3.1 C
London
Sunday, November 19, 2017
Home Tags Marketing

Tag: Marketing

Indegy is investing in a new 24/7 support center for Asia and the United States and aims to build brand awareness in the industrial control security space, which is still in its infancy. Ever since the Stuxnet malware was able to incapacitate an Irania...
In colossal surprise, criminals revealed as rather fond of anonymity technologies Knock us over with a feather: a study by the European Union Intellectual Property Office (EUIPO) has found that those who infringe intellectual property for a living are quite fond of anonymity technologies that cover their tracks. The Office last week emitted a Deloitte-penned study titled Research on Online Business Models Infringing Intellectual Property Rights (PDF), the first effort in a research project aimed at figuring out just who pirates what and why. The study aims “to provide an overview of the different infringing business models, assessing how they function, how they are financed, how they generate profits for their operators, what kinds of content they disseminate and how large their user bases are.” It's hoped that policy-makers can arm themselves with this information and respond accordingly. The study identified 25 different business models for IP abuse, characterised as follows: Five business models where IPR is misused in the domain name (or other digital identifier) in marketing practices on the open Internet: cybersquatting, domain name parking, affiliate marketing and marketing of products either related or unrelated to the misused IPR. Five business models where IPR is not misused in the domain name (or other digital identifier) in marketing practices on the open Internet: marketing of pharmaceuticals, applied arts replica and virtual items and marketing on third party commercial platforms or social media. Five business models existing on the hidden part of the Internet, Darknet: trading of user accounts, computer software source code, complete databases, weapons and storage devices as well as an online e-book library. Five business models with the aim of conducting phishing, dissemination of malware or traditional fraud: spoofing, phishing e-mails, ransomware mobile apps, malware dissemination from websites making unauthorised trademark use and fraudulent misuse of the name of a national IP office. Five business models sharing digital content on the open Internet: linking, torrent, streaming and cyberlocker sites and a site contributing to video streaming. EUIPO Executive Director António Campinos writes, in his foreword, that the “shadow landscape” responsible for IP abuse “more and more relies on new encrypted technologies like the TOR browser and the bitcoin virtual currency, which are employed by infringers of IPR to generate income and hide the proceeds of crime from the authorities.” But the study also notes that, like any business trying to find customers, IP abusers have to market themselves in plain view of customers.

This means web ads and social media are often employed, albeit with all sorts of obfuscation and deception in place once victims click through. The overall tone of the study is therefore grim: anonymity technologies mean it's getting easier for crims to do things like hijack domains and harder for law enforcement authorities to find perps because the smart ones hide their tracks and refuse to use real money or easily-identifiable bank accounts. Thanks for the insights, EUIPO, and for just about proving the Brexiteers argument that EU tentacles are excellent at pointing out the bleeding obvious. A promised Phase 2 study will offer “a more quantitative oriented phase where specific business strategies can be researched in more detail.” ® Sponsored: 2016 Cyberthreat defense report
It's not the next Stuxnet, says SentinelOne, it's just very naughty code Malware hyped as aimed at the hear of power plants is nothing of the sort according to security outfit Damballa, which has put its name to analysis claiming the "SFG" malware is run-of-the-mill code without sufficient smarts to target SCADA systems. The so-called SFG malware is the spawn of Furtim, and hit headlines as targeting industrial control systems when all it does is creates backdoors for regular data exfiltration and payload dropping. Security outfit SentinelOne Labs found SFG and said it spotted the code infecting systems owned by an European energy company.
SentinelOne said those attacks looked like the work of a nation-state. But Damballa says the malware is a regular financially-driven menace that lacks SCADA (supervisory control and data acquisition) targeting. "SFG is just another Furtim build," Damballa researchers say. "There is no code specific to attacking industrial control systems or SCADA systems. "[SFG] does not appear to be a nation-state operation, and there is no specific threat to any particular sector." SentinelOne has since backtracked on its claims after copping criticism for its analysis, saying it does not have evidence that the malware was targeting SCADA systems. "There has been a number of stories published since the posting of this blog that have suggested this attack is specifically targeting SCADA energy management systems," the company says in an update. "We want to emphasise that we do not have any evidence that this is in fact the case.

