Could Phishing Expeditions Stop Cold with Deeper Insight?

VoIP, Partners, SMB Solutions, call center, certification, voip services, voip equipment, Media Processing, hardware, middleware, opensource, SIP, SBC, Wireless, ims, Triple Play, Switching, VoIP Peering, regulation

PREVIOUSLY PUBLISHED TO TMC NET SECURITY

Easy Solutions, a fraud protection company, recently did some research into phishing attacks against a Top 25 US Bank during a three-month period. From September of 2015 until December, it seems these “phishermen” were quite busy. What’s most alarming is that these attacks were done during a season that leaves us most vulnerable to attack and where many of us won’t even realize that have been a victim until much later on.

During such a busy time in commerce, many of us won’t even know we were victims until much later down the road. This next bit of information might tell us why.

Easy Solutions broke down over 3,030 cases at just that one bank. What’s most interesting about this finding is that in each case, the common denominator was that each instance targeted around 190 people on average.

If we factor in how many banks there are – not just in the United States, but all over the world – and consider that this is a yearlong plague, we start to see the bigger picture.

Easy Solutions grouped the attacks into three main categories. Parameters were based on how sites were created as well as whether or not the domains are registered – including the domain provider and the location of each server.

The company decided that many of these sites were created as traps, only meant to serve a few stragglers at a time.  These people would accidently stumble upon the site or be directed there through some other devious means. And, it has been proving successful.

Each group of sites were then broken down. Location was a big factor in the next step of the process. Other factors were Whois information, the types of phishkits used and the strategy for getting people to the site.

Daniel Ingevaldson, CTO of Easy Solutions, states, “When institutions can more effectively characterize their attackers, they can then more successfully combat phishing attacks – by tuning consumer education campaigns, changing web site countermeasures, or adjusting risk scoring during phishing campaigns.”

Armed with new information, consumers can better differentiate between a genuine source and a scam. They will know which sites to stay away from, and gain confidence in those that they trust.

In a day where we are including our entire business on a cloud platform, there are still many that refuse to use their credit card online for these purposes. Institutions, such as the IRS, PayPal (NewsAlert) and Bank of America, are repeat victims of fraud. Customers and those who aren’t even affiliated with the organizations are often tricked through scare tactics and extortion strategies.

By understanding the source, it’s easier to shut fraud down – one scammer at a time. By better understanding domains and locations that are frequently associated with this fraud, it’s easier to pinpoint all source of fraud on a regular basis… stopping it cold in its own tracks. 

Continue Reading

Striata’s New SDR Enforces Privacy in Cloud-Based Systems

Cloud Computing Magazine | TMCNet, Technology Marketing Corporation

Previously published to TMC Net’s Cloud Computing Magazine

For those migrating to cloud-based systems, there has been slight hesitation where security is concerned. Within reason, there are many companies that are more precautious when moving proprietary and confidential information to a “free for all” type of platform. Then, there are those that realize cloud-systems may actually be more secure than their own in-house servers, and enjoy the benefits of monitoring and lockout. Likewise, there are those that refuse to become part of the shift, out of fear of data loss and hijacked information.

Striata – a company dedicated to Customer Communications Management software and document security technologies – launched an innovative Secure Document Repository (SDR) Solution. This solution brings enterprises, both large and medium, six layers of protection, bringing enhanced data protection. What’s better is that this solution not only keeps data secure within the cloud, but it also protects data once it leaves the cloud.

With a new strategy in enforcing privacy within the cloud system, this SDR focuses directly on data breaches that plague the global community to ensure safe defense in daily operations, especially for those who regularly access or work within the cloud.   For many companies, this means highly sensitive information, including financial data, trade secrets, customer profiles and payment options.

Requiring minimal set up, Striata has implemented an extra secure “security vault” into their new solution that protects documents for access only by assigned parties. This may include a customer or an official representative of the company.  

Search capabilities allow permitted parties to access various information within the system, as long as those parties have permission to access these documents. This includes self-servicing for customer service features. Data can be replicated to provide unique accessibility to specific customers, while eliminating redundancy to system filing. This saves companies time and money, while serving the end-customer more effectively.

Through enhanced layers of protection and extra encrypted data, users are able to access cloud-hosted documents just as they ever would. This technology is able to embed itself into most extension and file types. It is also able to be accessed via mobile applications and web portals. Smart compression significantly reduces large file sizes, allowing them to store at a convenient rate and assists in keeping documents secure.

“Our SDR launch is very timely given the fact that data breaches are continuing to be on the rise and are a major expenses to organizations that experience them,” stated Striata CEO Michael Wright. “In fact, a recent study by Kaspersky Lab (NewsAlert) showed that enterprises lose half a million dollars on average from a security breach. However, we believe organizations can avoid the high cost of this security threat by simply making a strategic investment into technologies like our SDR product.”

