Security News

The increasing use of containers and orchestration tools, such as Kubernetes, are driving demand for new cloud security and application deployment processes, according to research from the Cloud Security Alliance presented Monday at the RSA 2020 conference in San Francisco. "As we have seen with the use of containers and micro-services and compliance, when you further segment things off, there's a functionality benefit from that," Yeoh tells Information Security Media Group.

TCP source ports only need to be unique for each outbound connection, so most programmers simply let the operating system choose a port number for them, known in the jargon as an ephemeral port. Most of the time it won't, because the crooks use source port numbers below 10000, while conventional software and most modern operating systems stick to source port numbers of 32768 and above.

Cloud-based collaboration technologies and workforce turnover have become major drivers of data exfiltration as insider threat programs fail to keep pace with today's digital workplace, a Code42 survey reveals. Collaboration tools rated among top vectors for data exfiltration.

Sumo Logic, the leader in continuous intelligence, announced the availability of its new Cloud SIEM Enterprise offering, which includes a rich set of capabilities to ease the burden on security operations center personnel. The new capabilities help identify and prioritize high fidelity threats and automate the analyst workflow, allowing SOC personnel to better manage real security events and effectively enforce security and compliance policies.

As a leader in WAF and API security technology, F5 delivers application security with consistent policies and controls across hybrid- and multi-cloud environments. "Our security strategy is rooted in what customers are trying to accomplish-optimum app performance with maximized uptime, lower overall costs, and reduced losses due to fraud or abuse," said John Morgan, VP and GM of Security at F5. "Security remains a key area where we see conflict between increasing business velocity and implementing adequate protections. F5's application security solutions free developers to focus on the application business logic and customer experience while also providing world-class threat protection with policy and control consistency across on-prem and cloud environments."

Anitian, a leading cloud security and compliance automation provider, announced Documentation Automation, an enhancement to its Cloud Security Platform that automates documentation for the most stringent compliance standards. "The automation of security and compliance documentation represents a final frontier in automating a company's journey to the cloud," said Andrew Plato, Anitian Chairman and CEO. "What used to take 12 to 18 months and teams of people to complete can now be done in days, even hours, with Anitian's Vision Portal."

Google's reCAPTCHA Enterprise and Web Risk API get a general release; Chronicle Security gets boosts from new threat detection and timelining features. Google has made a number of security announcements at RSA 2020, including upgrades to its Chronicle Security platform and the general release of its reCAPTCHA Enterprise and Web Risk API tools.

With security as the guiding factor, financial services companies are ahead of all other industries in deploying hybrid clouds, but they lag behind others in their use of multi-public cloud services, according to a newly-released report. SEE: Hybrid cloud: A guide for IT pros The report was focused on cloud deployments and planning trends in the financial services industry.

SS8 Networks, a leader in Lawful Intercept and Monitoring Center platforms, is proud to announce the completion of the first Lawful Intelligence platform built on Amazon Web Services for Operators and Law Enforcement Agencies globally. SS8 has deployed the SS8 platform on AWS to provide customers flexibility, scalability and removes the complexity and costs associated with the mobile core.

On Wednesday, cybercriminals posted the information of more than 10 million MGM Hotel customers on a hacker forum, exposing their personal data to thousands of criminals nearly a year after the initial breach. In a statement to ZDNet, an MGM spokesperson said: "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter." The hackers dumped the personal details-which include full names, home addresses, phone numbers, emails and dates of birth-for 10,683,188 former hotel guests, including Justin Beiber and Twitter CEO Jack Dorsey.