The focus of our analysis was on the characteristics of the malware, not the attribution or target." Comparison of the original post found in Bing's cache against the updated reveals claims that the targeted energy was European deleted, along with a footer marketing call that readers within the energy sector should reach out to the firm. Researchers say it uses a "kitchen sink" approach to detecting the sandboxes, honeypots, and analysis efforts of white hats in a "cobbled together" mash taken from years-old malware code. Yet it is the "most comprehensive" copy and paste effort to date. Damballa finds the malware is also impressive in its use of the new 'fluxxy' fast flux infrastructure in which carding sites are built on a network of bot-bitten Russian and Ukrainian home computers that constantly shifts site IP addresses. That fluxxy network powers malware campaigns including Carberp; Gozi ISFB; Pony; TeslaCrypt; GameOver ZeuS/Zbot, and Tinba. "We should focus our intelligence efforts on mapping this fast-flux infrastructure and working with authorities to disrupt, degrade, and destroy it," Damballa says. ® Sponsored: 2016 Cyberthreat defense report
Are you planning to cheer on your country's athletes in-person at the Summer Olympics in Rio and need some discounted tickets? Maybe you can't afford to travel there but would love to win a ticket lottery that would increase your chances of doing so? Perhaps you're not planning to attend at all but would love to get your hands on some 2016 Rio Games merchandise to wear as you cheer from the convenience of your living room. Bad actors, fraudsters and cyber-criminals love big events and large crowds, especially the virtual kind.

As athletes and fans are preparing for the upcoming games, so are cyber-criminals as they loom in the background of the World Wide Web, waiting to take advantage of an everyday consumer or business when no one is looking.

As the summer games are fueling up to begin in the next couple weeks, eWEEK interviewed Heidi Bleau, principal integrated marketing manager at RSA, the security division of EMC, to get a handle on what scams are out there.

Bleau offered five examples of the more high-profile—and less-obvious—scams to keep your eye out for in your zeal to get your hands on Rio games tickets or merchandise.
Earlier this week, WordPress administrators were urged to update to the popular All-in-One SEO plugin to address a persistent cross-site scripting vulnerability.

But other widely used plugins also need updating. The plugin model for WordPress is simultaneously the platform’s greatest asset and biggest vulnerability.

Administrators can happily search the rich ecosystem of plugins and find all manner of advanced features and functionality to enhance their WordPress sites. Once downloaded, these plugins are easy to install. However, the plugins are frequently poorly coded or not regularly updated, exposing WordPress sites to potential Web attacks. WordPress itself is a pretty stable platform, but WordPress sites are frequently compromised because the attackers uncover a vulnerability in one of the plugins. It turns out All-in-One wasn’t the only vulnerable plugin found by Summer of Pwnage, a Dutch community project working on uncovering vulnerabilities in popular applications.

The project posted advisories on a dozen or so other XSS vulnerabilities in widely used WordPress plugins this week. The WP Fastest Cache WordPress plugin creates static HTML files from dynamic WordPress pages.

A local file inclusion vulnerability in this plugin can be exploited to run arbitrary PHP code.

Attackers must place an arbitrary PHP file on the target system in order to exploit the vulnerability.

The issue is in /admin/partials/menu/options.php and is caused by the lack of input validation on the id POST parameter. WP Live Chat Support turns on the chat function on the WordPress site.

The persistent XSS flaw in WP Live Chat Support is similar to the one found in All-in-One SEO in that attackers can inject malicious JavaScript code into the application, which executes within the victim’s browser with the privileges of the logged-in WordPress user.

The attacker can exploit the flaw to steal a victim’s session tokens and login credentials, executing code, and logging keystrokes. The plugin uses the Referer header to present the current page on which the chat is initiated to backend users, but the URL retrieved from the data isn’t properly output encoded according to output context.
Stored XSS flaws are typically more serious because they do not need to be delivered separately to the users.

The victim -- potentially the logged-in Administrator -- only has to view wplivechat-menu page to execute the malicious code.

Administrators should update to Version 6.2.02. Another stored XSS vulnerability was found in the WordPress Activity Log plugin, which allows administrators to monitor and track site activity.

An unauthenticated attacker would be able to inject malicious JavaScript code into the application, which will then execute within the browser of any logged-in user who views the Activity Log.

