool.
In a related story, Palo Alto Networks unveiled a new purpose-built hardware and virtual next-generation firewall appliances that enable applications and redefine security performance for both threat prevention and SSL decryption. The company says that their boxes will enable customers to safely embrace the cloud and prevent successful cyberattacks across network, endpoint and cloud environments. The new models complement enhancements to the Palo Alto Networks Next-Generation Security Platform PAN-OS operating system 8.0, which includes more than 70 new features that help deliver threat and credential theft prevention, secure cloud enablement, and more.
Building on the work of the Cloud Signature Consortium, Adobe unveiled the first cloud-based digital signature built on an open standard. The company claims that Adobe Document Cloud and Adobe Sign will enable digital signatures in any browser or on any mobile device. It also includes business workflows that can route documents for collaboration or certified electronic delivery, and connect into systems like Microsoft SharePoint. Plus you can send for ‘certified delivery` when you need clear proof that your recipient both viewed and acknowledged a document. Finally, using the Adobe Sign mobile app, you scan printed pages and send for signature or sign from your smartphone or tablet.
The SOCVue Patch Management service automatically scans Windows and Linux endpoints for missing patches for the OS, browser and 3rd-party applications like Java and Adobe. Through EiQ`s SOCVue Portal, you can review, approve and remediate patches with the proper change control processes and reporting. EiQ Networks claims that their SOCVue Patch Management service provides patch scanning, analysis, reporting, and remediation at a fraction of the cost of alternative on-premises solutions that require in-house management, process, and expertise to be effective.
ATM management solution provider ESQ has launched a new app for smartphones and tablets that gives users up-to-date and actionable information about their ATMs. The company claims that their OperationsBridge platform is the only enterprise-grade solution that is multivendor, multitenant, and deployable on any ATM fleet. OperationsBridge Mobile includes an ATM network view that shows:
Even though physical attacks on ATMs have been increasing, there is no central repository for incident reports for attacks on ATMs. ATM deployers have to rely on information coming from the U.S. Secret Service, ATM manufacturers, banks and vendors. The ABA has collected statistics on ATM attacks for a few years with about 60% of 91,000 bank branches in the U.S. voluntarily contributing data. To help track patterns of criminal activity and effect preventative measures, the ABA has added a new feature to its nationwide bank robbery database that allows subscribers to key in ATM crime data, including skimming attacks.
According to a MEF Mobile Money Report, more than three fourths (78%) of people made a purchase by mobile—which includes digital wallets—in the previous six months, but more than half (58%) abandoned a transaction before checkout. Here are the main reasons from the study that consumers say they abandon a mobile purchase once started:
31% - asked for too much sensitive information
22% - due to connectivity or other technical issues
21% - took too long to complete
Many security experts recommend that you never open a mobile banking app after you have joined a public Wi-Fi network, Plus they point out that while fairly rare, a determined scammer can force-join your mobile device onto a rogue network without your knowledge. You can work around this potential issue by opening “Settings” and turning the “Wi-Fi” switch off prior to launching your mobile banking app in public. While on a cellular connection vulnerabilities still exist, cellular interception is more difficult, requires expensive hardware, and is more noticeable, so it is much less plausible for a scammer to risk attempting to intercept your mobile banking activities during a cellular data connection.
During Black Hat USA and DEF CON 24 in 2016, three-quarters if queried penetration testers claimed they could compromise a target in under 12 hours; 28% took between six and 12 hours and 43% found a way in within six hours. They also revealed that:
In terms of preventing attacks, intrusion prevention systems and endpoint security solutions presented the greatest challenge for the respondents (29% and 23%, respectively), while firewalls came in third, and antivirus a distant fourth at 2%.
The overwhelming majority of all critical Microsoft vulnerabilities discovered and fixed in 2016 can be mitigated by simply removing admin rights across an organization, according to Avecto's analysis Microsoft security bulletins. A Microsoft MVP noted that “implementing a proactive defense strategy, starting at the endpoint and building out with least privilege, simple application whitelisting and content isolation will put you in a much stronger position by reducing the attack surface and building secure defensible endpoints.”
Battling Security Fatigue – Working Towards Usable Security
Network Box - https://www.networkboxusa.com
Read Pierluigi Stella's comments:
Many people agree that data visualization is a key part of business and marketing decision-making. Some factors to consider when choosing a data visualization product include price, dashboard customization, data analysis capabilities, and ease of use. Here are five top data visualization solutions:
- Dundas BI
- Qlik Sense
- SAP Lumira
Javelin Strategy & Research released “Digital Account Opening Fails to Deliver a Single-Channel Experience,” which found that over 2 out of 3 successful applicants used online and mobile channels for some stage of the application process to open a credit card application and 60% used these channels to open checking accounts. But digital applications are currently failing to deliver a single-channel experience, especially mobile account opening. About 34% of successful applicants opened and completed the application process online, while the other 66% turned to another channel at some point. Mobile netted only 8% of successful applications with a start-to-finish process. The research firm concludes that with the heightened risk of abandonment every time an applicant switches channels, banks need to work towards an integrated, satisfying, multichannel experience.
Some observers contend that biometrics and behavioral analytics will soon be taking over online and mobile banking logins forever. Case in point: U.S. Bank has set a target of removing passwords “altogether” from the login process, and are currently in the process of laying the groundwork for that implementation in 2017. They currently offer fingerprint authentication and voice verification, and will be looking at facial recognition and pattern matching this year.
Level 3 Communications, a major Internet backbone provider, is constantly on the lookout for cyberattacks on the network level; in fact, they have linked more than 150 million IP addresses to malicious activity worldwide. Bad behavior patterns have helped Level 3 build algorithms to identity suspicious traffic, but blocking those machines can be problematic. Notifying businesses is often pretty straightforward, but Level 3 has to work with hosting providers in order to reach consumer PCs that have been compromised. Some ISPs will make the effort to contact their subscribers, while others will not. Just about everyone agrees that it will take a collective effort - of ISPs, governments, businesses and consumers - to clean up the Internet and secure today's devices.
Unified Communication (UC) vendors such as Cisco, Microsoft, Unify, RingCentral and many others are rapidly creating, building or acquiring workstream messaging applications. These workstream messaging applications effectively capture (and preserve) conversations across multiple modalities, including voice. Here are some examples:
- Microsoft has developed Teams as a Slack-like workstream messaging application
- Cisco developed Spark for messaging and has already integrated it with Cisco UC solutions
- RingCentral bundles its Office service with its workstream messaging app called Glip
All of these applications share common elements, such as persistent messaging, robust APIs, shared content, and search and discovery.
GamEffective is a leading workforce performance gamification company that helps organizations engage employees to improve motivation and learning. They claim that their GamEffective platform can drive contact center performance and learning success. The software helps engage and motivate employees by setting goals and tracking their performance in real time. GamEffective provides real-time feedback as well as dynamic goal setting for employees and managers.