CyberScoop Staff – Page 3 – WindowsTechs.com

Improving cybersecurity visibility and state and local government agencies

Posted on April 24, 2018 by CyberScoop Staff

A significant portion of state and local government technology officials in a new survey say they are under-equipped, under-staffed and under-resourced in addressing cybersecurity concerns. Four in 10 state and local IT leaders say they lack the tools they need to identify and report cybersecurity vulnerabilities in their networks, according to a study conducted by CyberScoop and StateScoop, and underwritten by Tenable. For 38 percent of respondents, this shortcoming is further exacerbated by the need for security intelligence tools that prioritize vulnerability risks. Combined, these technology gaps make it harder for security personnel to optimize their time and effectiveness. Nearly half of respondents (46 percent) said that access to more skilled and knowledgeable information security professionals would improve the ability to spot security vulnerabilities — more than any other potential enabler. Officials also said a lack of understanding about technologies and risks, and difficulty understanding security metrics, are the biggest […]

The post Improving cybersecurity visibility and state and local government agencies appeared first on Cyberscoop.

Continue reading Improving cybersecurity visibility and state and local government agencies→

Tech Brief: The future of mobile innovation in federal government

Posted on April 24, 2018 by CyberScoop Staff

In the U.S., rapid advances in mobile technology and 5G networks are expanding the scope of mobile capabilities. Even those countries without fiber optic networks are leapfrogging technologies by expanding wireless infrastructure. In federal agencies at home and field offices abroad, these developments show promise for innovative ways to use mobile devices in meeting agency objectives. Officials from federal civilian, defense and intelligence agencies pointed to recent advances in immersive training, workforce productivity and security as just some of the ways agencies can expect to build on the transformative nature of mobile technologies. “The government has to not only be able to modernize in an instant, it has to be able to continually, incrementally modernize itself on an ongoing basis,” noted Matt Lira, special assistant for innovation policy and initiatives at the Office of American Innovation in the Executive Office of the President. Lira’s comments, and those from other government […]

The post Tech Brief: The future of mobile innovation in federal government appeared first on Cyberscoop.

Continue reading Tech Brief: The future of mobile innovation in federal government→

Cybersecurity researchers identify new variants of APT34 malware

Posted on April 23, 2018 by CyberScoop Staff

Booz Allen’s Dark Labs Advanced Threat Hunt team has developed an advanced technique to discover and block new variants of malware that poses a threat to organizations worldwide. Using an open source indicator of compromise (IOC), the research team was able to identify three additional variants of malware associated with APT34, a group thought to be involved in nation-state cyber-espionage, according to a technical brief from Booz Allen. The report describes how the team used a combination of open-source reporting and “acquired sources of threat intelligence,” then combined this information with its own tools to perform deep analysis on known APT34 behaviors. “The life cycle of an openly reported IOC does not end when an operator deploys the indicator to a sensor, or a threat hunter checks their security information and event manager (SIEM),” said the report’s authors, Chad Gray and Will Farrell. “Merging the IOC with internal or external […]

The post Cybersecurity researchers identify new variants of APT34 malware appeared first on Cyberscoop.

Continue reading Cybersecurity researchers identify new variants of APT34 malware→

How to find and remove advanced persistent adware in your network

Posted on April 9, 2018 by CyberScoop Staff

A unique form of advanced persistent adware (APA) recently found by the Booz Allen Dark Labs’ Advanced Threat Hunt team is lurking on enterprise networks and can evade traditional forms of cyberdefenses. But a new report, published by the same team, offers methods to hunt and remove the adware in networks. The APA has been classified as an Advanced JavaScript-Based In-Memory Stage 1 Downloader because it is built on JavaScript, runs strictly in memory and functions as the downloader for the second stage of the APA’s attack. The adware is a previously known threat commonly used to inject advertisements into a user’s browser and covertly collect information about the user’s browsing activity. The first-stage loader could then be used to execute an arbitrary code easily repurposed for additional targeted attacks. The APA is unique because it leverages advanced techniques typically only seen in attacks attributed to nation-state advanced persistent threats. […]

The post How to find and remove advanced persistent adware in your network appeared first on Cyberscoop.

Continue reading How to find and remove advanced persistent adware in your network→

Tech Brief: Put your mobile strategy to work for agency transformation

Posted on March 12, 2018 by CyberScoop Staff

There are more mobile devices than people in the world. Most likely, you and other federal employees are completely comfortable navigating life around a personal smartphone. More than three quarters of Americans do — using it for everything from reading to connecting with friends to tracking your health. So why are so many federal agencies still stuck in the PC era, and what’s keeping them from capitalizing on the inherent productivity gains that a mobile strategy can provide? What may be surprising: Your agency may already have the available mobility tools needed to boost workforce productivity, enhance mission outcomes and improve security, according to a new tech brief on mobile strategies in government. Mobile Myopia Too often in the federal workforce, “mobile” means remote access to work email and calendars — and stops there. Employees find themselves chained to their desks to perform tasks that they could do faster, more […]

The post Tech Brief: Put your mobile strategy to work for agency transformation appeared first on Cyberscoop.