The Activity Log plugin fails to sufficiently check input supplied to the X-Forward-for HTTP header and perform output encoding when an incorrect password is entered.

The malicious request gets stored in the Activity Log on the wp-admin page and executes every time someone views the page. Attackers would be able to steal victims’ session tokens and login credentials, log keystrokes, perform arbitrary actions in the context of the user, and deliver malware.

Administrators should update to Version 2.3.2. The remaining plugins on this list had a cross-site scripting vulnerability that would allow an attacker to perform a variety of actions, such as stealing Administrator session tokens and performing arbitrary actions on the website with Administrator privileges.The flaws could be exploited by tricking WordPress administrators who were logged in to open a malicious site.  All-in-One was vulnerable because the plugin failed to properly sanitize the requests, which let attackers inject malicious JavaScript code in the request headers.

The vulnerability in all the other plugins was the result of a lack of output encoding on the page request parameter. Not sanitizing inputs and outputs is a common enough mistake in coding. WordPress normally validates this parameter to shut down cross-site scripting, but didn’t in these instances because of the way the parameter value was set. The Top 10-Popular Posts plugin tracks daily and total visits for blog posts and displays the number of visits for popular and trending posts.

The issue exists in the file class-stats.php.

Anyone using the Top 10 plugin should update to Version 2.3.1. The WP No External Links plugin masks all external links across all the pages by making them internal or hiding them altogether.

The issue is in the wp-noexternallinks-options.php file.

Anyone using the WP No External Links plugin should update to Version 3.5.16. The Google forms plugin embeds a published, public Google Form into a WordPress page or widget.

The issue is in file wpgform-logging.php.

Anyone using the Google Forms plugin should update to Version 0.85. The Simple Membership WordPress plugin lets administrators set up the ability to have users sign in and out of the website and restrict access to certain pieces of content.

The flaw existed in multiple files, including class.swpm-members.php, class.swpm-membership-levels.php, admin_members_list.php, and admin_all_payment_transactions.php. WordPress administrators using Simple Membership should update to Version 3.2.9. The Profile Builder WordPress plugin provides WordPress administrators with a front-end login, user registration page, and a way to edit user profiles.

The issue is in the file class-email-confirmation.php, which found issues where an attacker put a benign page value in the URL.

Administrators should update to Version 2.4.2. MailChimp is a widely popular email marketing platform.

The Easy Forms for MailChimp WordPress plugin lets users add unlimited MailChimp signup forms to different parts of a WordPress site, including posts, pages, sidebars, and other widgetized areas.

Administrators should update to Version 6.1. Master Slider is a responsive image and content slider that gives users a smooth hardware accelerated transition.

The plugin supports touch navigation with a pure swipe gesture.

Administrators should use Master Slider Version 2.8.0. Email Users lets WordPress administrators send email to all registered users.

The issue exists in the file email_users_user_settings.php.

Administrators using the plugin should update to Version 4.8.3. Attackers like to target WordPress sites through vulnerabilities in third-party plugins. Plenty of administrators neglect to patch the CMS.

Even those diligent about staying on top of the core updates may forget to update the plugins, or opt not to because they don't want the updated plugins to break existing functionality. When plugins are no longer being actively maintained, the administrator may decide to keep using the plugin instead of looking for an alternative.

There are many reasons for still using outdated plugins, but the bottom line is that they provide attackers with a simple way to compromise and seize control of the WordPress site.
Hewlett Packard Enterprise is undertaking a strategy to move more of its security products through partners, telling CRN that it is starting to open its data security portfolio to the channel, lines that had previously only been sold direct. "As a company, HPE is heavily focused on security and bringing security to the market for the customer base. With that in mind, we have taken on the role of wanting to bring our data security solutions, which have been traditionally sold direct, into the channel," said Sheryl Wharff, global product marketing for HPE Data Security. The first of those systems to be moved through the channel is the Enterprise Secure Key Manager (ESKM), a certified hardware and software platform to manage encryption keys, she said. HPE has also started moving its SecureMail email and data protection system through partners. Partners have already started selling both products, she said. [Related: Hewlett Packard Enterprise Reportedly Looking To Unload Autonomy Assets, Partners Think It'll Be A Tough Sale] HPE is targeting reseller partners who already sell the company's infrastructure systems, primarily the HPE ProLiant system in either Gen 8 or Gen 9, or the company's 3PAR disc arrays, which are already sold with encryption capabilities.

