Red Cross blog: The Journey From Intern to Board Member:

Every Red Cross volunteer has a unique background and reason for volunteering. Recent University of Missouri graduate CJ Nesser is no exception and is proof of the younger generation’s desire to take on heavy levels of responsibility and make a difference in the world around them. This is his story about his volunteer efforts, an impressive young man indeed!

 

CSOonline: How to pick the best endpoint detection and response solution

Endpoint detection and response (EDR) security software has grown in popularity and effectiveness as it allows security teams to quickly detect and respond to a variety of threats. EDR software offers visibility into endpoint activity in real time, continuously detecting and responding to attacker activity on endpoint devices including mobile phones, workstations, laptops, and servers.

In this buyer’s guide for CSOonline, I explain some of the benefits, trends, and questions to ask before evaluating any products. I also briefly touch upon six of the more popular tools. One of them, Palo Alto Networks’ Cortex XDR, has a dashboard that looks like the below screencap.

 

CSOonline: Top 5 security mistakes software developers make

Creating and enforcing the best security practices for application development teams isn’t easy. Software developers don’t necessarily write their code with these in mind, and as the appdev landscape becomes more complex, securing apps becomes more of a challenge to handle cloud computing, containers, and API connections. It is a big problem: Security flaws were found in 80% of the applications scanned by Veracode in a recent analysis.

As attacks continue to plague cybersecurity leaders, I compiled a list of five common mistakes by software developers and how they can be prevented for a piece for CSOonline.

CSOonline: Top IDS/IPS tools

An intrusion detection or prevention system can mean the difference between a safe network and a nasty breach. We’ve rounded up some of the best and most popular IDS/IPS products on the market.

Detecting and preventing network intrusions used to be the bread and butter of IT security. But over the past few years, analysts and defenders have seen a slow but steady transition from these products. They have become a component of a broader spectrum of network defensive tools, such as security information and event management (SIEM) systems, security orchestration and response (SOAR) and endpoint and network management and detection systems.

For CSO, I examined the top six commercial tools and four open source ones, explain the different approaches and form factors used, and compare how intrusion prevention fits into the overall security marketplace.

CSOonline: AI-SPM buyer’s guide

Widespread adoption of generative AI across businesses has increased the need for contingencies, including AI security software. It is a tall order because AI’s reach into an organization’s infrastructure and data is enormous, meaning that there is a broad spectrum of protective measures required. This is one of the reasons why attackers are drawn to AI abuses.

I examined nine vendors’ tools that handle AI security posture management (AI-SPM). This is an emerging field and unfortunately that means most products are nowhere near as comprehensive or as integrated as they could be. You can read my buyer’s guide in CSOonline here. For your reference, here are a collection of AI SPM screenshots

Red Cross: Air Force Veteran Works with SAF to Help Service Members

When a veteran retires, most don’t think of setting up their homes on a military base, but that is what Jill Eaves and her family did at Missouri’s Fort Leonard Wood. The Army post is home to the Sixth Infantry Division and one of four major training centers. For the past 80 years has seen hundreds of thousands of members of all four branches of the armed forces train for active and reserve duty, including specialized engineering training. Eaves and her husband of 10 years both served in the Air Force, and when the time came for retirement, they decided to move back on a military installation. After all, with more than 63,000 acres, there is plenty of room. “It is a great place to raise my two children, too,” she said.

Here she is fixing a helicoper while deployed in California. You can read my profile of her for the Red Cross here.

CSOonline: Port shadowing is yet another VPN weakness ripe for exploit

A new flaw in virtual private networks (VPNs) was reported last week at a security conference. The flaw, discovered by a collection of academic and industry researchers, has to do with a vulnerability in how VPN servers assign TCP/IP communication ports and use this to attack their connection tracking feature. This flaw, called port shadowing, is yet another weakness in VPNs that corporate security managers have to worry about. As you can see from the chart below, it goes to the way modern VPNs are designed and depends on Network Address Translation (NAT) and how the VPN software consumes NAT resources to initiate connection requests, allocates IP addresses, and sets up network routes.

I write about this issue for CSO here.

CSOonline: CISOs must move quickly to resolve Kaspersky software ban

The US government enacted new restrictions on Kaspersky’s customersindicting 12 of its executives and prohibiting further sales of its software and services in June. The regulations augment existing bans from using its software by US federal agencies that began several years ago and have spread to similar bans by federal agencies in places such as Lithuania and the Netherlands.

The action coordinated efforts by both the Commerce and Treasury departments, based on national security risks about any potential cooperation with Russian intelligence agents.

You can read my analysis for CSO here and what IT managers need to do if they are still using their software tools. 

CSOonline: What prevents SMBs from adopting SSO

A new report by the Cybersecurity and Infrastructure Security Agency (CISA) is the latest research to point out the “Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses” – which is the report’s title. While the listed reasons aren’t new or even unexpected, it is a good summary of the steep climb that many SMBs have in implementing SSO. CISA convened a series of focus groups of various stakeholders, including the SSO vendors and their SMB customers and channel providers, along with network auditors.

CISA’s report cites several reasons why SSO hasn’t been deployed by smaller organizations, including greater administrative implementation burdens, lack of technical know-how within SMB IT departments, and incomplete support documentation. You can read my analysis about the report in CSOonline here.

CSOonline: Pegasus can target government and military officials

The controversial spyware Pegasus and its operator, the Israeli NSO Group, is once again in the news. Last week, in documents filed in a judgment between NSO and WhatsApp, they admitted that any of their clients can target anyone with their spyware, including government or military officials because their jobs are inherently legitimate intelligence targets. The lawsuit began in October 2019.

NSO has in the past been very circumspect about who is infected with their spyware, which uses so-called “zero-click” methods meaning that a potential target doesn’t have to click on anything to activate the software. It can access call and message logs, remotely enable the camera and microphone and track the phone’s location, all without any notification to the phone’s owner.

I place the context of the suit in the checkered past of NSO and Pegasus in my latest piece for CSOonline.