16 C
London
Thursday, August 17, 2017
Home Tags Volatility

Tag: volatility

There are more free information security tools than you can highlight with a fist full of whiteboard pointers. While many are trialware-based enticements designed to lure decision makers to purchase the pricey premium counterparts of these freebies, many are full-blown utilities.

A few important categories include threat intelligence tools, tools to build security in during the development stage, penetration testers, and forensics tools. Threat intelligence tools include AlienVault’s Open Threat Exchange, which collects and shares online threat intelligence as well as the Hailataxii and Cymon.io threat exchanges.

There are a variety of SAST (Static Application Security Testing) tools for security testing software applications that developers write using different languages whether C/C++, Ruby on Rails, or Python.

For penetration testing, we present the Nmap Security Scanner and the broadly useful Wireshark network protocol analyzer.
Specific forensics products include the GRR remote forensic framework, and Autopsy and SleuthKit, which analyze hard drives and smartphones, and the Volatility Foundation’s open source framework for memory analysis/forensics.
Abu Dhabi, 12th July, 2016 – ADS Securities, the global FX brokerage, today announced that it has been recognised as the best prime of prime provider in the 2016 FX Week e-FX Awards.

At an event held as part of the annual FX Week USA conference in New York City, the award was presented to ADS Securities London Limited’s Chief Executive Officer, James Watson.ADS Securities launched its unique Prime of Prime service earlier this year in a move designed to help fill the estimated $1.3 trillion credit gap that now exists in the foreign currency market.

Tighter regulation, reduced risk appetite amongst banks and a decline the number of Prime Brokers have all combined to affect growth in the global FX market. Marco Baggioli, COO at ADS Securities London, commented: “We are now offering a true prime of prime service for the foreign exchange market and are doing so at scale. Our strong balance sheet means we can offer access to unparalleled levels of liquidity and we don’t tie our clients to simply taking our prices. Our prime of prime proposition is filling the gap that has been left by the contraction of Prime Brokerage services - with a genuinely comparable product.” With liquidity already constrained and estimates suggesting that there will have been no growth in global FX volumes over the last three years, innovation by intermediaries is critical.

Furthermore, developing political and economic situations are increasingly leading to periods of market volatility, where any shortage of liquidity runs the risk of spreads widening significantly. James Watson, CEO at ADS Securities London, added: “Our business is only five years old but we have spent that time bringing the best people, the right technology and the most innovative ideas together.

As a result, we’re now providing new solutions - like our true prime of prime brokerage – and we are confident that we will now address the structural problems the market is facing. Winning this award is testament to the innovation and commitment we’re seeing from the entire team at ADS.” ADS Securities offers a range of FX, CFD and precious metal trading, as well as Global Market, Investment Banking, Wealth and Asset Management.
It is headquartered in Abu Dhabi, and has offices in Hong Kong, Singapore and London.

For more information about the products and services available please go to www.ads-securities.com. ENDS For more information, please contact:Tony Cross, Director, Monk CommunicationsMob: +44 (0) 7973 284 749Email: tony@monkcommunications.com Nader Abou-Guendia, Communications Director, ADS SecuritiesTel: +971 2 654 2333Mob: +971 56 683 8574Email: sgd.mkt@ads-securities.com About ADS Securities:ADS Securities is an Abu Dhabi based and owned international financial services company, dedicated to providing the highest quality investment opportunities for institutional, private and retail clients. With regional offices in London and Hong Kong it offers unique wealth management, asset management, capital market and trading services delivered by market experts.
It has made a significant investment into proprietary multi-asset trading technology which is central to its ability to access liquidity and assets, as well as delivering the highest quality products and services.
Investment has also been made into people with the development of experienced, highly qualified teams with diverse backgrounds committed to a vision of becoming a leader in global business.

Through organic growth, acquisition and strategic partnerships, ADS Securities has created a financial services firm which offers international knowledge, expertise and standards, but with the regional sensitivity and cultural identity of Abu Dhabi.

ADS Securities is regulated by the Central bank of the UAE, the FCA in the UK and the SFC in Hong Kong.

For more information please go to www.ads-securities.com
Saleforce.com's lead information security engineer discusses container security at DockerCon 16. SEATTLE—Running Docker containers securely as part of a DevOps pipeline is a process that has many steps and requires diligence.

That's the message coming from Cem Gurkok, lead information security engineer at Salesforce, in a session at the DockerCon 16 conference here.While containers do represent a somewhat different paradigm for developers, security professionals might have a different view."Container threats are not all that different from traditional environments," Gurkok said.That said, while the same types of threats that exist in regular IT environments are also a risk for containers, there are many tools and processes in place that can help reduce or eliminate the risks.

Gurkok noted that in IT, security professionals always like to talk about the "known knowns," that is, the items that are already understood to be a risk. To that end, there are multiple techniques that can be used to secure containers against known risks. One of the most basic risks is that of sending data in the clear, without the benefit of encryption.

Gurkok advocates the use of Transport Layer Security (TLS) through a container development pipeline. "By using a secure channel, you're making sure data in transport isn't easily compromised by a classic man-in-the-middle attack," he said.When it comes to application container images, Gurkok pointed to the Docker Trusted Registry (DTR) as a best practice.

DTR enables an organization to make use of cryptographically signed and validated applications. However, it's important to enforce a separation of images that are signed for use in development from those that are signed for use in production, he said.Docker as a technology runs on an operating system host, and as such there is a need to make sure that host is secure.

As an obvious suggestion, Gurkok strongly advocated that Docker users keep their host operating systems fully patched to protect against the risks of known vulnerabilities.There are also known configuration best practices when installing and configuring Docker on a host. One of the best ways to identify whether best practices are being used for Docker configuration is with the Docker Bench tool, which provides a baseline assessment for Docker deployment security.

Docker first announced the Docker Bench tool in May 2015, based on a 119-page report full of best practices and published by the Center for Internet Security.Once organizations are running containers in production, there are still risks from rogue applications or users.

Gurkok suggests employing robust monitoring and logging technologies.

For monitoring, it's important to capture networking traffic on both the physical and virtual network, he said.With all the logged data, another best practice is to use a Security Information and Event Management (SIEM) platform to keep track of the logs and analyze them if and when trouble is detected.Going a step further, Gurkok said he makes use of memory forensics.

Among the tools that he uses to perform memory forensics is the Volatility Framework, which includes a collection of open-source tools."Nothing can hide in memory," Gurkok said. "It's also faster than disk forensics, and you only have to focus on a smaller representation of what's running and what's doing things on a system."Key areas of container security, according to Gurkok, are platform security, content security, access controls and monitoring capabilities. More importantly, though, Gurkok said that while a lot of people have security plans on paper, the key is to actually execute on those plans and test them regularly.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.