For those partners, who usually have deep expertise with HPE's high-end server and storage lines, Wharff said there is a "huge opportunity" to start conversations around security, which add value to customers around protection of sensitive data and additional revenue streams for the partner. "It's the next logical step for these resellers to begin to add security to their business.

They're very excited about it and very excited about bringing it to market," Wharff said. "This adds a wealth of opportunity for our resellers." Adding to that opportunity is a growing customer recognition of the importance of encryption technologies, Wharff said, driven by highly publicized data breaches and questions around application security. "It's a much easier sell because the market has recognized that it's very important to protect data at rest that's sensitive. You need to bring these new technologies into the market and you need to protect the data in a way you haven't before," Wharff said.   Jeff Smith, vice president of business development and digital transformation solutions at Plainview, N.Y.-based International Integration Solutions, one of the largest HPE partners in the country, said his business has already been "making good inroads" with the security technologies.
In particular, he said he is seeing significant demand from clients with regulatory requirements, such as PCI or HIPAA. For example, he already has two healthcare companies engaged in talks for potential sales, one of which was driven by recent reports of a Philadelphia-based healthcare services company that had to pay $650,000 to settle HIPAA violations due to data loss.
Smith said that type of fine could have been prevented with stronger data security solutions in place, such as those now being moved through the channel at HPE. "We think it's very positive," Smith said.
A year ago, IT security researchers hacked the onboard computer in Fiat Chrysler's Jeep Cherokee. Now, the company is launching its first public bug bounty program. Fiat Chrysler Automobiles (FCA) has the inauspicious distinction of being perhaps the first major auto vendor in the world to issue a vehicle recall due to IT security flaws. Now a year after researchers Charlie Miller and Chris Valasek detailed flaws in FCA's vehicles including the Jeep Grand Cherokee that led to the recall of 1.4 million vehicles, FCA is launching a bug bounty program.The bug bounty program will award researchers up to $1,500 per vulnerability that is responsibly disclosed to FCA.

The bug bounty will be operated by third-party bug bounty platform provider Bugcrowd."Bug bounties are incredibly effective, but they aren't a trivial undertaking," Casey Ellis, CEO and founder of Bugcrowd, told eWEEK. "FCA chose the measured approach, along with partnering with Bugcrowd, to make sure their program is successful for both the hackers who participate and FCA itself."Bugcrowd isn't the only vendor that provides managed bug bounty programs. Other vendors include HackerOne, which recently conducted the "Hack the Pentagon" program for the U.S.

Department of Defense.

Ellis said that FCA did its due diligence and settled on Bugcrowd as its vendor of choice. Overall, he noted that as the market for bug bounties evolves, he is seeing adoption of the concept as a whole. "Given that the rising tide floats all boats, that means all of the providers are seeing successful takeup in the parts of the market they've decided to focus on," Ellis said. Bugcrowd tracks the cost of bug bounties in a report it updated in June.

According to the "2016 State of Bug Bounty" report, the average bug bounty payout is now $500."One of the interesting phenomena in bug bounty programs is that it's very easy to boost your rewards up, and quite difficult to bring them down," Ellis said. "On that basis we recommended that FCA starts with rewards that are economically reasonable for them, while providing a good incentive to activate the community."Ellis expects the FCA bug bounty rewards to increase over time. He also noted FCA will pay $1,500 for the most severe vulnerability, although it is at FCA's discretion to go beyond that amount if the company sees fit.Bugcrowd is no stranger to helping the automobile industry—it already runs a bug bounty program for electric car maker Tesla."Tesla started early and has done a phenomenal job in developing a relationship with the hacker community to make their cars safer," Ellis said. "The key difference is in the age of the company, and the number of vehicles on the road.

