News by Professionals 4 Professionals

usa

CSC Closes the Gap Between Security and IT Operations with …

TYSONS, Va.–(BUSINESS WIRE)–

CSC[1] (CSC[2]), a global leader in next-generation IT services and solutions, today announced an offering that integrates its security operations, threat intelligence, incident and vulnerability services with ServiceNow Security Operations on a single platform.

CSC s Integrated Security Operations (ISecOps[3]) offering helps clients deliver efficient security incident management, streamline remediation and clearly visualize their security state by extending the cloud-based IT service management capabilities of ServiceNow to security teams. The ISecOps platform combines CSC s cybersecurity operational processes, specialized consulting and advanced workflows with ServiceNow to automate manual processes and prioritize threats, incidents and vulnerabilities based on their potential business impact.

Incorporating ServiceNow Security Operations will bring enhanced integration, orchestration and automation to CSC s Managed Security Services platform, said Christina Richmond[4], IDC, program director, Worldwide Security Services. This offering will create smoother coordination between a company s SOC analysts, threat research teams and incident responders, and may shorten time to detection helping to break the kill chain earlier.

This offering will also help the managed security service provider (MSSP) to collect and correlate more forms of data and to identify threat patterns more rapidly. In today s complex environment, it is critical to provide the level-one triage team both at the client and within the service provider a playbook of step-by-step activities to guide them in combatting each event and incident in order to thwart a costly breach. Automation and orchestration is a key element in today s more mature MSSP, which, according to IDC s evaluation, CSC certainly is.

In the battle for cyber security, companies have a new weapon — a structured response engine, said Sean Convery, general manager of Security, ServiceNow. By replacing the manual work patterns of the past with intelligent workflows of the future, CSC and ServiceNow are helping customers resolve threats based on the impact they pose to the organization.

IDC believes the security as-a-service (SaaS) model is going to be an increasingly critical option for enterprises to source their security needs, according to the IDC MarketScape: Asia/Pacific Managed Security Services 2016 Vendor Assessment[5]. The report named CSC as a MSS leader for the second time.

Cybersecurity challenges extend beyond the traditional techniques of protecting the perimeter, patching end-points and monitoring for event based alerts across the enterprise, Dan Hushon[6], CTO, vice president & general manager, Cybersecurity, CSC. Today s information security programs must evolve to become integrated across the IT landscape, intelligence-driven by analytics, context aware and automated.

CSC s internal IT department is driven by the same security challenges and threat landscape as its clients. ISecOps enables CSC s incident response team to create visualizations of incident data, indicators of compromise and threat intelligence to better detect security breaches and manage incidents and vulnerabilities.

Clients in a wide range of sectors from financial services to insurance, healthcare and manufacturing can benefit from closing the remediation gap between security and IT operations in resolving critical threats with ISecOps:

  • Reduce risk exposure, increase efficiency and enhance visibility;
  • Identify risks faster and accelerate incident management;
  • Streamline security and IT processes and improve collaboration cross the enterprise;
  • View security posture with an integrated dashboard; and
  • Leverage CSC Security Operations with global 24×7 support.

By combining CSC s Managed Security Services[7] and Fruition Partners[8] ServiceNow implementation expertise and ServiceNow technology, CSC is uniquely positioned to provide clients with a complete security operations portfolio addressing their consulting, integration and managed services needs delivered through ISecOps.

CSC will showcase ISecOps at the 2017 HIMSS Annual Conference & Exhibition in Booth 2773.

IDC MarketScape: Asia/Pacific Managed Security Services 2016 Vendor Assessment (doc# AP40939616, October 2016).

About CSC

CSC (CSC[9]) leads clients on their digital transformation journeys. The company provides innovative next-generation technology services and solutions that leverage deep industry expertise, global scale, technology independence and an extensive partner community. CSC serves leading commercial and international public sector organizations throughout the world. CSC is a Fortune 500 company and ranked among the best corporate citizens. For more information, visit the company s website[10] to learn more about how Integrated Digital Service Management (IDSM[11]) and the modern agile hybrid cloud platform[12] empowers IT departments in today s digital enterprise.