Considering the damage that businesses face through identity theft, hacks and unauthorized access to corporate strategies, some businesses may feel that it’s better to be safe than sorry. Establishing some form of cloud security option is inevitable, as enterprises evolve to meet industry standards. Added security will only strengthen enterprises by keeping all data – corporate and client – safe, secure and intolerant to theft.

Continue Reading

BrightPoint Security Enhances Community-Based Threat Intelligence Capabilities

Cloud Contact Center | TMC Net

PREVIOUSLY PUBLISHED TO TMCNET’S CLOUD SECURITY

It’s no secret that criminals will always search for ways around even the most advanced security, whether with the mission to takeover, destroy or steal. Cyber attacks are imminent for all businesses that find themselves doing well – or at least appearing to be. Early warning signs aren’t always there to shield businesses from threat; but when they are, BrightPoint Security can provide solutions, intelligence and protections amongst their IT infrastructures and partner ecosystems.

 BrightPoint Security’s Threat Intelligence Platform provides “automation, curation and the sharing of threat intelligence” amongst enterprises, helping them to shield against cyber attacks based on trends and vulnerability. In the latest Sentinel release BrightPoint Security has added enhancements to give IT security professionals better insight, almost immediately, for predicting when potential threats could strike, as well as the risk level that comes with it, enabling IT to enforce security controls.

Of interest here is the use of community-based threat intelligence which allows businesses to share experiences, providing insight to one another and awareness of current and emerging threats across enterprises, their digital ecosystems and infrastructures.  In this way community member will be able to at first assessment to remediate potential risk, while calculating velocity, time and frequency of future attacks.

An evolved technology from the already widely received Security Command Platform (SCP), Sentinel adds modules and deeper insight to how to avoid these attacks through Sentinel’s Trusted Circles. As BrightPoint Security notes, the solution is unlike other threat intelligence platforms that focus only on the tracking of popular, volume-based threats.  Utilizing early prediction forecasts, Sentinel is characterized as a weather map of trending threats to the digital ecosystem.

“An industry first, this predictive insight and threat trending dashboard gives organizations the solution to determine the urgency of response needed to protect themselves,” states Rich Reybok, BrightPoint CTO. Reybok continues, “Today’s offering helps customers drive security strategy and get the most out of their security investments and resources by now having the ability to respond to the most immediate and relevant impending threats and to mitigate exposure fast.”

The latest release of Sentinel allows integration with Carbon Black, scanning the environment for any and all internal threats to provide real-time insights within set perimeters. “Working with BrightPoint’s evidence-based solution enhances our support across customers’ ecosystems and infrastructures with predictive insights into risk-prioritized actions for remediation,” said Brian Hazzard, Bit9 (News – Alert) + Carbon Black VP of Technical Alliances. “Adding the endpoint into the mix of threat vectors deepens organizations’ overall view of the threat landscape of their organization and those with whom they share information in their ecosystems.” 

Continue Reading

Security Concerns Limit Cloud Technologies

Cloud Contact Center | TMC Net

Previously Published to TMC Net’s Cloud Security News

Netwrix Corporation conducted a survey on cloud security, interviewing more than 600 IT professionals around the world. These professionals cater to various tech, healthcare, finance and government sectors of industry. IT professionals amongst other sectors were also surveyed, answering questions on cloud security as a whole, in addition to the “expectation from cloud providers and the measures being taken to ensure data security.”

As convenient, efficient and cost-effective as cloud technology is, 13 percent of overall organizations reject the adoption of cloud technology in the future. Of those 30 percent , there are many professionals moved to reconsider this decision pending improvements in cloud security mechanisms. On the other end of the spectrum, 71 percent of all enterprises perceive continuous auditing of cloud infrastructure “very important” in guaranteeing the security of data and ensuring data integrity “in the cloud.” These professionals have adopted this technology and understand the necessary monitoring of cloud security in protecting valuable and proprietary information, on behalf of their employer.

Image via Pixabay

“We wanted to find out the exact reasons that prevent companies from cloud adoption and taking advantage of all the benefits it offers,” states Alex Vovk, CEO and Co-Founder of Netwrix. “The survey revealed the interesting fact that even though the cloud is not a new technology, the cloud market has a good potential to grow further. Advanced security solutions and true visibility into what is going on across the cloud infrastructure will help companies minimize security risks, take back control over business-critical assets and accelerate cloud adoption.”

