A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations.
The post Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards appeared first on SecurityWeek.
Out-of-control devices run the gamut from known to unknown and benign to malicious, and where you draw the line is unique to your organization.
The post Reigning in ‘Out-of-Control’ Devices appeared first on SecurityWeek.
Over a nine-month audit, Google researchers identified ten security defects in Intel TDX, including nine vulnerabilities addressed with TDX code changes.
The post Google Audit Finds Vulnerabilities in Intel TDX appeared first on SecurityWeek.
Texas startup scores financing to build an AI-powered anti-ransomware engine to help organizations ward off data-extortion attacks.
The post Halcyon Secures $50M Funding for Anti-Ransomware Protection Platform appeared first on SecurityWeek.
When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security.
The post Why Endpoint Resilience Matters appeared first on SecurityWeek.
Intel shares information on the security improvements brought by its new vPro platform powered by 13th Gen Core processors.
The post Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform appeared first on SecurityWeek.
Google has announced the discontinuation of the Chrome Cleanup Tool, an application for identifying and removing unwanted software.
The post Google Discontinuing Chrome Tool for Removing Unwanted Software appeared first on SecurityWeek.
Recently, a friend brought up the term “carcinization” and I must admit, I had to look it up! Turns out the term was coined more than 100 years ago to describe the phenomenon of crustaceans evolving into crab-shaped forms. Today, there are even memes for it. So, what does this example of convergent evolution have to do with security? It’s an apt description of how the security industry has evolved and why security leaders often struggle to determine the right security investments for their organization.
The security industry started out with a series of point products to solve very specific challenges. Organizations used endpoint antivirus, firewalls, IPS/IDS, and routers to protect themselves. Email and web security tools were soon added, along with SIEMs and other tools like ticketing systems, log management repositories and case management systems to house internal threat and event data. Endpoint detection and response (EDR) tools then came into the mix and a few years later served as the jumping off point for the next phase in the industry’s evolution. That’s when the traditional walls between endpoint and network security technologies began to crumble and product categories were no longer clearly defined.
Everything starts to look alike
When the concept of extended detection and response (XDR) was introduced a couple of years ago, industry analysts each seemed to have slightly different, but colliding, definitions of it. Some said XDR is EDR+ (with different opinions as to what the + consisted of) while others said XDR isn’t a solution at all, but an approach or an architecture. Those conversations continue today.
Now the industry is talking about threat detection, investigation and response (TDIR) platforms and depending on who you ask about the difference with XDR, you’ll get a different answer. Some say XDR is an overarching architecture and TDIR is the platform that integrates all the capabilities required for XDR. Others say TDIR is a process. And another contingent says they are one and the same.
The varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies to strengthen their organization’s security posture. At a time when the market should be maturing and moving security to a better place, these discrepancies prevent that from happening.
Use cases, not labels
So, how can security teams cut through the noise and confusion? In the carcinization of security, where everything starts to look and sound alike, it’s critical to focus first on use cases. To do this, start with what you are trying to accomplish, the associated workflows, and the people, processes, and technology required. From there, you can look at where the gaps exist and where to invest to achieve your goals.
Sometimes you may need a specific technology for a specific use case. Or, ideally, you find a platform that can handle multiple use cases security professionals are focused on today as security operations centers (SOCs) mature. These include spear phishing, threat hunting, alert triage, vulnerability prioritization and incident response.
For each of these use cases, context is critical to understand the who, what, where, when, why and how of an attack. With a security operations platform that can aggregate and correlate internal threat and event data with external data on indicators, adversaries and their methods, you can analyze multisource data and understand relevance to your environment based on parameters you set. Once you have the right data and context, you can pivot around a specific piece of data to understand and act. You can parse and analyze spear phish emails for prevention and response, prioritize alerts for triage, identify vulnerabilities to patch first, and accelerate threat hunting. Integration with the right tools allows you to send data back out across your defense grid to accelerate incident response, including blocking threats, updating policies and arming the organization against the next wave of attacks.
The truth is, the walls established to separate product categories should have been challenged sooner for the benefit of security. Organizations considering the latest acronym or spurred by the latest attack may have selected a different, more effective tool or platform depending on their goals, internal resources and capabilities. When everything starts to look like a crab and walk like a crab, we can’t rely on labels. We need to look at use cases, desired outcomes and the best path to get us there.
The post Dealing With the Carcinization of Security appeared first on SecurityWeek.
Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.
Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.
