KnowBe4 Webinar: The Social Engineering Battlefront, featuring Gartner

Mitigate the social engineering threat with new-school security awareness training and simulated phishing.

For more information contact us at sales@telescience.asia

To watch the webinar click on this button

About KnowBe4

KnowBe4 is the world’s most largest and popular integrated Security Awareness Training combined with Simulated Phishing attack platform, utilizing social engineering methods and strategies to conduct training. Founded in 2010, a US company located in Tama Bay, Florida with over 19,000 customers base across different sectors globally. Managing by CEO & employees of ex-antivirus experts and IT security Pros. KnowBe4 has been a winner of two consecutives Inc. 500 awards.

High-Power PoE

The proliferation of Wi-Fi-based devices, together with the growing number of data-intensive mobile applications, has created an astounding demand for powerful wireless Wi-Fi access points, 3G/4G/5G small cells, and wireless back-haul equipment. These require fast and cost-effective installations, as well as secure, reliable power sources.

Physical threats continue to be a major concern for governments, industry, and consumers alike, in an increasingly connected world. Modern physical security systems must process large amounts of data and transform it into information that can help us identify and prevent threats. IP connectivity, either through wired Ethernet, WiFi, or HDBaseT, is increasingly common. Energy efficiency is another critical consideration, especially as security systems cover both indoor and outdoor venues.

Power-over-Ethernet (PoE) technology is widely adopted in wireless applications, it’s ubiquitous on WLAN access points, access control devices and security related accessories, such as audio systems. The technology is also excessively leveraged physical security applications, it’s ubiquitous on network surveillance cameras, audio systems and sensors.

Our Power-over-Ethernet (PoE) mid-spans address unique requirements of Wireless-LAN, Physical Security and other IP-based applications in indoor, outdoor and industrial environments. The new IEEE802.3bt standard delivers up to 90W enabling most enterprise devices to be powered by PoE. Our PoE systems are IEEE standards compliant, tested and approved by industry leading vendors and have millions of ports installed worldwide. We offer a complete product portfolio, from single-ports to 24-ports, indoor, outdoor and industrial rated, full-power on all-ports and lifetime warranty on all multi-port products. Microchip’s PoE systems offer significant differentiators and unique features, enabling you to succeed.

For more information contact us at sales@telescience.asia

SECURITY WATCH LIST FOR 2019

Based upon Ixia-collected data and historical activity, the Ixia ATI team predicts the following six trends for 2019:

Trend 1: Abuse of Low-value Endpoints will Escalate

Until basic security hygiene improves, hacks like Mirai and cryptojacking will continue unabated. With more devices connecting to the internet every day, the number of targets continues to increase — and so will the number of victims.

Trend 2: Brute-force Attacks on Public-facing Systems and Resources Will Increase

This attack vector has existed for close to 20 years. While solutions exist to eliminate this attack vector, we continue to see the same mistakes made repeatedly by vendors and IT practitioners. It appears there will always be a server out there with the username “root” and the password “password” that a hacker can exploit. Individuals can prevent attacks on their systems by changing default credentials, but only adoption of two-factor and public/private key authentication will provide a permanent solution.

Brute-force exploits will also increase significantly for enterprises and carriers with the proliferation of IoT devices. Many forget, or do not understand, that these devices ship with default credentials. In addition, the devices are actively broadcasting — so they can connect to an internet router and relay data. Attackers can exploit this mechanism to connect to the IoT device and take it over.

Trend 3: Cloud Architectures Create Complexity That Increases Attack Surfaces

On-premises architectures gave security personnel complete control of their equipment and architecture. Public cloud-based solutions give no control over server and network architecture. Attacks like Spectre (CVE-2017-5753) and CVE-2019-6260 are just the beginning of the new types of attacks aimed at cloud users and their data. The speed and dynamic capabilities of public clouds have unfortunately exposed a new attack vector: service misconfiguration. Misconfigured services provide an open gate that hackers and bad actors can walk through, often with disastrous results.

