Security News > 2020 > August

If Paul Newman's Cool Hand Luke character were to address the security industry, his opening line would likely be: "What we have here is a failure to correlate." Today, one of the major deficiencies affecting security is not a lack of data or even an aggregation of data, but the central problem is one of correlating data and connecting the dots to find otherwise hidden traces of attack activity. 70% suffer from data and alert fatigue 75% from visibility gaps 75% from tool failure 75% from a gap in people skills.

An internal investigation typically follows five key phases: a trigger event; a legal hold and custodian interviews; requests for data and data collection; processing, review and analysis of files; and the recommendation of next steps. While complaints to HR alleging discrimination or harassment based on race or gender are among the most common triggers of an internal investigation, other triggers include leaked or stolen intellectual property, whistle-blower complaints alleging fraud or compliance violations, the loss or theft of physical assets, or leaked or stolen data containing sensitive or personally identifiable information.

Even though operating in the cloud offers many advantages to developers, security is often seen as an obstacle that prevents developers from truly embracing the speed and agility of the cloud. DevOps teams are challenged by the rapid nature of change in the cloud.

In their most recent threat spotlight report, Barracuda researchers observed that 6,170 malicious accounts that have used Gmail, AOL and other email services, have been responsible for over 100,000 BEC attacks which have impacted nearly 6,600 organizations. What's more, since April 1, these 'malicious accounts' have been behind 45% of all BEC attacks detected.

This increased strain has increased the need for DevOps and database DevOps processes, with 41% of respondents in the healthcare sector saying they have adopted DevOps across some projects to free up developer time and increase the speed of delivery. "We know that the healthcare sector is facing unprecedented demands from the pandemic and other regulatory struggles, and DevOps is the best way to tackle these issues," said Kendra Little, DevOps Advocate, Redgate.

Datadog has acquired Undefined Labs, a testing and observability company for developer workflows. "By enabling observability early in the development cycle, we can help teams optimize builds and gain visibility into key continuous integration and delivery workflows. Undefined Labs will form a solid basis for making observability a key part of every development cycle by diagnosing, catching, and avoiding performance challenges long before they hit production."

Avaya updated its branding architecture to align its portfolio under the Avaya OneCloud name. Avaya OneCloud encompasses the entire Avaya portfolio, offering rich capabilities across contact center, unified communications, collaboration and CPaaS. Solutions and products are now categorized into three focus areas: Avaya OneCloud CCaaS, Avaya OneCloud UCaaS and Avaya OneCloud CPaaS. Because Avaya offers a range of operational, consumption and commercial models, the entire portfolio can be deployed in the cloud - including subscription and managed services, as well as Avaya's private and public cloud offers.

How can security leaders maximize security budgets during a time of budget cuts?While some security programs have become bloated, many don't necessarily deserve to be cut. Given the gravity of today's situation, it's time for security leaders to step in and do what they can to justify spending that bolsters their company's overall security posture.

DEF CON In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology. Technical details have been withheld from the public to give gadget makers time to implement and roll out Qualcomm's fixes, which will take time.

Six serious bugs in Qualcomm's Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday. The researchers further focused on the communications between Android handset CPU and the Qualcomm DSP within the Hexagon framework.