Stranger things: Securing your network in the upside down world of SDx

 
The smash hit Netflix series ‘Stranger Things’ centers around the mysterious disappearance of residents of Hawkins, Indiana. Those who vanish find themselves in a frightening, parallel nether-world called the ‘Upside Down’, where things are not exactly as they seem. For some organizations, moving from physical hardware-based networks to SDx public or private clouds can feel similarly alien. While the familiar, conventional network construct still exists, the security infrastructure has disappeared since there’s no physical infrastructure to get to grips with. So what do they do next? What makes SDx strange? As we know, SDx stands for software-defined infrastructure. That ...

The latest findings on Chrysaor (Pegasus for Android) are even more stealthy

 
Earlier this week Google published a research about a new sophisticated spyware tool for Android, believed to be related to the Pegasus malware for iOS, which was discovered in August 2016. As Google wrote in their blog, the malware was most likely created by the authors of Pegasus – the NSO group, and shares many common features as Pegasus. What’s the big news? Chrysaor is a fully developed spy tool for Android devices, and can allow attackers to surveil their targets’ every move. Chrysaor has implemented elaborate modules to listen in on conversations, take screenshots and surveil the device’s surroundings, steal sensitive data and read SMS messages. This malware presents a ...

Stopping Your Staff from Raining Data from the Cloud

 
No matter what your company’s official position is on the use of cloud services, your employees absolutely depend on them as part of their day-to-day work. The problem: the services they tend to use usually aren’t the ones you want them to use. A 2015 study of cloud usage found that employees were using 15 times more cloud services than their IT departments estimated or authorized; an average company also uses over 1,100 cloud services, of which just 8% meet the data security and privacy requirements of enterprises. In light of this, it’s no surprise that data breaches from cloud services happen frequently. An October 2016 Ponemon study of nearly 650 IT professionals in North ...

Best-of-breed security for hybrid clouds

 
Wouldn’t it be great if you could make a fresh start with your organization’s IT infrastructure? Unfortunately, unless you’re a start-up, most enterprises don’t have the luxury of starting with a clean slate. Instead, the majority of us have to make the most of a hybrid of legacy apps and existing investments with new cloud deployments to keep pace with business demands. A recent survey by Verizon and Harvard Business Review highlighted this issue. It found that 63% of organizations are pursuing a hybrid cloud approach to improve their competitiveness, yet a third (32%) were struggling to integrate cloud with other systems. For many organizations, their IT infrastructure will ...

Ransomware– Not Only File Encryption

 
Ransomware is an ever-increasing threat worldwide, claiming new victims on a regular basis with no end in sight. While most ransomware families prevent the victims from accessing their documents, pictures, databases and other files by encrypting them and offering a decryption key in return for a ransom payment, others use different, but no less creative ways to extract payment from their victims. Here are some examples:    IoT ransomware Smart devices are known to be a soft spot targeted by threat actors for various purposes. In August 2016, security researchers demonstrated their ability to take control of a building’s thermostats and cause them to increase the temperature ...

Get off my (private) cloud

 
As enterprises transform their physical data centers to private and hybrid cloud models, how should they secure these new environments, keeping threats and attackers off their cloud? A new era of virtualization, automation and Anything-as-a-Service (XaaS) is being ushered in at a blistering pace, driving greater efficiencies and cost savings while dramatically changing the way businesses roll out new applications and services. And as Mick Jagger was fond of saying: “But it’s all right now, in fact it’s a gas!” It really can be all right if you understand how this new model doesn’t inadvertently introduce new risks or expose your business to more threats. The trends are ...

Three Key Takeaways from WikiLeaks’ Release of CIA Documents

 
The latest revelations by WikiLeaks, collectively called the “Vault 7 Leak”, have caused quite a commotion in the security world, reinvigorating myths that were previously viewed as theoretical. There are already several lessons to be learned from WikiLeaks’ most recent data dump, and we offer you three top takeaways from the initial document disclosure.   1. Every connected device can be hacked The publication details exploitation techniques for all sorts of electronic devices: from PCs and laptops, to mobile devices, and even to Smart TVs and connected cars. While these techniques are not groundbreaking, the sheer scope of hackable devices revealed in the CIA trove is ...

Check Point Comments on Recent Advanced Threats

 
Today’s publication by WikiLeaks shows how advanced hacking techniques, including extremely sophisticated exploit tools, are more readily available than you’d think; they’re available to everyone, including governments. These tools provide new surveillance capabilities allowing them to hack into enterprise and military networks, smartphones, tablets and even IoT devices such as Smart TVs. Check Point researchers have been tracking these exploits since the news was first released. What is not released yet is the code detail.  Since the information was retrieved from early 2016, most of the mobile devices that have been targeted so far are older operating system versions of Android ...

Introducing Check Point vSEC for Google Cloud Platform

 
Cloud Security Puzzle – Solved! If you are deploying workloads (like web servers) or migrating back office apps into Google Cloud Platform (GCP), you will be happy to know that you can now do it securely in a turn-key way without sacrificing the agility & business elasticity provided by GCP. Check Point’s vSEC cloud security solution delivers advanced security that is virtually built into the Google environment using Google’s APIs. Together, Google and Check Point enable a multilayer security solution that comprehensively protects customers’ assets and data in the cloud with advanced threat prevention security. Why do we really need another security layer? While the ...

Choice, Flexibility and Advanced Security – Now with Google Cloud Platform

 
As a general rule of thumb, it has been a long accepted strategy in IT to avoid vendor lock in, or trusting too much in a single equipment provider that you get stuck because changing to another vendor would be too costly or inconvenient. This is especially true with public cloud providers, and fear of vendor lock in is often cited as a major road block to further cloud adoption. So how do you eliminate the risks of putting all your IT eggs in a single virtual network basket? One approach to solving this dilemma is a multi-cloud strategy. A multi-cloud approach provides benefits beyond simply eliminating financial risk; it can also help businesses redefine their software ...