Trend 4: Phishing Attacks Will Become More Focused During the Next Two Years

Enterprises invest thousands to train employees to recognize phishing attacks. In response, hackers create better phishes that are less obvious to victims, and more targeted. Growing Office 365 and Google G Suite adoption will help slow down phishing momentum. Both tools provide some phishing indicators. However, well planned attempts will get past these newer defenses. Hackers will relentlessly attack any system that provides a larger potential payoff.

Trend 5: Multi-phase Attacks That Use Lateral Movement and Internal Traffic Will Increase

Malware dwell times can exceed 100 days. Malware often goes undetected because command and control traffic is sporadic, hidden like a needle in a haystack and disguised to look like normal HTTPS traffic. Many organizations only monitor at ingress and egress points in their network. As attacks grow more sophisticated, we expect detection times will continue to grow longer. We also expect attackers to utilize more LAN-to-LAN attacks, hoping to avoid detection by abusing the trust of internal traffic. Micro-segmentation can increase visibility, helping detect and catch lateral movements.

Trend 6: Crypto Mining and Cryptojacking Attacks will Increase

For decades, hackers sought to compromise systems, steal data, and more recently ransom computers. A shift has occurred, where new attacks target the systems themselves. Rather than stealing data at rest, attacker use compromised systems for crypto mining. Old unpatched vulnerabilities previously used for ransomware or DDoS networks are easily exploited to deliver crypto mining software.

Advanced crypto miners do not depend on classic command and control architectures, making them harder to detect and prevent fluctuating cryptocurrency values may slow the growth of mining networks, but mining will continue to offer financially attractive incentives to hackers looking to make some quick money.

ABOUT KEYSIGHT TECHNOLOGIES

Keysight Technologies, Inc. (NYSE: KEYS) is a leading technology company that helps enterprises, service providers, and governments accelerate innovation to connect and secure the world. Keysight’s solutions optimize networks and bring electronic products to market faster and at a lower cost with offerings from design simulation, to prototype validation, to manufacturing test, to optimization in networks and cloud environments. Customers span the worldwide communications ecosystem, aerospace and defense, automotive, energy, semiconductor and general electronics end markets. Keysight generated revenues of $3.2B in fiscal year 2017. In April 2017, Keysight acquired Ixia, a leader in network test, visibility, and security. For more information contact us at sales@telescience.asia

WHEN SECURITY GETS PERSONAL

At the center of security efforts, we find personally identifiable information (PII)—the assets which organizations all over the world are entrusted to protect.

What is PII?
The most generic definition of PII is any information that could be used to distinguish or trace an individual’s identity. Examples include: full names, date and place of birth, and Social Security or national ID numbers, as well as medical, educational, financial, and employment information.

Do all countries in the world recognize PII?
Technically, yes. At least most of them do, but the term “PII” is specific to the United States. The EU, for example, refers to this type of sensitive info as “personal data”. Both Australia and Japan simply call it “personal information”. Regardless of the term, the concept is the same: highly sensitive data that requires protection.

What do cybercriminals do with stolen data?
You’ve likely heard the stories of major data breaches that expose the personal information of millions of people. Perhaps you’ve even been a victim of this. But what actually happens to exposed data? How do cybercriminals actually use the data?

They sell it on the dark web.Credit card numbers, national ID numbers, email addresses, and passwords all fetch certain prices on the underground economy.

They launch spear phishing campaigns. With enough information, cybercriminals increase their chances of successful phishing attacks because they’re able to target specific individuals or organizations while sounding legitimate.

They pretend to be you. Identity theft is a top concern. If attackers gain access to your personal info, they can open accounts in your name, attempt to claim tax refunds, and file insurance claims, etc.

They attack even more accounts. In the case of stolen usernames and passwords, criminals use “credential stuffing,” which is an automated attack using those same usernames and passwords to gain access to other accounts.

What’s your role in protecting PII?
First and foremost, always follow our organization’s policies, which were designed to protect sensitive data. Stay alert, treat all requests for sensitive data with skepticism, never allow someone to use your credentials (physical or digital) for any reason, and think before you click. If you see something or hear something, say something! Reporting incidents ASAP is a vital part of protecting data.