FCA has been around a long, long time, which is what makes this program both historic and unique."The researchers who first disclosed flaws in FCA vehicles at the Black Hat USA 2015 conference, Miller and Valasek, are speaking at the 2016 event and are scheduled to disclose new automobile flaws on Aug. 4."Marketing to the supply side [i.e., the hackers] is a key part of a successful bug bounty program, and I expect that any buzz generated by the vulnerabilities that Miller and Valasek have discovered will help with overall traction for the program," Ellis said. "As for the vulnerabilities themselves, now Miller and Valasek have a clear vehicle to communicate these to FCA, and a clear expectation set of what they can expect from FCA in return."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.
Duo Security launches a free phishing simulation tool that lets organizations test their readiness against phishing attacks. Most organizations know how much of a security risk phishing attacks are, but what isn't always known is how well an organization and its employees are able to detect and deflect such attacks.Duo Security has run a number of surveys over the course of the year that have consistently revealed how poorly prepared many organizations are to deal with a phishing attack. A study conducted in March, for example, found that nearly half (49 percent) of surveyed customers who had trained their employees on phishing avoidance still have employees falling victim to phishing attacks.To that end, Duo Security announced on July 12 its Duo Insight service, which provides a free phishing simulation to help identify how an organization and its employees respond to phishing attacks.According to Duo Security, across the first 100 Duo Insight simulations conducted by beta testers, 27 percent of users clicked the phishing link but didn't end up entering a username and password. Only 17 percent of the first 100 users actually clicked the link and entered their full credentials.As to why there was a gap between users who clicked on a link and entered credentials and those who didn't enter credentials, Duo Security has a few ideas. "We attribute this gap to users who are more security conscious," Ruoting Sun, principal product marketing manager at Duo Security, told eWEEK.

The more security-conscious users likely looked at the Web address, were suspicious that they had to re-enter their credentials and recognized this as a phishing attempt after clicking the link, according to Sun. The fact that 17 percent of the first group of Duo Insight users fell for the phishing bait didn't surprise Duo Security either."We are not surprised by these numbers.

These phish rates are in line with industry estimates and averages for targeted phishing campaigns," Sun said.The Duo Insight system attempts to trick unsuspecting users by sending common business email correspondence.

Duo Insight has the ability to detect what applications are used in a company and can recommend one of those as the target application used in the phishing email.

Common applications including Salesforce, Outlook Web Access, Google Apps and Office 365 are all options that are available inside of Duo Insight for phishing emails.Sun explained that the Duo Insight administrator can customize the content of the phishing email, including whom it's from, what the spoofed domain should be, what the email says and who is the email target.

After the phishing email is sent, the administrator can log into a dashboard that shows who opened the email, who clicked on the link and who got phished.

The dashboard can also report if a targeted device is out of date, as well as make an estimate on how much financial and time loss might be incurred from the phishing email based on industry comparables.The overall goal is to give organizations a better idea of who falls for phishing attacks and what devices are vulnerable in a network."Most phishing templates are corporate emails, leveraging the fact that people are most likely to fall for phishing when it comes from a trustworthy source within the company," Sun said. "This is especially likely to happen if there are already email credentials that are compromised within the organization."The idea of testing the ability of an organization's employees to detect a phishing attack is not a new one.

There are multiple vendors, including PhishMe, that offer phishing readiness and testing services.

A couple of benefits to choosing Duo Insight, according to Sun, is that it is a free tool and it's easy for organizations to set up and deploy quickly."Duo Insight automatically generates a report for the administrator showing the results of their phishing campaign, as well as a business case for investing in the right security tools to prevent data breaches in case user credentials and devices are compromised," Sun said. "Solutions that provide authentication and insight into device hygiene are effective at protecting against breaches."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.
Salesforce.com is stepping up its efforts to woo security-conscious businesses by adding "bring your own key" encryption to its Salesforce Shield cloud services. Introduced a year ago, Shield offers encryption, auditing, and event-monitoring functions to help companies build cloud apps that meet compliance or governance requirements.

Encryption is based on keys generated by Salesforce using a combination of an organization-specific "tenant secret" and a Salesforce-maintained master one. Originally, secrets and keys in Shield were generated and managed through Salesforce's built­-in key-management infrastructure, accessed through a point-and-click interface. "That satisfied the needs of the vast majority of customers," said Brian Goldfarb, Salesforce's senior vice president for App Cloud marketing. "But in regulated industries, there are some who want more." Targeting organizations in such tightly controlled industries -- healthcare and life sciences, for example -- BYOK encryption gives users the option of generating and supplying their own tenant secret to create encryption keys in Shield.