Continue reading Tech Brief: Put your mobile strategy to work for agency transformation→

Tech Brief: Is your SOC ready for the next-generation threat?

Posted on March 9, 2018 by CyberScoop Staff

Just as hackers develop new offensive tools, tactics and procedures, agencies must constantly change their techniques to match today’s sophisticated threats. A “next-generation” Security Operations Center (SOC) lets defenders find these new threats while making networks harder to exploit and data more secure. While most organizations already have the tools for a next-generation SOC, a full transition will allow analysts to hone their skills so they become more effective and efficient, stopping threats faster than ever before. The hunt is on The primary goal of a next-generation SOC is to identify and respond to cyberthreats in rapid fashion – even the so-called “unknown-unknowns” that do not meet any predefined rules. Tools alone will not stop malicious actors, as they’ve continually learned to evade and adapt to the latest tech. With a transition to a next-generation SOC, these threats can be quickly discovered, allowing security analysts to find the unfindable, such […]

The post Tech Brief: Is your SOC ready for the next-generation threat? appeared first on Cyberscoop.

Continue reading Tech Brief: Is your SOC ready for the next-generation threat?→

Closing the gaps in federal endpoint security

Posted on February 27, 2018 by CyberScoop Staff

A new CyberScoop study shows government agencies are making varying progress implementing methods to secure mobile smartphones, tablets, sensors, wearables and other endpoint devices accessing their networks. However, the growing proliferation of devices accessing agency networks -including employees’ personal devices – is also increasing attack surface area for cyber threats. More than half of agency IT officials are concerned about network attacks from endpoint devices. And while 6 in 10 say securing government-issued mobile devices is a top concern over the next 12 to 18 months, many may be overlooking technologies they already have or own to address security concerns. This online survey, conducted by CyberScoop and underwritten by Samsung, provides a new snapshot of what matters most to federal IT and security leaders in securing endpoint devices accessing their networks — and where key gaps remain. The study surveyed qualified federal government information technology and cybersecurity officials who have […]

The post Closing the gaps in federal endpoint security appeared first on Cyberscoop.

Continue reading Closing the gaps in federal endpoint security→

How identity can control shadow IT

Posted on February 26, 2018 by CyberScoop Staff

Cloud has fundamentally changed the way that IT departments have to think. While enterprises use to look for monolithic software packages that threw usability to the wayside, employees now want consumer-focused solutions that solve specific business needs. Each of these applications come with their own identity and data management problems, which can lead to frustration among IT and security teams. It doesn’t have to be this way. By focusing on identity management, IT departments are able to solve for many of those concerns and actually simplify access to cloud applications, which makes them more secure. In the latest CyberScoop Radio podcast, Chris Niggel, Okta’s director of security and compliance talks about how identity management can be the catalyst to turn shadow IT into distributed IT. By implementing a strong tool, users can get their work done at any time from any place, while security teams can be confident their enterprise’s […]

The post How identity can control shadow IT appeared first on Cyberscoop.

Continue reading How identity can control shadow IT→

Information security in the DevOps age: Aligning conflicting imperatives

Posted on February 6, 2018 by CyberScoop Staff

DevOps is quickly becoming the default development methodology for government agencies. Forty-two percent of states are now adopting DevOps and another 37 percent of states have DevOps pilots underway, according to the latest survey of state CIOs from the National Association of State Chief Information Officers. The benefits of DevOps are undeniable, but the current model may be creating security blind spots in applications that could have ramifications for the entire enterprise. A new CyberScoop tech brief, sponsored by Tenable, explores how organizations can narrow the collaboration gaps between developers and information security professionals that can lead to costly enterprise security vulnerabilities. It also explains how a new generation of automated tests can quickly identify coding vulnerabilities in ways that jointly support the needs of DevOps and information security teams. The report delves into the increasing importance of software containers for DevOps team. Containers speed application development and deployment by providing […]

The post Information security in the DevOps age: Aligning conflicting imperatives appeared first on Cyberscoop.

Continue reading Information security in the DevOps age: Aligning conflicting imperatives→

Tech Brief: Leveraging your network to fortify cybersecurity

Posted on January 26, 2018 by CyberScoop Staff

Enterprise CIOs and CISOs face a constant barrage of challenges, often leaving them little choice but to rely on best-of-breed products to shore up their organization’s cybersecurity posture. In today’s fast-changing threat landscape, however, that can be a dangerous gamble. Whether you’re trying to modernize your IT, lower your operating costs or improve cybersecurity, how you build your network is often the determining factor in whether you succeed or fail. A new CyberScoop Tech Brief, sponsored by Cisco, explores how taking advantage of modern, sensor-aware servers, switches, routers and security devices not only enables a holistic cybersecurity strategy, but also lowers operating costs and improves performance. Realizing the potential modernization and cybersecurity improvements promised by the passage of the Modernizing Government Technology (MGT) Act calls for agencies and commercial enterprises alike to recognize that the key place to start is with the network. Strategically enabling the security features of existing […]

The post Tech Brief: Leveraging your network to fortify cybersecurity appeared first on Cyberscoop.

Continue reading Tech Brief: Leveraging your network to fortify cybersecurity→