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 24,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.

Number 96 on the list Inc. 500 of 2018, number 34 on 2018’s Deloitte’s Technology Fast 500, and 2nd place in Cybersecurity Ventures Cybersecurity 500, KnowBe4 is headquartered in Tampa Bay, Florida, with offices in England, the Netherlands, Germany.

For more information contact us at sales@telescience.asia

RAD Webinar: The Secret to Fast Carrier Ethernet Service Roll Outs in Underserved Areas

Join us for a webinar in which we examine how CSPs can eliminate the 30-60 day customer set up period, even where fiber is unavailable.

To watch the webinar click on this button

 

About RAD

RAD is a global telecom access solutions and products vendor, enabling service providers and network operators to evolve any service over any network. By allowing mobile, business and wholesale service providers to decouple service evolution from network evolution, we assist them in migrating at a pace that is right for them. They can leverage existing resources and prolong the use of a large variety of their current legacy interfaces and equipment, as well as maintain network and service performance to guarantee user experience. In addition to providing an economical migration path to network edge virtualization, our Service Assured Access solutions are designed to deliver complete visibility for greater operational efficiency, as well as timing synchronization for LTE/LTE-A and future 5G deployments.

Founded in 1981, RAD has an installed base of more than 16 million units, and works closely with Tier 1 operators and service providers around the globe. RAD is a member of the $1.3 billion RAD Group of companies, a world leader in communications solutions.

Keysight World 2019 Singapore

Keysight World 2019 is coming to Singapore. Join us to increase your technical expertise and become a master in your field.

Attend in person to network with fellow industry professionals, engage with Keysight technical experts and executives, and experience live demonstrations. If you are unable to attend in person, you can watch all sessions real-time via live streaming.

RAD Augments Portfolio with OTT Carrier Ethernet and SDN Automation

NG-EADs Now Include LTE/Broadband Connectivity, SDN Control and MEF 3.0

RAD, the industry leader of Service Assured Access, today announced the addition of disruptive capabilities to its next generation Carrier Ethernet access devices (NG-EADs), part of RAD’s Service Assured Access solutions. The ETX-2 NG-EADs now feature LTE/broadband connectivity to enable Carrier Ethernet services at the customer premises.

“As the leader in the EAD market, it is only natural that RAD would extend its offering to truly cover any access requirement,” says Ilan Tevet, RAD’s Vice President of Marketing and Business Development. “By using readily available LTE or broadband networks, the ETX-2 NG-EAD allows service providers to deliver over the top (OTT) Carrier Ethernet services, a unique offering that hasn’t been available until now. This presents an opportunity for CSPs to create their own economical Layer 2 version of SD-WAN.”

The ETX-2 NG-EADs also bring service automation to the fore. They support SDN control and management, as well as a full stack of standardized LSO APIs that enable end-to-end orchestration of MEF 3.0 services across multiple providers and over multiple network technology domains. As such, they opens the door for service providers to evolve from the traditional siloed approach into integral players in a worldwide federation of cloud-like networks supporting dynamic services anywhere.

With such powerful capabilities, service providers can achieve fast time to revenue by eliminating the typical 30-90 day setup period for customer branches, while eliminating the need to lease costly last mile services from wholesale providers. The ETX-2 NG-EADs also offer optional virtualization modules to allow RAD’s customers to enhance their services in a flexible manner by hosting any third-party virtual function.

About RAD

RAD is a global telecom access solutions and products vendor, enabling service providers and network operators to evolve any service over any network using dis-aggregated architecture (DA). By allowing mobile, business and wholesale service providers to decouple service evolution from network evolution, we assist them in migrating at a pace that is right for them. They can leverage existing resources and prolong the use of a large variety of their current legacy interfaces and equipment, as well as maintain network and service performance to guarantee user experience.  In addition to providing an economical migration path to network edge virtualization, our Service Assured Access solutions are designed to deliver complete visibility for greater operational efficiency, as well as timing synchronization for LTE/LTE-A and future 5G deployments.