They can then manage those tenant secrets independently of Salesforce through their existing hardware security module (HSM) infrastructure, through open-source crypto libraries such as OpenSSL, or through third­-party services such as AWS Key Management Service.
Salesforce has also partnered with key-brokering companies including Vormetric and Skyhigh as another administration option. "This is pretty darn important," said John Kindervag, a vice president with Forrester. "Without the ability to control your own key materials, how can you be sure you and only you are controlling access rights and your own data?" It will benefit any company that uses data that's "somewhat sensitive and could get them in trouble if it leaks," Kindervag said. The feature could also help alleviate data-sovereignty concerns by making it easier to encrypt data and control the encryption, he added. "Eventually, everyone will come to their senses and realize that the real solution for sovereignty is encryption, not building data centers in various countries," Kindervag said. The new BYOK feature is in pilot testing, with general availability planned for later this year.
It will be included at no extra charge with the Salesforce Shield platform-encryption module.
Study shows clear understanding of cyber risks, with 85 percent respondents reviewing security considerationsLONDON, 12 JULY, 2016 – Gigamon Inc. (NYSE: GIMO), the leader in network traffic visibility solutions, has today revealed the results of a new iGov survey that examines the IT security threats and challenges facing the UK public sector.

The survey was completed by IT and security professionals from 172 public sector organisations across local government, NHS and higher/further education.

The key findings are below: In light of recent high profile breaches, 85 percent of organisations have reviewed their security considerations Despite which, only 55 percent of organisations have IT budget dedicated to security solutions 69 percent of respondents are concerned about the rise of Advanced Persistent Threats (APTs) however, only 18 percent of organisations currently employ APT solutions Recent high-profile cases have drawn attention to the unprecedented volume of cyber breaches in every industry.

As a result, public sector organisations have had to re-think the IT security solutions and strategies that they have in place, whilst continuing to meet their ongoing goals for service delivery.

This is demonstrated by the survey, in which 85 percent of organisations say they are currently reviewing their considerations. 65 percent of respondents viewed malicious code (including hacking, phishing and viruses) as a major risk to their organisation’s service delivery, with data loss (55 percent) and data misuse (40 percent) also ranking highly on the list of threats. Trevor Dearing, EMEA Marketing Director at Gigamon “These organisations have access to some of, if not the most sensitive data in the UK - including healthcare records, personally identifiable information and even payment data,” said Trevor Dearing, EMEA Marketing Director at Gigamon. “Thankfully, this study demonstrates a great understanding of cyber security risks and a high level of cyber readiness, with the vast majority of organisations confident in their ability to identify and remove suspicious traffic.

The UK public sector still has some catching up to do when it comes to mitigating the most advanced IT security threats, but this is a trend consistent with the market in general as hackers turn to low and slow attacks which can be incredibly effective and difficult to stop.” The vast majority of UK public sector organisations (82 percent) are confident in their ability to identify and remove suspicious traffic on their networks, across both physical and virtual environments.

Furthermore, 81 percent of respondents cited that they employ endpoint protection, while internet misuse by employees was deemed the lowest risk to respondents’ organisations – which points to confidence in mobile security as well as employee training or trust. In terms of how UK public sector organisations are using and sourcing their IT security solutions, 55 percent of organisations IT budget dedicated to security solutions. 72 percent of respondents said they view location as ‘important’ or ‘very important’ when deploying security solutions, due to increased mobility of staff, users and applications. 46 percent of respondents said their security solutions were delivered by a supplier sourced directly by their organisation, 29 percent were sourced in-house and 9 percent via shared services. “Getting IT security right needn’t be a complex or costly undertaking,” continued Dearing. “Instead, with the right partners and ecosystem of technologies in place, public sector organisations can place more importance on visibility to really understand what’s happening across their ever expanding networks.” To download the full report, please visit: http://wefightsmart.co.uk/Content/IT-security-threats-survey-2016.pdf About GigamonGigamon (NYSE: GIMO) provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance.

Gigamon’s Visibility Fabric and GigaSECURE, the industry’s first Security Delivery Platform, deliver advanced intelligence so that security, network, and application performance management solutions in enterprise, government, and service provider networks operate more efficiently and effectively.
See more at www.gigamon.com, the Gigamon Blog, or follow Gigamon on Twitter, LinkedIn, or Facebook. # # # Legal Notice Regarding Forward Looking StatementsThis press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934.

