security services news
Beijing – China on Monday defended its right to investigate actions threatening national security but declined to comment on a report that authorities killed or jailed up to 20 CIA sources. The New York Times reported on Sunday that Beijing had systematically dismantled CIA spying operations in China beginning in late 2010, in one of the worst US intelligence breaches in decades. At least a dozen Central Intelligence Agency sources were killed between late 2010 and the end of 2012, including one who was shot in front of colleagues in a clear warning to anyone else who might be spying, the Times reported, citing 10 current and former US officials.
In all, 18 to 20 CIA sources in China were either killed or imprisoned, according to two former senior American officials quoted.
The paper called it a grave setback to a network that, up to then, had been working at its highest level for years.
“As for as the situation mentioned in the New York Times report, I’m not aware of that but I can tell you that Chinese security authorities are following their legal mandate to carry out investigations about organisations, personnel and actions that harm Chinese national security and interests,” foreign ministry spokesperson Hua Chunying told a regular news briefing.
“For these normal discharges of official duties by Chinese security organisations we have no comment on that,” she said. The Global Times, a state-run newspaper, said the authenticity of the Times report “remains unknown”. But it added, “if this article is telling the truth, we would like to applaud China’s anti-espionage activities”.
“Not only was the CIA’s spy network dismantled, but Washington had no idea what happened and which part of the spy network had gone wrong. It can be taken as a sweeping victory,” the nationalist daily said.
By securing data files with a ‘need-to-know’ decryption key, researchers at Singapore’s Agency for Science, Technology and Research (A*STAR) have developed a way to control access to cloud-hosted data in real time, adding an extra layer of security for data sharing via the Internet. Cloud-based file storage has rapidly become one of the most popular uses of the Internet, allowing files to be safely saved in a virtual drive that is often replicated on numerous servers around the world. Cloud storage theoretically provides near-seamless backup and data redundancy, preventing data loss and also enabling files to be shared among users almost anywhere. However, proper treatment of sensitive or confidential information stored on the cloud cannot be taken for granted: the security of the cloud environment is not immune to hacker attacks or misuse by a cloud provider.
“Cloud storage services make data storage and sharing more efficient and cost-effective, but their use requires trust in the cloud’s security,” explains Jianying Zhou from the A*STAR Institute for Infocomm Research. “We wanted to find a way to ease the security concerns by creating a system that does not require the data owner to trust the cloud service or assume perfect protection against hacking.”
The scheme Zhou and his team developed allows access to an individual file hosted on a cloud service to be issued or revoked in real time, and eliminates the possibility that files can be taken offline and accessed without authorization. Zhou explains the process. “The file owner, Alice, generates the proxy keys, which define who can decrypt the file, for example Bob, and gives them to the cloud server. When Bob wants to access the encrypted file in the cloud, the cloud server needs to first decrypt the file for Bob using the proxy key as well as the cloud server’s private key. This results in an intermediate decryption that the cloud server passes to Bob. He then uses his private key to decrypt the file to get the plaintext file. If Alice wants to revoke Bob’s access, she simply informs the cloud server to remove his proxy key.”
The scheme allows the data owner to retain control over file access while making use of all the other benefits of cloud hosting. Importantly, it is applicable at the per-file and per-user level, and has ‘lightweight’ user decryption, meaning that files can be opened quickly even on mobile devices such as smart phones.
“Our technology could be used to provide scalable and fine-grained access control to various bodies of data collected by different organizations and shared via the cloud, with applications in areas such as healthcare, finance and data-centric cloud applications,” says Zhou.
- ^ servers (phys.org)
- ^ cloud service (phys.org)
- ^ real time (phys.org)
- ^ User-controlled system makes it possible to instantly revoke access to files hosted on internet cloud servers (phys.org)
- ^ Agency for Science, Technology and Research (A*STAR), Singapore (phys.org)
Customers include Levi Strauss & Company, cyber risk and consulting company Edgile, video firm Ooyala, and software providers Nomis Solutions and Pragmatyxs.