Founded in 1981, RAD has an installed base of more than 16 million units, and works closely with Tier 1 operators and service providers around the globe. RAD is a member of the $1.46 billion RAD Group of companies, a world leader in communications solutions.

For more information contact us at sales@telescience.asia

THE IXIA APPLICATION AND THREAT INTELLIGENCE RESEARCH CENTER

Ixia’s strategy starts with an elite team of dedicated cybersecurity professionals that form the Ixia ATI Research Center. This globally distributed team works around the world and around the clock from locations like Singapore, California, Texas, Massachusetts, France, Romania, and India. They monitor and analyze the ever-evolving indicators that could threaten the security of IT networks. The team distills that knowledge into research and rule sets. We incorporate these insights into Ixia solutions to maximize your ability to detect and combat the latest threats.

The ATI team also contributes to the larger security community. The Ixia ATI team shares what it learns with vendors that have been hacked, private agencies (e.g., www.mitre.org), government agencies (e.g., NIST and DARPA), and at global security conferences such as Black Hat and RSA. Ixia also promotes a summer security school in Bucharest, Romania, to help train new security engineers.

The ATI team assesses and validates products that are meant to secure the enterprise. The team serves as a front line of defense, monitoring internet-connected products and analyzing observed behavior to discover exploitable weaknesses in any vendors’ product. Security alerts and incidents happen all hours of the day and night, so the team takes a follow-the-sun approach. Dozens of engineers combine to form a single global team that can create and disseminate the latest security intelligence.

In many cases, the team can go from discovery to an Ixia product update within a 24-hour period. Input to the research process comes from many sources:
• International exploit databases
• The Dark Web
• Scan of security news alerts and crowdsourcing
• Twitter handles of other security researchers
• Partner feeds
• Honeypots actively looking for attacks in the wild
• Independent research (testing and reverse engineering) by the ATI team

Members of the team constantly poll multiple sources to get insights into vulnerabilities. They normalize, correlate, and organize the data to get a clear direction on the threats and how to prioritize them. Team members then investigate the threats and either validate or dismiss them. They research everything to make sure that the threat detection and prevention content deployed in our products is 100 percent correct. This deep research also gives them the utmost confidence in our data and predictions.

The BreakingPoint company established the ATI team in 2005. Ixia acquired BreakingPoint in 2012. The BreakingPoint solution is a security attack and traffic generator that network equipment manufacturers, service providers, governments, and enterprises use to validate network and security resiliency while under load and attacks. Generating traffic using threats based on real-world research is just one way that Ixia and Keysight help harden solutions for applications as diverse as automotive and Internet of Things (IoT) solutions.

Ixia’s ATI threat intelligence feed incorporates data in a way no other provider offers. While others in the industry create automated intelligence platforms or open source feeds, those solutions are generally tailored to provide insights related to specific products in a vendor’s portfolio. For example, a feed from Microsoft may focus on vulnerabilities related to products and threats relative to the Microsoft portfolio. Ixia threat feeds look at the internet on a global scale, and provide actionable intelligence based on internet-wide telemetry.

ATI intelligence takes the form of a “rap sheet.” A rap sheet captures threat intelligence via a proprietary database of known bad actors or offenders. The database is constantly updated, providing real-time actionable threat intelligence. The team validates blacklisted sites continuously, updating the database to ensure new threats are tracked and false positives are removed. Automated rap sheets provide updates as often as every five minutes, delivering the data in real time to Ixia visibility solutions.

ABOUT KEYSIGHT TECHNOLOGIES

Keysight Technologies, Inc. (NYSE: KEYS) is a leading technology company that helps enterprises, service providers, and governments accelerate innovation to connect and secure the world. Keysight’s solutions optimize networks and bring electronic products to market faster and at a lower cost with offerings from design simulation, to prototype validation, to manufacturing test, to optimization in networks and cloud environments. Customers span the worldwide communications ecosystem, aerospace and defense, automotive, energy, semiconductor and general electronics end markets. Keysight generated revenues of $3.2B in fiscal year 2017. In April 2017, Keysight acquired Ixia, a leader in network test, visibility, and security. For more information contact us at sales@telescience.asia