View source version on businesswire.com: http://www.businesswire.com/news/home/20170221005600/en/[13]

References

  1. ^ CSC (cts.businesswire.com)
  2. ^ CSC (finance.yahoo.com)
  3. ^ ISecOps (cts.businesswire.com)
  4. ^ Richmond (cts.businesswire.com)
  5. ^ Asia/Pacific Managed Security Services 2016 Vendor Assessment (cts.businesswire.com)
  6. ^ Hushon (cts.businesswire.com)
  7. ^ Managed Security Services (cts.businesswire.com)
  8. ^ Fruition Partners (cts.businesswire.com)
  9. ^ CSC (finance.yahoo.com)
  10. ^ website (cts.businesswire.com)
  11. ^ (IDSM (cts.businesswire.com)
  12. ^ modern agile hybrid cloud platform (cts.businesswire.com)
  13. ^ http://www.businesswire.com/news/home/20170221005600/en/ (www.businesswire.com)

Spooked by spike in cyber extortion, businesses stockpile bitcoin for …

SAN FRANCISCO U.S. corporations that have long resisted bending to the demands of computer hackers who take their networks hostage are increasingly stockpiling bitcoin, the digital currency, so that they can quickly meet ransom demands rather than lose valuable corporate data. The companies are responding to cybersecurity experts who recently have changed their advice on how to deal with the growing problem of extortionists taking control of the computers.

It s a moral dilemma. If you pay, you are helping the bad guys, said Paula Long, chief executive of DataGravity, a Nashua, New Hampshire, company that helps clients secure corporate data. But, she added, You can t go to the moral high ground and put your company at risk.

A lot of companies are doing that as part of their incident response planning, said Chris Pogue, chief information security officer at Nuix, a company that provides information management technologies. They are setting up bitcoin wallets. Pogue said he believed thousands of U.S. companies had prepared strategies for dealing with hacker extortion demands, and numerous law firms have stepped in to facilitate negotiations with hackers, many of whom operate from the other side of the globe.

Symantec, a Mountain View, California, company that makes security and storage software, estimates that ransom demands to companies average between $10,000 and $75,000 for hackers to provide keys to decrypt frozen networks. Individuals whose computers get hit pay as little as $100 to $300 to unlock their encrypted files.

If you re hit by ransomware today, you have only two options: You either pay the criminals or you lose your data, said Raj Samani, chief technical officer at Intel Security.

We underestimated the scale of the issue. Hackers often send out email with tainted hyperlinks to broad targets, say, an entire company. All it takes is one computer user in a company to click on the infected link to allow hackers to get a foothold in the broader network, leading to hostile encryption.

At least one employee will click on anything, said Robert Gibbons, chief technology officer at Datto, a Connecticut company that offers digital disaster recovery services. Law enforcement counsels U.S. businesses not to succumb to ransom demands, urging them to keep backup copies of their data in case of hostile encryption.

The official FBI policy is that you shouldn t pay the ransom, said Leo Taddeo, chief security officer for Cryptzone, a Waltham, Mass., company that provides network security. Until 2015, Taddeo ran the cyber division of the FBI s New York City office.

But practical considerations increasingly are dictating a different approach. It s an option to pay the ransom to get back up and running. Sometimes it s the only option, Taddeo said.

But it has downsides, he added. Paying ransom just invites the next attack. Moreover, 1 in 4 companies that pay ransoms never get their files restored, Gibbons said. The idea of rewarding extortionists with payment makes some technologists see red.

That makes me super mad, said Lior Div, chief executive of Cybereason, a Boston-area cybersecurity company. There are things that are unacceptable, and we need to fight them.

Div and his company have done something about the extortion epidemic. They built a product called RansomFree that claims to detect 99 percent of all ransomware strains. So far, the free software has been downloaded 125,000 times, the company says. As extortionists get more sophisticated, researchers say, they are modifying their malicious code, their infection strategies and the way they collect payments.

Once they weasel their way into your network, they now take a look around.

They ll actually explore your system to see how much money they can squeeze from you, said Andrei Barysevich, director of advanced collection at Recorded Future. And they won t offer any sympathy, no matter how valuable the encrypted data, even if lives are at stake, say, in a health care network. They may even say they are doing nothing evil.

They actually think they are on the moral high ground. They think the companies should have paid more for security, said Barysevich, who spoke at a presentation this week at the annual RSA cybersecurity conference in San Francisco, which bills itself as the world s leading gathering of cybersecurity specialists. One of the reasons midsize and large companies are storing bitcoin for emergency use is that extortionists, once they succeed at penetrating a system, commonly give a deadline for payment before destroying data. But victims can t rush out and buy bitcoin in a day or two.

It takes at times a week for (brokers) to process you, Barysevich said.

Setting up the wallet ahead of time, Pogue said, allows businesses an option that is quick, although perhaps repugnant.

If they need to go to it, they are not spinning their wheels standing up a bitcoin wallet, Pogue said.