The announcement comes at a time when breaches like last week s WannaCry ransomware attack are increasing demand for security services. It also positions Oracle as a player in the core security vendor market, said Andy Smith, senior director of product development for Oracle s security portfolio.
Oracle has been in the security space for a long time, but in what I would call niche segments of the space, Smith said. We re the 800-pound gorilla in the identity management space. We re also clearly the leader in the database security space. But we really haven t had a basket of security services you would sell to the chief security officer. Oracle s in this space now. This is new for us. Oracle cloud security services the company calls the portfolio its Security Operations Center (SOC) combines four products: Cloud Access Security Broker (CASB) Service, Identity Cloud Service, Configuration and Compliance Cloud Service, and Security and Monitoring Analytics Cloud Service. The first two are generally available, and the second two are both currently being evaluated by select customers. Oracle says the four cloud services provide an integrated approach to security monitoring, threat detection, analytics, and remediation. The portfolio is built on Oracle s public cloud platform. It also works across other public, private, and hybrid clouds, as well as on-site data centers.
The strong adoption Oracle is experiencing with their Security Operations Center (SOC) services portfolio makes perfect sense, said ESG analyst Doug Cahill in an email. Organizations look to such services to close the cybersecurity skill services gap via services and also require a reference architecture to unify disparate security controls. SOCs which employ a security operations and analytics platform architecture such as Oracle s realize both greater threat detection efficacy and operational efficiency.
IDC analyst Robert Westervelt said the new SOC services look to be a good move for Oracle. He said enterprise clients are looking for security products with these components for a variety of reasons. Monitoring user access, extending data governance policies to data located in Software-as-a-service (SaaS) environments, and automating hybrid IT environments top the list.
Oracle has always had a strong identity management offering, and the latest offering appears to be pushing it into adjacent security areas, which is a good move and should appeal to the existing customer base, Westervelt said in an email.
This is a push that appears to strike at CA, which has been investing in building out its strong SaaS identity and secure cloud offerings, he added. Oracle is also striking at a time when RSA which acquired Aveksa for SaaS identity a while back, is now under the Dell umbrella, and a lot of attention is on how Dell manages the acquisition of all of the RSA security product offerings and services. Many customers are dealing with cloud adoption and data flowing in SaaS repositories with investments in security products that may not be easily extended to support policy enforcement and visibility into these distributed environments. But, Westervelt warned, Oracle is entering a crowded environment.
Enterprise IT security buyers have a variety of options to evaluate, and they are going to want to identify products that can integrate seamlessly with the existing security investments they have already made, he said. They are also looking to technology providers like Oracle that have a strong technology partner ecosystem an especially important area to buyers as they move more parts of their IT architecture to the cloud.
SOC Security Framework
Oracle calls its cloud security portfolio the world s first identity SOC security framework.
What makes us different is that we re bringing each of these solutions together into a holistic, integrated portfolio, with all of these pieces working together, under the concept of an identity Security Operations Center, Smith said. Customers can purchase each of the four services separately. They also work with competitors security software.
We re not saying, hey, you have to buy all four of these at once. Our identity cloud service will work with Splunk. Our CASB will work with Okta. Each is designed to work with each of the other competitors in the space and compete individually. Oracle decided to integrate and offer these cloud security services because it saw the market shifting toward hybrid cloud environments. It also comes at a time when Oracle is aggressively buying up cloud-service startups and beefing up its cloud offerings.
All of our customers are making this shift from purely on-premises to SaaS, IaaS, basically shifting to the cloud, which is causing disruption in the security community, Smith said. At the same time, Oracle s focusing on our own cloud strategy and our own public cloud we need many of these same security tools for our own cloud and our own customers.
The security services use machine learning to provide an identity-centric, context aware intelligence service that can be used across industries including manufacturing, banking and finance, utilities, technology, retail, government, and healthcare.
Context-aware detection is important because it helps reduce false positives and more rapidly identify abnormal activity. Also, you can create policies around this, Smith said. I might allow access normally from this device and if they are in this location, but if they are in a unique location or coming from a mobile I might restrict access. The context around it really helps.