Further insight reveals that while 6 percent of the surveyed professionals are most concerned with the security when “migrating to the cloud,” as much as 40 percent are actually concerned with the loss of physical control over the data.  They prefer storing sensitive data in-house. Therefore, total adoption of cloud-technologies is limited, as many are merely integrating them into their current infrastructure for remote accessibility, communications and collaboration. Only 37 percent of businesses are prepared to invest in additional security. Thus, a hybrid cloud model is preferred; 44 percent of respondents admit to this and only half of the respondents are even planning on improving their own security for identity and authentic management, utilizing encryption or establishing auditing changes and user activity.

Providing these statistics to the IT world will allow Netwrix to better serve the 150,000 IT departments relying on Netwrix for increased efficiency of IT operations and through infrastructure audits of changes and data access. These companies also rely on Netwrix’s ability to prepare compliance reports on their behalf. Award-winning and highly-favored amongst some of the world’s top corporations, Netwrix continues to provide accurate data to the businesses associated with the company’s long list of clientele.

Continue Reading

HP Aruba Empowers Smart Venues

iot, m2m, drone, fog computing, edge computing, smart home, smart city, connected home, smart transportation, wireless, big data, iot power, cloud computing, infrastructure, security, cybersecurity, manufacturing, supply chain, IIoT, industrial IoT, autonomous

Previously Published to TMC Net’s IoT Evolution

Provider of next-generation enterprise networking solutions, Hewlett Packard’s enterprise company, Aruba, delivers IT solutions meant to empower organizations. Serving the now generation of mobile-savvy users by creating cloud-based business apps for “every aspect of their work and personal lives.” Aruba recently announced the “next wave” of the Aruba Mobile Engagement solution. Aruba also announced the inception of the a new app developer partnership program, “encouraging innovation at the pace of mobility.”

Designed for integration with multi-vendor Wi-Fi networks and beacon analytics, location-based mobile solutions will be providing organizations with a deeper understanding of their internal users, whether an employee or a customer, allowing them to better engage with specific more effectively. In-venue, locational triggers will allow businesses to directly interact with the consumer base, enhancing customer experiences through brand engagement strategies. This will impact vendor potential and expand opportunities for revenue growth.

Accelerating innovation in location-based mobile technologies, Aruba has also partnered with promising vendors, who have been creating amazing new features and applications for integration within the “Meridian Mobile App Platform” for developers. This, powered by Aruba Beacons and Aruba Mobile Engagement, has also led to the satisfaction of an existing customer base in the early stages of adoption. For vendors currently using these technologies, the results have been almost game changing.

Aruba Beacons are paired with Bluetooth radio technologies in combination with a Wi-Fi client, to allow cloud-based beacon management throughout multi-vendor networks and through secure Wi-Fi connections. Aruba Sensors, newly merging into the Internet of Things (IoT) scene, are enterprise-grade focal points that relay battery life data, power settings and beacon location through management and monitoring of data. Cost effective, Aruba Sensors easily integrate into pre-existing IT networks. The also transmit vendor information through the beacons to mobile devices, based on consumer preferences.

Directly interacting with customers, enterprise businesses are able to communicate important information straight-to-device, through location-based triggers and the customer’s proximity to an Aruba Beacon. Analytics will be transmitted to a central location via Aruba Sensors, which measure the customer’s behavior and interaction with the brand, based on certain proximities. This data is considered valuable business intelligences that will allow the brand and mobile developers to transform in meeting the growing needs of each consumer.  

Growing in demand and popularity, technologies are being deployed and integrated at larger scales than before. This increases complexity and challenge. The Aruba Meridian platform is designed to power an unlimited amount of location-based applications at any one given time. Even with all infrastructure aligned and capable of handling heavy-duty activity, complexity and speed, creativity poses as a limitation in process.

This inspired the new application partnership program, allowing vendors to create apps for venues that streamline productivity, check-in processes and create efficiency for customers as they enter venues with a specific purpose. These efficiencies save time, money and confusion. They also allow for better communication between teams, consumers and the venue, itself.

“Our booking system, combined with the Meridian Mobile App platform, provides a complete solution with visibility into meeting room availability, their amenities, and the location and directions,” states Sam Dunn, CEO of Robin. “Together we’re helping people find the right tools, at the right time, so they can do better work.”

Partnering with other enterprise mobile developers, Aruba is given more freedom to focus on the “how to make it all work” element behind these new possibilities. Many of these partners already had solutions but needed a system like Aruba to put them to use. Aruba’s infrastructure is protected and highly secure, meaning user data will remain private. In a recent statement by the company, “Aruba estimates approximately 48 hours of time savings in a 1,000 beacon deployment during a single maintenance window.” Connecting various vendors to one system allows increased efficiency in management of systems and reduces overall IT costs through the utilization of this one central unit.

Continue Reading