Forward-looking statements generally relate to future events or our future financial or operating performance.
In some cases, you can identify forward-looking statements because they contain words such as "may," "will," "should," "expects," "plans," "anticipates," "could," "intends," "target," "projects," "contemplates," "believes," "estimates," "predicts," "potential" or "continue" or the negative of these words or other similar terms or expressions that concern our expectations, strategy, plans or intentions.

Forward-looking statements in this press release include, but are not limited to, benefits for a customer of the new product offerings, and goals for our Security Delivery Platform and Unified Visibility Fabric architecture. Our expectations and beliefs regarding these matters may not materialize, and actual results in future periods are subject to risks and uncertainties that could cause actual results to differ materially from those projected.

These risks include our ability to continue to deliver our products and general market, political, economic and business conditions.

The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 10-K for the period ended December 27, 2015 and most recent Quarterly Report on Form 10-Q.

The forward-looking statements in this press release are based on information available to Gigamon as of the date hereof, and Gigamon disclaims any obligation to update any forward-looking statements, except as required by law.
Press ContactsRichard Scarlett or Mike MarquissGigamonTeam@finnpartners.comFinn Partners020 3217 7060
The big soccer championship converted many mobile users into sports fans, who increased their mobile usage as well as their risk to mobile threats. The UEFA (Union of European Football Associations) Euro 2016 soccer event concluded on Sunday night with Portugal's thrilling victory over host country France. It was a monthlong tournament, and over the course of UEFA Euro 2016, fans across Europe not only increased their mobile usage but also their exposure to mobile threats, according to research from Allot Communications.The research benefits from a large data set of 1 million European users."The network data of 1 million randomly selected users analyzed in this Allot MobileTrends report originates from Allot's mobile operator customers in Europe," Yaniv Sulkes, AVP of marketing at Allot Communications, told eWEEK. "The data is anonymized; it contains no personal details and consists only of Internet usage statistics before and during the event."The report found that during the event, 17 percent of mobile users who previously had not used mobile sports apps or Websites shifted their behavior and became active sports fans. Overall usage of sports-related apps and Websites also increased during the soccer event: 44 percent of mobile users accessed two or more sports apps or Websites per day, up from 36 percent prior to the start of the tournament in June. According to Allot, some of the users were increasing their usage of mobile sports apps and Websites to engage in risky online behavior.
In fact, the Allot report stated that 40 percent of sports fans were at risk during UEFA 2016 event.
Sulkes said his firm found users were engaging in two particularly risky behaviors: sports betting and social media activity. According to Allot's MobileTrends report, gambling was found to be a risky category, with 77 percent potential risk for users, meaning 77 percent of transactions scanned by the Allot filter were found to have online threats, he said."It means that a mobile sports fan accessing a sports betting category is likely to become a victim of online threats," Sulkes said.Allot worked with security vendor Kaspersky Lab on the report, which combines Allot's service delivery and telecom analytics expertise with Kaspersky Lab's security expertise to provide insights into the growing trend of online threats, according to Sulkes. He added that Kaspersky is Allot's technology partner for online threat detection, as Kaspersky's anti-malware engine is embedded into Allot's network-based Web security solution.While Allot found an increase in risky user behavior, according to Kaspersky no unique UEFA-specific malware infected users."The report focused on the risks for digitally active sports fans during the 2016 UEFA European Championship and provided insights into how major events impact online behaviors and increase the potential for mobile Internet users to fall victim to cyber-threats such as malware infection, phishing and ransomware," a Kaspersky spokesperson told eWEEK. "We do not have any evidence that fans were infected with UEFA-specific malware."That said, Kaspersky did report in April that hackers were making use of UEFA themes and titles in different spam and phishing campaigns."During the UEFA 2016 event numerous incidents were observed, ranging from malicious links posted on Facebook, spam emails leading to phishing sites [and] the download of malware-infected fake FIFA apps to online euro-themed fake sites," Sulkes said.The UEFA event might be over, but attackers will have a similar opportunity this summer to exploit casual sports fans: the Rio Olympics.
Sulkes says sports fans should be aware of online threats and be careful when downloading files or clicking on links."To be safe online, sports fans need comprehensive Web security protection on any device, including anti-malware, anti-phishing, anti-spam and ad-blocking, due to malicious ads," he said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.
Yes.