Previous Page|1|2|Next Page|Spooked By Spike In Cyber Extortion, Businesses Stockpile Bitcoin For ... Comments[1]

References

  1. ^ Next Page (www.saukvalley.com)

Fearful of extortion, businesses are stockpiling bitcoins

SAN FRANCISCO U.S. corporations that have long resisted bending to the demands of computer hackers who take their networks hostage are increasingly stockpiling bitcoin, the digital currency, so that they can quickly meet ransom demands rather than lose valuable corporate data.The companies are responding to cybersecurity experts who recently have changed their advice on how to deal with the growing problem of extortionists taking control of the computers. It s a moral dilemma. If you pay, you are helping the bad guys, said Paula Long, chief executive of DataGravity, a Nashua, New Hampshire, company that helps clients secure corporate data. But, she added, You can t go to the moral high ground and put your company at risk. A lot of companies are doing that as part of their incident response planning, said Chris Pogue, chief information security officer at Nuix, a company that provides information management technologies. They are setting up bitcoin wallets. Pogue said he believed thousands of U.S. companies had prepared strategies for dealing with hacker extortion demands, and numerous law firms have stepped in to facilitate negotiations with hackers, many of whom operate from the other side of the globe.Symantec, a Mountain View, California, company that makes security and storage software, estimates that ransom demands to companies average between $10,000 and $75,000 for hackers to provide keys to decrypt frozen networks. Individuals whose computers get hit pay as little as $100 to $300 to unlock their encrypted files.Companies that analyze cyber threats say the use of ransomware has exploded, and payments have soared. Recorded Future, a Somerville, Massachusetts, threat intelligence firm, says ransom payments skyrocketed 4,000 percent last year, reaching $1 billion. Another firm, Kaspersky Lab, estimates that a new business is attacked with ransomware every 40 seconds. If you re hit by ransomware today, you have only two options: You either pay the criminals or you lose your data, said Raj Samani, chief technical officer at Intel Security for Europe, the Middle East and Africa. We underestimated the scale of the issue. Hackers often send out email with tainted hyperlinks to broad targets, say, an entire company. All it takes is one computer user in a company to click on the infected link to allow hackers to get a foothold in the broader network, leading to hostile encryption. At least one employee will click on anything, said Robert Gibbons, chief technology officer at Datto, a Connecticut company that offers digital disaster recovery services.Law enforcement counsels U.S. businesses not to succumb to ransom demands, urging them to keep backup copies of their data in case of hostile encryption. The official FBI policy is that you shouldn t pay the ransom, said Leo Taddeo, chief security officer for Cryptzone, a Waltham, Massachusetts, company that provides network security. Until 2015, Taddeo ran the cyber division of the FBI s New York City office.But practical considerations increasingly are dictating a different approach. It s an option to pay the ransom to get back up and running. Sometimes it s the only option, Taddeo said. But it has downsides, he added. Paying ransom just invites the next attack. Moreover, 1 in 4 companies that pay ransoms never get their files restored, Gibbons said.The idea of rewarding extortionists with payment makes some technologists see red. That makes me super mad, said Lior Div, chief executive of Cybereason, a Boston-area cybersecurity company. There are things that are unacceptable, and we need to fight them. Div and his company have done something about the extortion epidemic. They built a product called RansomFree that claims to detect 99 percent of all ransomware strains.So far, the free software has been downloaded 125,000 times, the company says.As extortionists get more sophisticated, researchers say, they are modifying their malicious code, their infection strategies and the way they collect payments.Once they weasel their way into your network, they now take a look around. They ll actually explore your system to see how much money they can squeeze from you, said Andrei Barysevich, director of advanced collection at Recorded Future.And they won t offer any sympathy, no matter how valuable the encrypted data, even if lives are at stake, say, in a health care network. They may even say they are doing nothing evil. They actually think they are on the moral high ground. They think the companies should have paid more for security, said Barysevich, who spoke at a presentation last week at the annual RSA cybersecurity conference in San Francisco, which bills itself as the world s leading gathering of cybersecurity specialists.One of the reasons midsize and large companies are storing bitcoin for emergency use is that extortionists, once they succeed at penetrating a system, commonly give a deadline for payment before destroying data. But victims can t rush out and buy bitcoin in a day or two. It takes at times a week for (brokers) to process you, Barysevich said.Setting up the wallet ahead of time, Pogue said, allows businesses an option that is quick, although perhaps repugnant. If they need to go to it, they are not spinning their wheels standing up a bitcoin wallet, Pogue said.