Security News

Automated application security testing is a key component of modern SDLC practices and can economically uncover many bugs and potential security flaws with relative ease. Application security testing embraces a broad range of complementary techniques and tooling-such as static application security testing, dynamic application security testing, interactive application security testing, and runtime application self-protection.

Microsoft is thinking a lot about how to protect machine learning systems. As the paper points out, a lot of work has been done in finding ways to attack machine learning, but not much on how to defend it.

The problem of finding software vulnerabilities seems well-suited for ML systems. Going through code line by line is just the sort of tedious problem that computers excel at, if we can only teach them what a vulnerability looks like.

Enveil, the pioneering data security company protecting Data in Use, announced the release of its encrypted machine learning product, ZeroReveal Machine Learning, the first adaptable, market-ready solution allowing organizations to process data against an encrypted machine learning model. Building on the success of its ZeroReveal Search solution, Enveil ZeroReveal ML fundamentally changes the paradigm of secure data usage by allowing organizations to enable advanced decisioning through collaborative and federated machine learning in a secure and private capacity.

To celebrate International Women's Day we invite you to this all-female splinter episode. We discuss privacy, biometrics, machine learning, social media, getting into cybersecurity and, of course, what it's like to be a woman in tech.

As companies continue to grapple with the challenges of insider threats, machine learning coupled with behavioral analytics can assist in predicting and detecting potential threats from employees and contractors, according to a panel of security experts at RSA 2020. To mitigate insider threats, experts suggest that enterprises develop their own risk algorithms by coupling machine learning capabilities with behavioral analytics to understand discrepancies in employee activities.

Why so few machine learning court cases? Experts point to the fact that staple cybersecurity regulations such as the Computer Fruad and Abuse Act and Electronic Communications Privacy Act don't specifically spell out how to handle machine learning attacks. This type of attack can open up machine learning systems to anything from data manipulation, logic corruption or even backdoor attacks.

Security provider Stellar Cyber, with the first Open-XDR platform, announced its new Firewall Traffic Analysis Application, which supercharges firewalls by analyzing their data to spot undetected anomalies. With this new App, security analysts get an automated assistant to detect firewall misconfigurations, malicious users and abnormal traffic to gain new value from firewall data, improving analyst productivity typically over 20x. The FTA Application supports firewalls from many vendors including Cisco, Check Point, Fortinet, Palo Alto Networks and Sophos.

Interesting taxonomy of machine-learning failures (pdf) that encompasses both mistakes and attacks, or -- in their words -- intentional and unintentional failure modes. It's a good basis for...