But not for much longer unless the industry shifts to an automated security and zero trust model. When it was first applied to the cybersecurity industry some 15 years ago, defense in depth revolutionized the business.

Today, the idea of using a collection of security countermeasures to protect a network is an accepted best practice and traditional thought leaders in the cybersecurity space (financial services companies and the U.S. federal government) hold it as gospel. But while defense in depth has served the industry well over the last 15 years, it’s time to start asking if it’s the approach to take for the next 15 years.
I would argue that if defense in depth is to be effective today and in the future, it will require a shift in industry thinking. Here’s why. If you examine the most publicized hacks of the recent past, the common factor among them was their use of highly-sophisticated APTs developed by bad actors or black hat hackers with the expertise, financing, and time to create tools to specifically counter the security measures used in the defense in depth model.

Be they state-sponsored hackers or profit-seeking cybercriminals, the attackers completely mapped the defense in depth capabilities of their targets and designed ways to circumvent them. However, the complexity and cost of developing and orchestrating sophisticated attacks used in these breaches put them beyond the reach of the majority of cybercriminals.

As for the potential targets of these attacks, many smaller organizations considered themselves safe because they didn’t have the type of information (credit card data, proprietary IP) or notoriety that would attract the attention of more capable hackers.  What’s new now?Today, advanced cyberattack tools are widely available thanks to the rise of underground marketplaces that sell user credentials, toolkits, botnets, and many other tools a cybercriminal could need.

The developers of these tools are even offering customers SLAs that guarantee stolen user credentials are valid and usable to enhance success of an attack.

Furthermore, many of these tools are now automated, so less sophisticated cybercriminals can now launch a high volume of advanced attacks against a target simultaneously. This has led to a significant rise in the number of cyberattacks so significant that the defense in depth model cannot keep up.

The most concerning weak point in the model is at the point of infiltration.

Today’s networks are logging millions of events every day, so it’s virtually impossible for a security team to identify, analyze, and respond as needed to real threats.

And even if a security team stops 999 out of 1,000 attacks trying to compromise the network perimeter, the one attack that gets through could cause serious problems.  Don’t forgo the perimeterThe sheer volume of attacks has led some security teams to abandon the idea of stopping attacks from penetrating the network edge all together.
In their minds, the better approach is to focus on detecting and remediating an attack after it has compromised the perimeter.

This is a recipe for disaster.
It’s all but impossible for security teams to stay up-to-date on the latest tools attackers can use to breach the network perimeter. Additionally, it would take a large security team to detect and remediate all of the APT and malware that would flood their networks if they were to forgo prevention, and most companies don’t have the finances or access to qualified security professionals who could keep up with the workload.
So while a defense in depth model that includes prevention is still the best way to protect networks, it’s going to require the security industry shift its mindset if it’s going to have a fighting chance. Zero trust + automated security =  way forwardIf the defense in depth model is going to be effective moving forward, cybersecurity tech vendors need to do a better job of blocking attacks.

The best way to do so is to adopt a zero-trust security policy and automate security processes. Zero-trust network security uses applications, data, and user information to establish policies for how data moves into and across the network instead of instead of relying on port and protocol-based security policies.
Security automation requires integration of up-to-the minute threat information and an ATP security platform that inspects all network traffic to apply policies based on applications, user, and data.

By combining a zero trust policy with automated security policies blocking the majority of attacks, security information and event management (SIEM) technology or cybersecurity professionals would have time to actively hunt for the few attacks that do manage to get in. The only way that the defense in depth model can hope to stay relevant is to modernize it by adopting automated security and a zero trust model.
It’s the only way security teams can scale their efforts in the constantly evolving world of cybersecurity. Related Content: Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business.

Click to register.
Frank Mong is senior vice president of product, industry and solutions for Palo Alto Networks.
In this role, he is responsible for directing product marketing, industry (vertical) marketing and overall solutions (platform) marketing for the company's entire portfolio.

An ...
View Full Bio More Insights